On the 25th of May 2018, the new General Data Protection Regulation (GDPR) took effect. Below explains what our policy covers as well as how we will or will not utilise your data.
Unless you are employed by us, the information we store and use is to enable ongoing business relations – to facilitate trading and general correspondence with businesses and their employees. Our information systems are backed up and store all information securely, with access to this information limited to Poddi Tartufi’s office staff.
All information related to corporate data must be managed through institutional channels ensuring company data protection and security, respect and professional confidentiality and information.
Poddi Tartufi is committed to protecting your personal information and respecting your privacy in everything we do. The information below states what data we may collect, how we use it and gives information about your rights and how you can get in touch with us.
Guidelines below cover how we handle your information when you contact us through our business operation teams or other core uses of your data that help us complete our business transactions.
Information We Collect
In order for us to process business transactions we collect customer and supplier registered company details which include name and contact details (such as email, physical address and telephone numbers, VAT number, banking details). In certain instances, we may also collect additional names and contact details dependent on customer or supplier services required (such as multiple delivery sites, for example).
Why We Collect Personal Information About You
Poddi Tartufi collects your personal data in order to provide you with the product or service you have purchased from us, or an enquiry you have made. We use the data you provide to fulfil your request, which may include contacting you and processing paperwork, but we do check for your permission on certain documents.
Where We Have Justifiable Reason (‘legitimate interests’)
We have justifiable reasons for processing your data, which is referred to as ‘legitimate interests’. Reasons for this include:
- To enhance or improve your experience with us.
- To put your information together with other customer’s data and external non-personal information so that we may better understand our market through analysis and segmentation to ensure that we keep offering competitive products and services.
- To allow our internal business processes to function – for example, transacting with our partners, carrying out audits, producing management information and dealing with complaints.
- To understand market research.
- To request feedback on our performance.
- To help prevent fraud and maintain security.
- To assist in training, quality assurance and compliance.
Where We Have To Do Something By Law (‘legal obligation’)
- To ensure your rights are met under the Italian Data Protection Authority (Garante per la protezione dei dati personali).
- To meet our obligations with law enforcement agencies, courts and other organisations.
- To comply with anti-money laundering regulations.
Where We Have Your Permission (‘consent’)
- To provide you with news, offers and deals – you can change your ‘consent’ at any time.
- To provide you with financial transaction documentation relevant to any and all business transactions (consent as per completed company credit application forms).
In Exceptional Circumstances (‘vital interests’)
- In exceptional circumstances, we may use your information in rare situations where vital interest of yourself or another person needs protecting.
Who Do We Share Your Information With?
We do not sell your information to anyone and only pass it to our trusted partners and service providers who work with us to run our business.
We may pass your information to:
- Service providers who work for us such as 3PL (third-party logistics).
- Insurance providers and intermediaries that are engaged to mitigate risks to our business.
- Regulatory bodies, courts and law enforcement agencies.
- Other third parties, based upon our legitimate interests as a business. Examples may include data centres that securely store your information, or banks that require relevant data in order to fulfil our obligations to you.
How Long Do We Keep Your Personal Information?
How long we keep your personal information depends on why we have it and what we are doing with it:
- We keep records of any dealings you have with us so that we can respond to any complaints or disputes that may arise.
- We keep your contact details in a secure file if we have frequent contact with you. These details are reviewed annually. If we learn that your details have changed or you have left your company, we will amend or delete the contact details as required.
- We will keep other personal information about you if it is necessary for us to do so to comply with the law.
- We keep records to ensure that our business is properly run in an efficient and compliant manner.
We securely erase your information once it is no longer needed.
Transferring Information Outside of The EEA
Your personal information may be processed outside of the European Economic Area (EEA) where privacy laws may not provide protection to the same level. Before any transfer takes place, we will take steps to ensure that your personal information will be adequately protected as required by the Italian Data Protection Authority and that safeguards such as standard contractual clauses are in place.
Your Rights & Choices
Right to Withdraw Consent – Where we use your information on this basis, you have the right to withdraw that consent.
Right to Access – You can request a copy of your personal information we hold about you and other data relating to how we use your information.
Right to Rectification – We always want to use the most up to date information about you. So please get in touch if you think we don’t have that.
Right to be Forgotten – In some circumstances, including where we are relying on your consent to use your data, you have the right to request us to delete your information.
Right to Portability – If we have collected your data because you have given us consent, or because we need it in order to provide you with a product or service (under a contract), you have the right to receive information you gave to us back in a ‘machine-readable’ format.
Right to Objection and Right to Restriction – If we are using your data for activities under the ‘legitimate interest’ justification and in other circumstances, then you have a right to request restriction of processing and also a right to object to that processing
Right to Make a Complaint – You have the right to lodge a complaint with the Information Commissioner’s Office if you think that our use of your information doesn’t meet the law. For more information, visit the Italian Data Protection Authority (Garante per la protezione dei dati personali) website.
Keeping Your Personal Information Secure
We have a legal obligation to notify any data breach to the Controller without undue delay. Therefore, Poddi Tartufi has implemented technology and security policies, rules and measures to protect the personal information we have under our control, both on and offline, from improper access, use, alteration, destruction and loss. These will help us to quickly identify and promptly report any data breach.
PODDI TARTURI SRL
Via dell’Impresa 30 – CAP 05100 – Terni (TR) – Italy
Telephone: (+39) 0744 812777