1. Introduction
In accordance with European Regulation no. 679/2016 (hereinafter "GDPR"), this Privacy Policy explains how TMB S.r.l. collects, uses, transfers and protects personal information
transmitted by its business partners, customers or potential customers and, finally, by users of the services offered also through its web pages.
Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘Data subject') in particular by reference to an identifier
such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social
identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection,
recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,
alignment or combination, restriction, erasure or destruction.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing
of personal data.
2. Who is the controller for the processing of the data collected pursuant to this policy?
The controller of the personal data collected is TMB S.r.l., VAT no./Fiscal Code IT10580510153, with registered office in Via Cà Nova Zampieri 5, San Giovanni Lupatoto -
37057 (Verona - Italy), email/PEC: tmbsrl@postecert.it (hereinafter "TMB" or "Controller").
3. What types of data does TMB process?
- Data of customers, prospective customers and suppliers, including their consultants and other representatives, provided voluntarily.
Any contact with TMB, including through the services provided on its web pages, or the optional, express and spontaneous sending of electronic or traditional mail messages
to TMB addresses, or at the conclusion of contractual relations, involves the subsequent acquisition of personal data sent, for the sole purpose of performing the requested
service or to respond to requests or stipulate and manage the contractual relationship. TMB collects and processes the following personal data: IP addresses, email addresses,
telephone numbers, place of residence, date of birth, tax/ VAT code, names, qualifications, duties, bank details, as well as other personal data included in the relevant service
and/or communication forms.
- Browsing data.
The computer systems and programmes used for the operation of TMB websites collect some personal data whose transmission is implicit in the use of Internet communication
protocols (e.g., IP addresses or domain names of the computers used by users who connect to the website, information on visits, browser software and other parameters relating
to the user's operating system and computer environment). These data are used for the sole purpose of obtaining statistical information not associated with any user
identification data on the use of the website and to check its correct functioning; they are, therefore, deleted immediately after processing.
- Cookies
Cookies are small text files that are installed by a website on a user's browser and that record certain information relating to the user's browsing activity. For information
regarding the use of cookies through this website please read the cookie policy.
4. For what purposes are personal data collected by TMB processed?
Personal data will be processed for the purposes indicated below:
- administrative and accounting purposes related to the obligations imposed by the applicable laws or regulations and by provisions issued by the responsible
authorities/surveillance and control bodies;
- purposes closely related and/or necessary to the fulfilment of its contractual obligations and the exercise of its contractual rights, including after-sales activities;
- purposes related to registration on the website to use the services offered by TMB, including the possibility of making an online purchase;
- purposes related to the execution of any other request received by TMB;
- with prior consent, for purposes of information and promotion of the activity carried out by TMB and/or the marketed products. TMB may send communications for the above purposes
either by traditional means (e.g., paper mail, telephone calls by an operator) or by automated means of communication such as e-mail (e.g., newsletters) and SMS. Limited
to the e-mail details provided as part of the purchase of a product or service offered and sold by TMB, the latter may use for the sending of information and promotional
communications (including the newsletter) of similar products or services without the need for the express and prior consent of the Data Subject and on condition that the Data
Subject does not exercise the right of opposition (so-called soft spamming);
- subject to prior consent, for the purpose of processing preferences by collecting the type and frequency of purchases for sending information and/or advertising material of
specific interest to the Data Subject by email and improving the commercial proposals sent by TMB (so-called profiling).
5. What is the legal basis for the processing of the personal data collected? Can I withdraw my consent?
Legal basis for data processing under the GDPR.
The legal basis for the processing of personal data for the above purposes is as follows:
- for the purposes of point 4, letter (a), compliance with a legal obligation;
- for the purposes set out in point 4, letter (b), the fulfilment of TMB's contractual obligations;
- for the purposes referred to in point 4, letter (c), the provision of the requested service;
- for the purposes set out in point 4, letter (d), a feedback to any other request received by TMB;
- for the purposes of point 4, letters (e) and (f), the user's consent.
Withdrawal of consent
For the purposes of point 4, letters (e) and (f), the Data Subject may withdraw his/her consent at any time by writing to tmbsrl@postecert.it.
The right of the Data Subject to object to the processing of his/her personal data for marketing purposes by automated means of contact (e-mail, SMS) also extends to traditional
ones (post).
Limited to the sending of the newsletter, the Data Subject may also object to data processing concerning him or her through the appropriate link at the bottom of any e-mail with
promotional content sent by TMB which allows automatic unsubscription from the newsletter.
Withdrawal of consent by the Data Subject shall not in any way affect TMB's right to process the user's data if such processing is necessary in order to comply with TMB's contractual
obligations and/or to the extent that TMB is required to process the data subject's personal data in order to comply with a legal obligation or to defend its rights in a dispute
with the data subject, to prevent fraud or abuse.
6. How are personal data collected by TMB processed? With whom could TMB share such data?
Processing modalities
The processing of personal data mainly takes place with the help of electronic or automated instruments, according to methods and means suitable to ensure the security and
confidentiality of the data, in accordance with the provisions of legislation on the protection of personal data. In particular, TMB uses technical, IT, organisational, logistical
and procedural security measures in order to guarantee the minimum level of data protection required by law, allowing access only to those appointed.
Scope of data dissemination
The personal data of Data Subjects may be communicated to the following entities:
- TMB employees and/or collaborators, for the performance of administration, accounting, after-sales, IT and logistic support activities
- entities carrying out customer assistance activities and providing centralised services also for the benefit of TMB, including marketing services, as well as after-sales
services;
- companies or consultants responsible for the installation, maintenance and management of TMB hardware and software (including the TMB web pages);
- external companies or consultants providing banking, financial, insurance, legal, personnel recruitment and selection services;
- company of the group controlled by Comac S.p.A. to which TMB belongs;
- supervisory and control authorities and bodies and, in general, public or private persons acting as public officials or persons in charge of a public service;
- parties that perform activities involving the filing of documentation and data entry.
With reference to personal data communicated to them, the parties that belong to the above-mentioned categories can operate, depending on the case, as processors or persons in charge
of processing, or as separate data controllers.
Personal data shall not be in any way disseminated or communicated to other external entities, except where disclosure is required by law or necessary.
7. For how long will personal data collected by TMB be kept?
Personal data shall be kept for the time necessary from an operational and/or legal point of view as follows:
- for the purposes referred to in point 4, letters (a), (b) and (c) and (d) above for a period not exceeding ten (10) years, without prejudice to any specific legal obligations
regarding the keeping of accounting records and, in any case, according to statutory limitation periods;
- for the purposes referred to in point 4, letter (e) above, until consent has been withdrawn;
- for the purposes referred to in point 4, letter (f) above, for a maximum period of 12 months.
In any case, TMB may keep the personal data collected for a period of time longer than that indicated above in the event of potential or real legal disputes or to prevent fraud or
abuse.
In any case, at the end of the period for which the personal data are stored, the data shall be deleted or aggregated or anonymised.
8. Will personal data collected by TMB be transferred abroad?
It may be that TMB shares personal data collected with selected entities who may process such data in countries both within and outside the EU/EEA. In the case of transfers to
countries where the laws do not offer the same level of data protection as the GDPR, TMB shall use various legal mechanisms, including standard EU contractual clauses, to ensure
that the rights and protections granted by TMB travel together with the transferred data.
Further information regarding the international transfer of data may be sent to the contacts available at the end of this policy.
9. What are the rights of the Data Subject?
This section lists the rights of the Data Subject that can be exercised at any time by writing to tmbsrl@postecert.it.
The Data Subject shall have the right to:
- obtain from TMB confirmation as to whether or not your personal data are being processed and, if so, access to the information referred to in article 15 of the GDPR;
- obtain the rectification of personal data concerning you, or, taking into account the purposes of processing, the integration of incomplete personal data;
- obtain the erasure of your personal data if one of the reasons referred to in Article 17 of the GDPR applies;
- obtain the limitation of the processing of your personal data in cases provided for by the applicable law;
- object to the processing of their personal data for reasons connected with your particular position;
- receive, in a structured, commonly-used and legible electronic format, any personal data relating to you, which they have provided, and transmit this data to another Data
Controller without impediment by the Data Controller, if technically possible, in the cases and within the limits referred to in article 20 of the GDPR.
Depending on the amount or complexity of the requested information, an appropriate fee may be charged.
The Data Subject shall also have the right to lodge a complaint with a supervisory authority (for Italy: the Personal Data Protection Supervisor), if he or she considers that the
processing of his or her personal data is carried out in violation of the GDPR.
In any case, the Data Subject is invited to contact TMB, which undertakes to process the matter with the utmost courtesy, seriousness and discretion.
10. Minors
Our products and services are primarily intended for an adult audience. TMB does not knowingly solicit or collect personal data from or about persons under the age of 16 without
the consent of a parent or guardian. Should TMB learns that personal data relating to children have been sent without the consent of a parent or guardian, TMB shall make every
reasonable effort to do so:
- delete such personal data from your files as soon as possible; and
- ensure that these personal data are not further used for any purpose and are not further disclosed to third parties.
11. Amendments and updates to this Policy
TMB reserves the right to modify, update and change this Privacy Policy, with any effect from its publication on this website.
12. Information
For any information regarding this Privacy Policy or our products, please contact tmbsrl@postecert.it.
Last updated on 25 May 2018