Information according to art. 13 of Regulation (EU) 2016/679

Dear Client/Supplier,
Regulation (EU) 2016/679 states that a data subject must be informed in advance regarding the use of his/her data and that personal data may only be processed after receiving the express consent of the party concerned except in those cases envisaged by law.

Data Controller

The Data Controller is

• Ecat s.r.l., Via Bologna, 5 - 12084 Mondovi' (CN), Tel. 0174/551428

Purposes of Processing

Personal data is processed during standard Ecat SRL activities in the following cases:

• During standard activities and the provision of services
• Fulfilling taxation, accounting or administrative obligations (including fulfilling legal obligations or those ensuing from a regulation, Community legislation or an order from an Authority e.g. on anti-money laundering)
• Customer management (customer administration, administration of contracts, orders, shipments and invoices, reliability and solvency checks)
• Supplier management (administration of suppliers, administration of contracts, orders, arrivals and invoices, selection based on company needs)
• Exercising Controller rights, e.g. the right to defend legal claims

• Commercial, marketing and communication purposes
• Market research, financial and statistical analyses,
• Sending advertising/information/promotional material,
• Surveying customer satisfaction regarding the quality of the services provided

• Legal and financial processing of employees

Recipients and categories of recipients to which personal data may be disclosed

Companies or external subjects performing activities closely linked and instrumental to the management of the business relationship such as:

• Banking companies
• Consultants and free-lance professionals, individual and associated or companies

Retention Period

Personal data shall be retained for a maximum period of 10 years and/or until the end of the contractual relationship.

Data Transfer

Personal data may be transferred outside the EU, possibly via inclusion in databases shared and managed by third parties, whether or not within the bounds of control of the Controller. The management of the database and the processing of said data are restricted to the purposes for which they were collected and occur in the utmost respect of the standards of confidentiality and security contained in the applicable laws on the protection of personal data. Whenever personal data is the object of an international transfer outside the EU, the Controller will take all the due contractual measures required to ensure proper protection of said personal data, in keeping with the contents herein Privacy Policy Statement, including among others the Standard Contractual Clauses approved by the European Commission.

Rights of the Data Subject

The data subject has the right to obtain confirmation from the Data Controller as to whether his/her personal data are being processed and in such cases is entitled to:

• gain access to his/her personal data, request the rectification or erasure of personal data or the restriction of processing of personal data concerning the data subject, or object to the processing;
• request the personal data concerning him/her in a structured, commonly used and machine-readable format and the right to transmit said data to another Controller (data portability);
• be informed of the existence of any automated decision-making process, including profiling;
• if expressed, revoke consent at any time without prejudicing the lawfulness of the processing based on the consent provided before revocation;
• lodge a complaint with the supervisory authority;

Nature of the personal data and consequences of non-notification

Without the processing and notification of personal nature compulsory for the described purposes, we cannot provide the person concerned with the services and/or products requested, in full or in part.