Customer Disclosure
This notice is given to customers, whether natural persons or natural persons operating in the name and on behalf of legal persons customers, of TUTTOVO SRL, pursuant to art. 13 GDPR 679/2016 – “Regulation
European on the protection of personal data’.
Identity of the Holder
The Data Controller of natural persons customers, or natural persons operating in the name and on behalf of legal persons customers, is FANTOLINO CLAUDIO MARIA di TUTTOVO SRL with headquarters at VIA STURA 24, 10098 – RIVOLI.
The DPO has not been designated.
Data source
The personal data processed are those provided by the interested party on the occasion of:
– visits to the offices;
– interactions through the website;
– requests for information, including via email;
– previous transactions;
– visit website;
Purpose of the treatment
Fiscal compliance, organizational management and bureaucratic compliance with required performance. Management of negotiations and pre-contractual relationships. Management of business activities that are the subject of business activity.
Finally, all personal data of the aforementioned interested parties will be entered into the Owner’s archives and used (given the General Provision of the Guarantor Official Journal, July 1, 2008, No. 188/C, wording 6, points a, b, and c) to send communications concerning products, services, news, and promotions.
Legal basis
The legal basis is established by the performance of a contract to which the person concerned is a party or the performance of pre-contractual measures taken at the request thereof. Some processing is carried out in the legitimate interest of the Data Controller (promotion of its commercial activities and pursuit of statutory purposes).
Data recipients
The personal data processed by the Data Controller will not be disseminated, i.e., will not be disclosed to unspecified parties, in any form, including making them available or simply for consultation. However, they may be communicated to employees of the Data Controller and to certain external parties who collaborate with them. They may also be communicated, to the extent strictly necessary, to parties who, for the purposes of fulfilling purchases or other requests or providing services related to the transaction or relationship, contractually agreed with the Data Controller, must supply goods and/or perform services. Finally, they may be disclosed to those authorized to access them pursuant to laws, regulations, and EU legislation. Specifically, based on their roles and work duties, some workers have been authorized to process personal data, within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
Data Transfer
The Data Controller does not transfer personal data to third countries or international organizations. However, it reserves the right to use cloud services; in this case, service providers will be selected from those who
provide adequate guarantees, as required by Article 46 of the GDPR 679/16.
Data Retention
The Data Controller retains and processes personal data for the time necessary to fulfill the indicated purposes. Subsequently, the personal data will be retained, and not further processed, for the period established by applicable
civil and regulatory provisions. Tax.
Rights of the Data Subject
With reference to Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 – Right to object to automated decision-making under GDPR 679/16, the data subject may exercise his or her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his or her request, the right he or she intends to exercise, and attaching a photocopy of an identity document certifying the legitimacy of the request.
Withdrawal of consent
With reference to Article 6 of GDPR 679/16, the data subject may withdraw any consent given at any time. However, the processing covered by this privacy policy is lawful and permissible, even in the absence of consent, as it is necessary for the performance of a contract to which the data subject is a party (the relationship) or to fulfill your requests.
Filing a Complaint
The data subject has the right to lodge a complaint with the supervisory authority of their country of residence.
Refusal to Provide Data
Customers who are natural persons may not refuse to provide the Data Controller with the personal data necessary to comply with the laws governing commercial transactions and taxation. Providing additional personal data may be necessary to improve the quality and efficiency of the transaction.
Information to those who submit the curriculum
This information is provided to those who, spontaneously or following a recruitment process, submit their CVs to TUTTOVO S.R.L. pursuant to Article 13 of GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller for the data of individual clients, or of individuals acting in the name and on behalf of legal entity clients, is FANTOLINO CLAUDIO MARIA of TUTTOVO S.R.L., with registered office at VIA STURA 24, 10098 RIVOLI.
A DPO has not been designated.
Data Source
The personal data processed are those provided during:
– submission of CVs;
– job interviews;
– direct contact during exhibitions, fairs, shows, etc.;
– referrals from third parties.
Purpose of Processing
The personal data of those who spontaneously, or following a recruitment process, submit their CVs are processed for the purposes of evaluation and selection, or to potentially propose other job offers that are consistent with the professional profile of the interested party.
Legal Basis for Processing
The legal basis is the response to a pre-contractual request from the interested party.
Data Recipients
The personal data processed by the Data Controller will not be disseminated, or disclosed to unspecified parties, in any form, including making them available or simply consulting them. However, they may be disclosed to the Data Controller’s employees and to certain external parties who collaborate with them. They may also be disclosed, to the extent strictly necessary, to parties who, for the purposes of issuing orders or requests for information and quotes, must supply goods and/or perform services. Finally, they may be disclosed to parties authorized to access them pursuant to laws, regulations, and EU legislation. Specifically, based on their roles and job duties, some workers have been authorized to process personal data, within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
Data Transfer
The Data Controller does not transfer personal data to third countries or international organizations. However, it reserves the right to use cloud services; in this case, service providers will be selected from those who
provide adequate guarantees, as required by Article 46 of GDPR 679/16.
Data Retention
The Data Controller retains and processes personal data for the time necessary to fulfill the purposes indicated. Specifically, all the data mentioned above will be retained for a period not exceeding thirty months from their receipt.
Rights of the Data Subject
With reference to Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 – Right to object to automated decision-making pursuant to GDPR 679/16, the data subject may exercise his or her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his or her request, the right he or she intends to exercise, and attaching a photocopy of an identity document certifying the legitimacy of the request.
Withdrawal of consent
With reference to Art. 6 of GDPR 679/16, the data subject may withdraw any consent given at any time. However, the processing covered by this privacy policy is lawful and permissible, even in the absence of consent, as it is aimed at carrying out pre-contractual measures (evaluating the application and selecting candidates) adopted at the implicit request of the data subject.
Lodging a Complaint
The data subject has the right to lodge a complaint with the supervisory authority of their country of residence.
Refusal to Provide Data
The data subject may refuse to provide the Data Controller with their personal data. Providing data is optional, but any refusal to provide it, in whole or in part, may make it impossible for us to evaluate and select the application.
Automated Decision-Making Processes
The Data Controller does not use automated decision-making processes to process the data of those who submit their CVs spontaneously, or as part of a recruitment process.
Policy for recipients of e-mail messages
The content of emails is confidential. Therefore, the information contained therein or in any attachments contained therein is intended solely for the recipients. Persons or entities other than the recipients, also pursuant to Article 616 of the Italian Criminal Code, are not authorized to read, copy, modify, or distribute the message to third parties. Anyone who receives a communication from us in error should not use it or disclose it to anyone, but should delete it from their inbox and notify the sender.
The authenticity of the sender and the content are not guaranteed, except for digitally signed documents. Furthermore, pursuant to Article 13 of GDPR 679/16, we inform you that our archives include email addresses of individuals, companies, and entities with whom we have previously communicated by email or other means, or who have voluntarily provided their email addresses during direct contact. We use these addresses in accordance with the wishes and availability of interested parties to receive email communications from our company. We also inform you that all email accounts in the domain “…..@TUTTOVO.COM – NATURAEPIACERE.IT- BIOGELATERIA.IT” are company email accounts and, as such, are used for work-related communications. Therefore, for operational reasons, any message, both incoming and outgoing, may be read by persons other than the sender and/or recipient. If you wish to have your email address removed from our archive, or to exercise the rights set forth in Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 – Right to object to automated decision-making pursuant to GDPR 679/16, you may write to the Data Controller, FANTOLINO CLAUDIO MARIA di TUTTOVO S.R.L. with headquarters in VIA STURA 24, 10098 – RIVOLI – Italy.
Suppliers Policy
This information is provided to natural persons acting in the name and on behalf of TUTTOVO S.R.L.’s suppliers pursuant to Article 13 of the GDPR 679/16 – “European General Data Protection Regulation.”
Identity of the Data Controller
The Data Controller of natural persons acting in the name and on behalf of suppliers is FANTOLINO CLAUDIO MARIA, owner of TUTTOVO S.R.L. – VIA STURA 24 – 10098 RIVOLI, Italy. FANTOLINO CLAUDIO MARIA is its legal representative pro tempore.
A DPO has not been designated.
Data Source
The personal data processed are those provided by the data subject during:
visits or telephone calls;
direct contact for participation in exhibitions, shows, etc.;
proposal of offers;
transmissions and transactions following the order;
visits to the website;
Purpose of Processing
The personal data of natural persons acting in the name and on behalf of suppliers are processed to:
send communications of various kinds and by various means (telephone, mobile phone, text message, email, fax, mail);
formulate requests or process requests received;
exchange information for the purpose of executing the contractual relationship, including pre- and post-contractual activities.
Legal Basis
The processing is necessary for the performance of a contract to which each supplier is a party or for the implementation of pre-contractual measures adopted at the supplier’s request.
Data Recipients
The personal data processed by the Data Controller will not be disseminated, or disclosed to unspecified parties, in any form, including making them available or simply consulting them. However, they may be disclosed to the Data Controller’s employees and to certain external parties who collaborate with them. They may also be disclosed, to the extent strictly necessary, to parties who, for the purposes of issuing our orders or requests for information and quotes, must supply goods and/or perform tasks or services on our behalf. Finally, they may be disclosed to parties authorized to access them pursuant to laws, regulations, and EU legislation.
In particular, based on their roles and work duties, some workers have been authorized to process personal data, within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
Data Transfer
The Data Controller does not transfer personal data to third countries or to international organizations.
However, it reserves the right to use cloud services; in this case, service providers will be selected from those providing adequate guarantees, as required by Article 46 of the GDPR 679/16.
Data Retention
The Data Controller retains and processes personal data for the time necessary to fulfill the indicated purposes. Subsequently, personal data will be retained, and not further processed, for the period established by applicable civil and tax provisions.
Rights of the Data Subject
With reference to Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 – Right to object to automated decision-making under GDPR 679/16, the data subject may exercise his or her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his or her request, the right he or she intends to exercise, and attaching a photocopy of an identity document certifying the legitimacy of the request.
Withdrawal of consent
With reference to Article 6 of GDPR 679/16, the data subject may withdraw any consent given at any time.
However, the processing covered by this policy is lawful and permissible, even without consent, as it is necessary for the performance of a contract to which the data subject is a party (the relationship for the supply of products and services).
Filing a complaint
The data subject has the right to lodge a complaint with the supervisory authority of the country of residence.
Refusal to provide data
The data subject may refuse to provide the Data Controller with his or her personal data.
Providing personal data is, however, necessary for the correct and efficient management of the contractual relationship. Therefore, any refusal to provide such data may compromise the contractual relationship in whole or in part.
Automated decision-making processes
The Data Controller does not carry out processing that consists of automated decision-making processes.
Visitor Policy
This information is provided to guests and, in general, to all persons temporarily present at the TUTTOVO S.R.L. offices, pursuant to Article 13 of GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller for any data processing is FANTOLINO CLAUDIO MARIA, with registered and administrative offices at VIA STURA 24, 10098 – RIVOLI. The Data Controller guarantees the security, confidentiality, and protection of the personal data in its possession, at any stage of the processing.
A Data Protection Officer (DPO) has not been designated.
Data Subjects
This information is provided to natural persons who visit the Data Controller’s offices for visits, deliveries, emergency interventions, and other occasional or previously agreed-upon events.
Data Source
The personal data processed is provided by data subjects during:
visits to the office,
interviews or work sessions at the office,
delivery or collection of goods, packages, and correspondence.
Purpose of Processing
The above personal data is processed for the following purposes:
access control at the office,
tracking attendance at the office,
identification of those present for the management of emergency situations.
Legal Basis for Processing
Guests’ personal data is lawfully processed, according to the purposes listed above, for the legitimate interest of the Data Controller.
Data Recipients
The personal data processed by the Data Controller is not disclosed, i.e., it is not disclosed to unspecified parties, in any form, including making it available or simply for consultation. However, it may be disclosed to the Data Controller’s employees, other internal collaborators, and consultants. Furthermore, they may be disclosed to persons authorized to access them pursuant to laws, regulations, and EU legislation and, to the extent strictly necessary, to persons who, for the same purposes listed above, must provide goods or services to the Data Controller, such as:
Public Security Authorities,
Healthcare personnel in the event of an accident.
Data Transfer
The Data Controller does not transfer personal data to third countries or international organizations. However, it reserves the right to use cloud services; in this case, service providers will be selected from among those providing adequate guarantees, as required by Article 46 of the GDPR 679/16.
Data Retention
The Data Controller retains and processes personal data for the time necessary to fulfill the indicated purposes. Subsequently, they will only be retained for the period established by applicable legislation.
Rights of the Data Subject
With reference to Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 – Right to object to automated decision-making pursuant to GDPR 679/16, the data subject may exercise his or her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his or her request, the right he or she intends to exercise, and attaching a photocopy of an identity document certifying the legitimacy of the request.
Withdrawal of consent
With reference to Art. 6 of GDPR 679/16, the data subject may withdraw any consent given at any time. However, it should be noted that, unless otherwise specified, the processing covered by this policy is lawful and permissible even in the absence of consent.
Filing a complaint
The data subject has the right to lodge a complaint with the supervisory authority of his or her country of residence.
Refusal to consent
The data subject may refuse to provide the Data Controller with their personal data, as providing it is optional. However, providing such data is essential for access to the TUTTOVO S.R.L. premises, and refusal will result in denial of access.
Automated decision-making processes
The Data Controller does not perform automated decision-making processes.