This information is provided in accordance with EU Regulation 2016/679 regarding the processing of personal data. The processing of personal data is carried out in accordance with the provisions of GDPR, as described below.

1. DATA CONTROLLER

The data controller is AUTOMOTIVE LINE S.R.L. (VAT ID 02060270747), located in Monopoli (Ba), at C.da Baione SS16 Z.I. s.n., represented by the legal representative. The Data Controller can be contacted at the following email address: privacy@automotiveline.it.

2. PURPOSE, PROCESSING METHODS, COLLECTED PERSONAL DATA, AND LEGAL BASIS

The Data Controller guarantees compliance with the principles of fairness, lawfulness, transparency, minimization, limitation of purposes and retention, using security measures to ensure integrity, confidentiality, and to prevent unauthorized access by third parties or unauthorized personnel, safeguarding privacy and rights. Personal data will be collected and processed through computerized and paper tools, according to the purposes and types of data indicated below, in compliance with current regulations and, in particular, with security measures prescribed by the Data Protection Authority, while observing every measure capable of ensuring the necessary confidentiality and security.

a) Contractual/Pre-contractual purposes

The data provided by the data subjects and registered by the Data Controller on the website ecommerce.automotiveline.it, as well as those collected through direct contacts between the Data Controller, agents/distributors/collaborators/employees of the same and the data subjects themselves are as follows: company name; VAT number; name, surname, and gender of the owner/legal representative; date of birth and tax code of the legal representative of the company; company headquarters; residential address of the owner/legal representative; company's and legal representative's telephone and email; PEC (certified email); company's IBAN. Information such as fiscal and payment data are also required, used to fulfill legal, accounting, and tax obligations, as well as for any purpose related to the contractual/pre-contractual obligation and execution of the contract between the Data Controller and the data subject. The processing of personal data for these purposes does not require specific consent, as it is necessary to fulfill legal obligations and the pre-contractual and contractual stages of the relationship. Refusing to provide the requested data makes it impossible to provide the related company services. Following the processing of personal data for contractual purposes, in accordance with Article 130, paragraph 4, Legislative Decree no. 196/2003 (Privacy Code), you may receive communications and commercial offers related to the services offered by the Data Controller (marketing purposes based on contractual legal basis).

b) Marketing purposes

Personal contact data provided (phone, email, company/society address and phone, email, and residential address of the legal representative) may be used by the Data Controller for telephone contact, sending newsletters, information, and promotional/commercial offers. In this case, the processing of personal data is carried out with explicit and optional consent. Failure to give consent will result in the inability to receive reserved communications and offers. The aforementioned communications may be sent via email and through SMS services or digital messaging services of third parties, such as Whatsapp, Telegram, Instagram, Facebook, LinkedIn, as well as in paper form, with the sending of promotional/commercial offers to the company's headquarters or the data subject's residential address, also in accordance with Article 130, paragraph 4, Legislative Decree no. 196/2003.

c) Profiling activities

Personal data relating to your preferences, habits, and usage of our services, collected through browsing our websites automotiveline.it and ecommerce.automotiveline.it and through the use of services reserved for registered users, may be subject to profiling for commercial and marketing purposes, to improve these services and offer optimized services based on the expressed preferences. Profiling involves automated decision-making processes and is carried out through algorithms that create a behavioral and commercial profile of the data subject, processing the data collected through the use of the automotiveline.it and ecommerce.automotiveline.it websites and related services. Please note that, in accordance with Article 21 of EU Regulation 2016/679, you may always exercise your right to object to this processing activity. In the case of exercising the right to object, the Data Controller may continue to process the profiling data collected in aggregate and anonymous form, for statistical purposes and optimization of the web portals and services offered. For more information about cookies and their use within the company website, please refer to the extended Cookie Policy, available at the following address:  Cookie Policy

3. COMMUNICATION AND DISCLOSURE OF PERSONAL DATA

The personal data provided will not be disclosed, except in cases provided for by current legislation or where necessary for the management of the requested services. In such cases, the data may be communicated to external data processors and agents who provide services to the Data Controller, such as, for example, professionals, public entities, banks, insurance companies, trade associations, as well as companies or professionals with whom the Data Controller has relationships aimed at managing specific services (e.g., administrative, legal, accounting, email and newsletter management, web marketing, etc.). Personal data provided to external companies and professionals will be used by them exclusively to provide the agreed services. The Data Controller may also communicate personal data processed to public authorities within the limits of the applicable regulations, as well as to law enforcement agencies and the Judicial Authority when required, always for judicial and public order purposes. The data subject can obtain the list of external data processors and any third parties to whom the Data Controller has communicated their personal data by requesting it from the contacts indicated in paragraph 1 of this information.

4. ACCESSIBILITY AND SECURITY OF PERSONAL DATA

The data subject may request access to their personal data at any time by contacting the Data Controller at the contacts indicated in paragraph 1 of this information. Access to personal data may also be granted by the Data Controller to employees and collaborators, within the limits provided and governed by the relationship with these individuals and in specific tasks aimed at processing personal data on behalf of the Data Controller, always as necessary for the performance of their assigned tasks and activities. This is done in accordance with the technical and organizational measures adopted by the Data Controller for the protection and safeguarding of personal data, providing different levels of access and appropriate control and protection tools. If the Data Controller believes that the security and protection of personal data of the data subjects may have been compromised, they will inform the data subjects in accordance with the current regulations and, if necessary, report the data breach to the competent Data Protection Authority.

5. RETENTION OF PERSONAL DATA

Personal data is stored in digital format, taking into account the purposes for which it is collected and processed. Digital data is stored on cloud servers located in OVH datacenters (https://www.ovh.com/ca/en/support/privacy-policy.xml). The maximum retention period for collected data is ten years (e.g., for accounting and tax purposes, for contractual purposes, and in all other cases where current regulations allow data to be retained for this period) or for periods prescribed by current regulations, as in the case of rights and obligations arising from the contract between the Data Controller and the data subject. The retention period provided for commercial and marketing purposes is five years. The retention period for data subject to profiling activities is linked to the duration of the contractual relationship with the data subject or to their presence on the Data Controller's websites as a registered user, always subject to consent given for profiling purposes. At the end of the aforementioned periods, personal data may continue to be stored by the Data Controller in an anonymous form for purely statistical purposes.

6. TRANSFER OF DATA ABROAD

Your personal data will not be transferred abroad to countries other than those belonging to the European Union that do not ensure adequate protection of the same.

7. DATA SUBJECT RIGHTS

In relation to the data subject to processing as provided in this information, the data subject is granted the following rights: - Access (Article 15 of EU Regulation 2016/679) - Rectification (Article 16 of EU Regulation 2016/679) - Erasure (Article 17 of EU Regulation 2016/679) - Restriction (Article 18 of EU Regulation 2016/679) - Portability (Article 20 of EU Regulation 2016/679), meaning the right to receive personal data from the data controller in a structured, commonly used, and machine-readable format to transmit them to another data controller, provided that the digital nature of the processing allows it and that it does not infringe upon the rights and freedoms of others, including the intellectual property rights of the data controller, or their trade secrets; it does not apply, furthermore, when the processing is based on legitimate interests; - Objection (Article 21 of EU Regulation 2016/679). The right to object and the right to delete data are subject to compliance with legal obligations regarding the processing and retention of documents and the possible existence of a legal basis legitimizing the processing itself. Therefore, requests for objection and deletion will be accepted after verifying that the data subject's right does not conflict with any legitimate treatments that are prevalent over the data subject's different expressed will. The data subject, in case they believe that the Data Controller's management of personal data is not in compliance with current regulations, may file a complaint with the Data Protection Authority.


Last modification of this information: October 13, 2021