PRIVACY NOTICE REGARDING THE PROCESSING OF BUSINESS INFORMATION
This notice pursuant to privacy legislation (Legislative Decree no. 196/2003 – Code on the protection of personal data and Regulation (EU) 2016/679 – hereinafter ‘Regulation’) is provided by EUROCREDIT BUSINESS INFORMATION SRL (hereinafter “our Company”) for commercial information purposes” (‘Code of conduct’), approved by the Guarantor for the protection of personal data, with Resolution of 09/17/2015, n.479, and published in the Official Gazette. n.238 of 10/13/2015.
1) SOURCE OF THE PROCESSED DATA
Dear “person concerned”
we wish to inform you that, also on the basis of specific prefectural authorization (pursuant to art. 134 of the Consolidated Law on Public Security), our Company collects and processes both personal data provided directly by interested parties and some personal data coming from public registers, lists and archives or contained in deeds or documents knowable by anyone (held, for example, by Chambers of Commerce or at the Public Administration) or in any case generally accessible (as obtained, for example, from categorical lists, news press and websites that can be consulted by anyone).
2) TIPOLOGY OF PROCESSED DATA
Our Company may obtain information regarding organisational, productive, industrial, commercial, economic, financial, patrimonial, administrative and accounting aspects relating to the activity carried out by economic operators (such as for example individual or family businesses, small entrepreneurs, professionals, relevant company representatives, etc.), and data referring to natural persons who do not carry out an entrepreneurial or professional activity (commercial information also includes data relating, for example, to chamber of commerce records, financial statements, protests and insolvency proceedings, which are prejudicial of land registry, hypocadastral data, as well as any judicial data reported in public sources or generally accessible to anyone).
Where requested by our customers, personal data may be integrated and enriched through searches, via post, fax or telephone, from private sources (other companies and economic operators) for further commercial information and also relating to so-called payment habits of a company or professional in commercial relationships with its customers, suppliers or partners. For these aspects, the information provided by the latter subjects to interested parties provides for the possibility of communicating data to commercial information companies, such as ours, for the purpose of verifying the reliability or solvency of the economic operator. This is accounting information which is processed in aggregate form as part of our information systems and reports. However, the acquisition of both sensitive data and information covered by corporate and industrial secrecy is excluded.
In the cases strictly provided for by the Code of Conduct, our Company may process data relating to criminal convictions and crimes (art. 10 of the Regulation) coming from public sources or, in certain circumstances, also from generally accessible sources such as those identified in the previous paragraph 1.
3) PURPOSES OF PROCESSING
The data are processed by our company, as the data controller, in order to provide the third parties who request them (our customers) with commercial information services that serve to evaluate the activities, soundness and capacity of a person in the economic and commercial field and to carry out checks in the context of any current or future commercial relations (which, in the absence of correct and complete information, may be precluded) and to protect the rights of the data subjects.
Commercial information may also be requested by our customers, including in the form of lists (by sector or category), for marketing activities, telephone contacts and postal communications for commercial, promotional and advertising purposes (in compliance with the ‘obligation to provide information’ and the prohibition imposed by the legislation in force on the use of automated systems, such as e-mail, fax, pre-recorded telephone messages and SMS, without the prior consent of the data subjects).
The personal data collected by our company may also be subject to further analysis or statistical processing, either in automated form or through the intervention of experts, in order to provide an assessment or judgment, even in summary form or in the form of a score, on the degree of reliability, solvency or economic and commercial capacity of the company or person concerned and/or on the probability of insolvency of a company, taking into account, for example, its overall financial, economic and financial situation, as well as past and current debts and debts, also in relation to persons with significant responsibilities or positions.
4) LEGAL BASIS FOR PROCESSING
The processing of data for the purposes of commercial information described above, even when it is aimed at forming, within the terms already specified, an opinion on the soundness, solvency and reliability of the data subject, is based on the need to pursue the legitimate interests of our company providing commercial information services and of the clients who require them both to carry out the due checks on the economic, financial and asset situation of the data subjects, by way of protection, prior to the establishment and management of commercial relations, including pre-contractual, the provision of goods, services and the definition of the related payment terms and conditions, and the fulfillment of the related regulatory obligations, including in the field of anti-money laundering, the prevention and combating of fraud and the protection of related rights, including in court.
It is understood that such processing will be carried out in full compliance with the Code of Conduct and the applicable legislation and in respect of the interests and fundamental rights and freedoms of data subjects, within the meaning of Article 6 (1) (f) of the Regulation.
5) DATA PROCESSING METHOD ABD SECURITY
The data are mainly collected using IT tools and, following the appropriate checks, including direct IT controls, to guarantee consistency, completeness and accuracy, they are recoded in our Company’s electronic databases and regularly updated.
These databases are organised and managed in accordance with the IT procedures necessary for the communication to our customers, including by electronic means, of documents containing data extracted from public sources and/or for the analysis, comparison and processing of such data for the preparation of reports or information files of an economic or commercial nature to be provided to customers who request them.
All personal data collected and processed by our Company are stored and protected by appropriate measures of confidentiality and security, even in the case of use of electronic communication systems and networks, and can only be known internally by employees and external collaborators managers or persons in charge of collecting, analyzing, processing and communicating the same data or preparing economic information reports, as well as technical assistance and maintenance of our information systems.
6) SCOPE OF DATA COMMUNICATION
The personal data can only be communicated, including by electronic means, to our clients, located in Italy and abroad, who request them and who will act as independent controllers.
The data will not be subject to dissemination in any case.
7) DATA STORAGE
Information from public sources and relating to adverse events processed in the terms of this Policy, as further detailed in the Code of Conduct, is retained by our Company, for the purpose of providing commercial information services, subject to the following time limits:
a) information relating to bankruptcy or insolvency proceedings, for a period of time not exceeding 10 years from the date of the opening of the bankruptcy proceedings; after this period, such information may be further used by our Company, only when other information relating to a subsequent bankruptcy is available or a new bankruptcy or insolvency proceeding has been opened in respect of the listed entity or another related entity; in this case the processing may continue for a period not exceeding 10 years from the opening
b) information relating to prejudicial and mortgage-related acts (mortgages and attachments) for a period of time not exceeding 10 years from the date of their transcription or entry, subject to their possible cancellation before this deadline; in this case the annotation of the cancellation will be kept for a period of 2 years.
Without prejudice to the foregoing, personal data obtained from the sources identified in paragraph 1 above may be retained by our Company for the purpose of providing clients with commercial information services for as long as they remain known and/or published in those sources, in accordance with the provisions of the relevant regulations.
8) RIGHTS OF DATA SUBJECT
Finally, we would point out that the applicable legislation grants each Data Subject the possibility of exercising certain rights at any time, including (i) access, to ascertain whether and which data are being processed by our Company, (ii) rectification and updating of inaccurate and incomplete data, (iii) deletion of data in the cases provided for by Article 17 of the Regulation, (iv) limitation of processing to the application of the conditions laid down (Article 18 of the Regulation), (v) notification of corrections, deletions or limitations by the Company to the subjects to whom the data have been communicated, (vi) lodging a complaint with the Personal Data Protection Authorities.
The data subject may exercise his right to object to the processing of commercial information by our company if he demonstrates, in accordance with Article 21 (1) of the Regulation, that his interests, rights and freedoms are overridden by the legitimate interest of the data subject referred to in paragraph 4 above.
The exercise of the right to data portability (art. 20 of the Regulation) must be considered excluded, with the sole exception of the case in which the processing by our Company concerns data collected directly from the interested party, takes place through automated means and is aimed to the execution of a contract between our Company and the interested party.
The data subject may exercise his rights provided that his request does not concern the rectification or supplementation of personal data of an evaluative nature processed by our Company and relating to judgments, opinions or other subjective assessments, or to indications of conduct to be followed or decisions being taken by our Company.
Through the portal www.informativaprivacyancic.org and the section dedicated to it (link) each Data Subject can send a first request to our Company to have confirmation of the presence or not of personal data concerning him in the archive or database of our Company, to which, if necessary, he can then turn directly, using the specific references below, to exercise the other rights mentioned above.
9) DATA CONTROLLET
The data controller is “EUROCREDIT BUSINESS INFORMATION SRL “ with its registered office at Via Mauro Macchi 58, 20124 Milan, in the person of the Legal Representative. Any changes or additions will be made publicly available in this section in a timely manner.
10) CONTACT DETAILS
You can contact the Data Protection Officer of our company at firstname.lastname@example.org
Eurocredit Business Information Srl
Legal Address: Via Mauro Macchi 58
20124 Milano MI
phone (+39) 02 36707160
Operational Headquarters Address
Centro Direzionale Napoli Isola E3 80143 (NA)
phone (+39) 081 2120811 – fax (+39) 081 2120895