Privacy policy

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA
Pursuant to Articles 12 et seq. of EU Regulation 2016/679 (“GDPR” or “Regulation”), and in general in compliance with the principle of transparency provided for by the Regulation itself, we hereby provide the following information regarding the processing of personal data (i.e., any information relating to an identified or identifiable natural person: the “Data Subject”) in connection with relationships with customers.

1. DATA CONTROLLER
The data controller (i.e., the entity that determines the purposes and means of processing personal data) is Fonderia Marchesi S.r.l., with registered office at Via Pinzolo 99 – 38079 Tione di Trento (TN), VAT No. 02502630227, tel. +39 0465 338300, certified email (PEC): fonderia.marchesi.srl@legalmail.it

2. PURPOSES OF DATA PROCESSING
The processing of personal data will be carried out for the conclusion of contracts and fulfillment of contractual obligations (both incumbent on and in favor of the data controller), and therefore for purposes strictly related to the management of relationships with customers or suppliers and resulting legal obligations, including administrative and accounting formalities and obligations (for example: acquisition of preliminary information prior to contract conclusion; execution of activities based on obligations arising from the concluded contract), as well as dispute management.

3. METHODS OF COLLECTION AND TYPES OF DATA PROCESSED
The following categories of data may be processed:

surname, first name, and place of birth;

tax code and/or VAT number;

contact phone number/email address.

4. LEGAL BASIS FOR PROCESSING AND MANDATORY NATURE OF DATA PROVISION
There is no obligation to provide data at the pre-contractual stage, but failure to provide the requested data may result in the inability to conclude the contract; once the contract is signed, the provision of any additional data or updates to data already provided is mandatory for all legal and contractual obligations. Therefore, refusal to provide such data, in whole or in part, may result in the data controller being unable to execute the contract and may constitute a breach of contract or violation of the law (if such data is required to fulfill legal obligations or comply with regulatory authorities).
The legal basis for processing is the necessity of the processing: for the performance of a contract to which the Data Subject is a party or for pre-contractual measures requested by the Data Subject; and to comply with a legal obligation to which the data controller is subject.

5. PROCESSING AND STORAGE METHODS
Processing will be carried out: using manual and automated systems; by authorized personnel responsible for these tasks; employing appropriate measures to ensure the confidentiality and protection of data and prevent unauthorized third-party access.
No automated decision-making processes are in place.
Personal data will be stored for the duration of the contractual relationship—typically ten years from the contract’s closure—as long as it remains necessary. After the relationship ends, only the data still necessary will be retained to fulfill any contractual obligations, comply with legal obligations, and address legal protection needs related to or arising from the contract.

6. DISCLOSURE AND POSSIBLE DISSEMINATION OF DATA
The data collected and processed may be disclosed, exclusively for the purposes specified above, to:

all entities legally entitled to access such data;

employees, collaborators, suppliers of the Controller, in the context of their job roles and/or contractual obligations related to the execution of the contract with the data subjects. For example, this includes banks, insurance companies, legal consultants, and software providers and their support teams.

tax authorities and other public bodies for which communication is required by law.
The data will not be disseminated.

7. PLACE OF DATA PROCESSING
Processing activities take place within the European Union. There is no intention to transfer data outside the EU or to any international organization.

8. RIGHTS OF THE DATA SUBJECT
The GDPR grants the Data Subject the following rights regarding their personal data (this summary is indicative; for a complete description, including limitations, refer to Articles 15–22 of the Regulation):

access to personal data (the Data Subject has the right to obtain free information about the data held and how it is processed, and to receive a copy in an accessible format);

rectification of personal data (correction or update of inaccurate or outdated data upon request);

erasure of personal data (right to be forgotten, for example when data is no longer necessary, has been processed unlawfully, must be deleted due to a legal obligation, or consent is withdrawn and no other legal basis exists);

restriction of processing (in certain cases, such as disputing the data’s accuracy, unlawful processing with objection to erasure, data needed for legal claims, or pending verification of an objection);

objection to processing (for reasons related to the individual’s particular situation, especially if processing is for direct marketing, including profiling);

data portability (if the processing is based on consent or a contract and carried out by automated means, the Data Subject may receive the data in a structured, commonly used, machine-readable format and transmit it to another controller, if technically feasible);

withdrawal of consent (at any time, without affecting the lawfulness of processing based on consent before withdrawal);

lodge a complaint with the supervisory authority (Italian Data Protection Authority – Garante Privacy). The Garante can be contacted through the contact details available on its website: “www.garanteprivacy.it”.

For specific contact regarding data protection, including exercising these rights, please use the following email address: paghe@it.marchesi.com.