PRIVACY POLICY
In compliance with the obligations laid down in the European Privacy Regulation EU/2016/679 (GDPR), we wish to inform you about the processing of personal data collected by us, freely provided by you and/or by others subjects communicated to Veneto Colors, in particular through:
• browsing web pages, using online services, filling in forms on our applications and on the website: www.venetocolors.com
the establishment of contractual relationships with customers with a VAT number.
The processing of data will be carried out in compliance with the privacy regulations in force and will be based on the principles of propriety, lawfulness, and transparency and carried out in compliance with the principles of relevance, completeness, and non-excessiveness.
Identity and contact details of the Data Controller
Veneto Colors / X-FORT Group SH.P.K.
VAT number and tax code 330078825
Legal and operational headquarters:
77, 70520 Doganaj, Kaçanik – Kosovë
Commercial register / Nr. of VAT:
330078825
Fiscal No:
811390814
Contact: Phone: +383 45 401 400
E-mail: [email protected]
Group website: www.venetocolors.com
Contact details of the Data Protection Officer (DPO)
Data Protection Officer
E-mail: [email protected]
Categories of personal data processed and methods of processing
Website navigation:
During the navigation and use of the Company’s website, certain information may be collected and processed for the sole purpose of security and improvement of the service provided. The information collected mainly concerns interactions with the website, statistics on the pages visited by the user, date and time of access, and the technology used by the user. Information may also be collected on the user’s source page and destination page.
In addition, some information is collected automatically (in an anonymous, aggregated, and pseudonymized form) using cookies and similar technologies when the website is browsed. You can read more about our use of cookies in our “Cookies Policy”.
Form filling:
Should you decide to contact the Data Controller by filling in the forms in the “Contacts” section of the aforementioned websites, the information collected will concern your name and surname, your residence or domicile address, e-mail address, telephone number, tax code, VAT number as well as the text you freely enter.
VAT-registered customer:
This policy statement is also addressed to the customers of Veneto Colors with VAT numbers whose data may be collected and processed when establishing and managing the contractual relationship. As regards the type of data processed, please refer to paragraph 3. b. The purposes of processing said data are indicated in paragraph 4 and relate exclusively to purposes 3, 7, 8, 9, and 10.
Using the “Work with us” form
This policy statement is also addressed to those who wish to contact the Data Controller to propose their candidacy, whether spontaneously or in response to the positions being offered. The data processed and collected by means of the form are: first and last name, address of residence or domicile, e-mail address, telephone number, curriculum vitae, passport photos, and the text you freely enter. The purpose of the processing of such data is indicated in paragraph 4 and relates exclusively to purpose no. 2.
Purpose of data processing, legal basis, and storage time
The personal data requested or acquired will be processed exclusively for the purposes and on the legal bases indicated below.
| ○ | Legal basis | Storage time |
| Processing requests for information and contact, providing technical and commercial assistance and support services, made by filling in the form in the “Contacts” section. | Consent is not required as the processing is necessary for providing the service requested by the user or for establishing and/or executing the contractual relationship (art.6.1.b of the GDPR). | For purposes 1,3,4,5: for the entire duration of the relationship and/or of the service offered and in any case for a period not exceeding 10 years from the termination of the same. |
| research and selection of personnel for possible recruitment by filling in the form in the “Work with us” section. | For purpose 2:
● 5 years for candidates who have been interviewed but not recruited; ● 24 months for candidates who were not interviewed; |
|
| To carry out activities related to the establishment, management, and continuation of commercial and/or contractual relationships. | ||
| For acting as an intermediary between the customer and the retailer when purchasing products on an e-commerce platform | ||
| Creation and management of customer profile | ||
| For the proper implementation, management, maintenance, security, and improvement of the website, e-commerce platform, and IT infrastructure. | Consent is not required as the processing is necessary for the pursuit of the legitimate interest of the Data Controller, security, and maintenance (Art.6.1.f of the GDPR). | For the period strictly necessary for the pursuit of the purpose. |
| – Carrying out direct marketing activities.
– Send periodic newsletters and sales and/or technical communications. – market surveys – conducted internally or with external companies – by email or telephone operator. |
Consent is required (Art.6.1.a of the GDPR). | For purposes 7 and 9: given the type of product marketed, 5 years from receipt of consent.
For purpose No. 8: until you object via the link in each newsletter. |
| Processing of statistical data for market purposes | Consent is not required as the processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data is processed only as aggregated data and without reference to user identifiers for market research purposes (Art.6.1.f GDPR). | Since this is aggregated data, there is no storage limit. |
| To fulfill any kind of obligation required by laws, regulations, or EU legislation. | Consent is not required as the processing is necessary to comply with the legal obligations of the Data Controller (Art. 6.1.c GDPR). | 10 years after termination of the relationship. |
| For the resolution of any legal disputes that may arise during the course of the relationship;
|
Consent is not required as the processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself for breach of contract or other causes of damage (art.6.1.f GDPR); | 10 years after termination of the relationship. |
Any refusal, albeit legitimate, to provide all or part of the above data, could make it difficult to access and use our web applications and online services and compromise the smooth functioning of the relationship with our organization; in particular, for personal data defined as mandatory and indispensable, it could make it impossible to access and use our web applications and online services and for us to carry out the normal course of business operations and the normal provision of the products/services requested.
Processing methods
The processing of your personal data is carried out mainly with the help of computer systems, including automated systems, and may consist of the following operations: collection, recording, organization and storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection, transmission, communication, disclosure, cancellation, destruction, blocking and restriction.
In carrying out the processing operations, all technical, IT, organizational, and procedural security measures will always be adopted, so that the minimum level of data protection required by law is guaranteed. The above-mentioned methods applied for the processing will guarantee access to the data only to those subjects specified in point 6.
Categories of recipients of personal data
The subjects or categories of subjects who may become aware of the personal data or to whom they may be communicated are the following:
- Legal Representative of the Data Controller, DPO, system administrator, and employees and data processors of the following areas: Management, Administration and Finance, Technical Area, Production, Logistics, Information Systems, Quality, Marketing, and Sales.
- Data processors include companies of Veneto Colors consultants and IT companies and software houses, consultants and consulting companies, freelance professionals, self-employed workers, agents, representative agencies, and companies dealing in transport and logistics.
- Judicial or supervisory authorities, administrations, public bodies, and agencies (domestic and foreign), but exclusively for the purpose of fulfilling legal, regulatory, or EU obligations, auditors, and auditing companies for the same tasks.
Personal data may also be disclosed, but only in aggregate and anonymous form and for statistical purposes.
Retention and transfer of personal data abroad
The management and storage of personal data takes place in the cloud and on servers located within the European Union and the European Economic Area owned and/or available to the Data Controller and/or third-party companies, duly appointed as Data Processors.
Exercisable rights
In accordance with the GDPR, you may exercise the rights set out therein and in particular:
-
- You may at any time request, from the Data Controller or the Data Protection Officer, a copy of your personal data, information on the where your personal data are processed and an updated list with the identification details of all Data Processors and System Administrators authorized to process your data.
- At any time, you may freely revoke the consent given, without any charge and prejudice to the lawfulness of the processing carried out up to that moment, and exercise the following rights of the Data Subject vis-à-vis the Data Controller as provided for by the European Privacy Regulation EU/2016/679 of Access, Rectification, Cancellation, Limitation, Opposition, Portability and Complaint to the Privacy Guarantor.
The request can be made using the UNSUBSCRIBE facility of the newsletters, or by writing an email to [email protected]