Information on processing of personal data customers


This information is provided under Article 13 of legislative Decree. nr. 196/2003 – Codex regarding the protection of personal data (the “Privacy Code”) and Article 13 of Regulation (EU) 2016/679 – “European General personal data protection Regulation”.
The Company Atlantic Fluid Tech S.r.l. having its registered office in San Cesario sul Panaro (MO), Via della Meccanica, 50, in the person of Mr. Christian Storci, as processing Controller (hereinafter referred to as “Controller”), hereby inform you that, pursuant to the Article 13 of legislative Decree. nr. 196/2003 (hereinafter referred to as “Privacy Code”) and to the Article 13 of Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”), data will be processed as follows:

  1. Subject
    Atlantic Fluid Tech S.r.l. cares about your personal data protection and respect the applicable personal data protection Regulation (Privacy Code and GDPR 2016/679). Your personal data shall be processed as confidential and may be transferred to third-party only in accordance with this Policy or with your consent.
    In particular, we process:
    i. the personal, identifying and non-sensitive data (particularly, name, surname, tax code, VAT number, e-mail, telephone number – hereinafter “Personal data” or “data”) provided by you.
    ii. any data not provided by you but acquired in compliance with Article 14, paragraph 5 of GDPR, whose transmission is connected to commercial relationships with the company.
  2. Purposes
    Your personal data are processed:
    A) without your expressed consent (Article 24 (a), (b), (c) of the Privacy Code and Article 6, b), e) of the GDPR) with the following purposes:
    i. to process a contract request;
    ii. the implementation of pre-contractual measures taken in response to your request;
    iii. to compile internal statistics;
    iv. to fulfill the pre-contractual, contractual, accounting and fiscal obligations arising from the existing relationships;
    v. to comply with obligations of laws, regulations, Community legislation or as ordered by an authority;
    vi. to protect the vital interests of the data subject or of another natural person;
    vii. to perform the public interest tasks or related to the exercise of official authority by the Controller;
    viii. to prevent the emergence of fraudulent activities or harmful practices affecting the website;
    ix. to pursue a legitimate interest by the Controller or third party in compliance with Article 6 (f) of the GDPR;
    x. to exercise the Controller’s rights, (including without limitation, his rights of defense);
    B) Only with your specific and irrevocable consent (Articles 23 and 130 of the Privacy Code, and
    Article 7 of the GDPR), for marketing purposes, such as:
    i. to send by e-mail any newsletter, commercial communication and/or promotional material on
    products and/or services offered by the Controller, which are different and/or dissimilar from those
    already acquired.
  3. Provision of personal data
    The provision of data for the purposes laid down in Article 2 (A), n. i and ii) it is necessary, since any
    refusal to supply the required personal data could not make it possible for the Controller to fulfill the
    legal obligations and the obligations arising from the contractual relationship, preventing its
    formalization and execution, as consequence.
    The provision of data for the purposes laid down in Article 2 (B) is optional.
  4. Methods of data processing
    The processing of your personal data is carried out by means of the procedures as mentioned in Article
    4, n. 2 of the GDPR, namely: the collection, recording, organization, retention, consultation,
    processing, alteration, selection, extraction, comparison, use, networking, blocking, notification,
    erasure and destruction of data. The processing of your personal data shall be based on the principles
    of correctness, lawfulness and transparency and may be carried out electronically to store, manage
    and transfer them; it will be carried out using instruments which are, mutatis mutandis and according
    to the state of the art, suitable to guarantee the security and the confidentiality and procedures suitable
    to prevent the risk of loss, the unauthorized access, the illicit use and the dissemination of data.
  5. Retention period of data
    The Controller will process your personal data as long as to fulfill the purposes mentioned above but
    not later than 10 years from the termination of the relationship with the service purposes and not later
    than 2 years from the collection of data with marketing purposes. Upon expiry of this period, data
    will be erased or made anonymous.
  6. Data access
    The personal data processed by the Controller won’t be disseminated or give access to undetermined
    people in any form, including their public disclosure or their merely consultation. Your data may,
    however, be disclosed to the Controller’s employees and to certain external parties working with
    them. Your data may be made accessible to:
    i. the Controller’s employees and associate workers, qualified consultants, in their capacity as internal
    managers and/or as personal data processors and/or as system administrators;
    ii. third parties (including but not limited to, credit institutions, professional firms, consultants,
    insurances companies, etc.) performing outsourcing activities on the Controller’s behalf, in their
    capacity as external managers and/or as personal data processors
    Your data may be communicated, if strictly necessary, to persons who for purposes of processing
    orders or other requests or services related to the transaction or contractual relationship with the
    Controller, must provide goods and/or perform services on behalf of the Controller.
    Your data may be made accessible to persons eligible pursuant to any legal provisions, regulations
    and Community legislations.
  7. Disclosure of data
    Without your express consent (ex Article 24 (a), (b), (d) of the Privacy Code and Article 6 (b), (c) of
    the GDPR), the Controller may disclose your data with the above-mentioned purposes to supervisory
    bodies, judicial authorities and to any third-party to which the disclosure of data is mandatory under
    the law.
  8. Data processing
    The data will be managed and stored on the Controller’s server and/or the third-party companies’
    server – involved and duly named as data controllers – which are located within the European Union,
    in accordance with the Article 45 and followings of the GDPR.
    The server is currently located in San Cesario sul Panaro (Mo) via della Meccanica 50. Your data
    won’t be processed outside the European Union. It is understood in any case that, if it shall become
    necessary to move the location of the server to Italy and/or to the European Union and/or to countries
    outside the European Union, this shall always take place in accordance with the Article 45 and
    followings of the GDPR. In such a situation, however, the Controller ensures that the data processing
    outsite the European Union will take place in accordance with the applicable law, also, if necessary,
    entering into agreements to guarantee an adequate data protection level and/or adopting the European
    Commission’s standard contractual clauses.
  9. Data subject’s rights
    In your capacity as the data subject, you are entitled to exercise the rights granted in Article 7 of the
    Privacy Code and the Article 15 of the GDPR, namely:
    i. to obtain confirmation of the existence or not of personal data relating to you, although not yet
    recorded, and the communication of the same in an intelligible form;
    ii. to obtain information about: a) the source of the personal data; b) the purposes and methods of the
    processing of data; c) the method applied in electronical processing of data; d) the identification
    details of the Controller, the managers and the appointed representative pursuant to the Article 5, n.2
    of the Privacy Code and the Article 3, n. 1 of the GDPR; e) to whom the personal data may be
    communicated or who may access them in their capacity as designated representative in the territory
    of the Country, managers or agents;
    iii. to obtain: a) updating, rectification or, where interested therein, integration of the data; b) erasure,
    anonymization or blocking of data that have been processed unlawfully, including data whose
    retention is unnecessary for the purposes for which they have been collected or subsequently
    processed; c) certification to the effect that the operations as per letters a) and b) have been notified,
    as also related to their contents, to the entities to whom or which the data were communicated or
    disseminated, unless this requirement proves impossible or involves a manifestly disproportionate
    effort compared with the right that is to be protected.
    iv. to object, in whole or in part: a) on legitimate grounds, to the processing of personal data
    concerning the same, even though they are relevant to the purpose of the collection; b) the processing
    of your personal data carried out for the purpose of sending advertising materials or direct selling or
    else for the performance of market or commercial communication surveys through the use of
    automated calling systems without human intervention, by electronic mail and/or by traditional
    marketing means such as telephone and/or paper-based mail. It should be noted that the data subject’s
    right to object, as explained above in recital b), for direct marketing purposes through automated
    systems shall extend to the traditional ones and it is still his/her right to object even only in part.
    The data subject could therefore decide to receive only traditional communications, only electronical
    ones, or neither of the two types.
    If applicable, you have also the rights according to the Articles 16 – 21 of the GDPR (the rights of
    reply, to be forgotten, of restriction of processing, to data portability and to object) and the right to
    lodge a complaint with the Supervisory Authority.
  10. Procedure for the exercise of any right
    You have the right to ask to the Controller to access to your personal data, its rectification and
    removal, the integration of the complete data and the limitation of the processing; to receive your data
    in a structured, commonly used and automatic device readable format; to withdraw at any time the
    given consent to your data processing and to object in part or fully to the use of your data; to lodge a
    complaint with the Supervisor Authority as well as to exercise your rights pursuant to the applicable
    law.
    You may, at any time, exercise your rights sending:
    a registered letter to Atlantic Fluid Tech S.r.l. having its registered office in San Cesario sul Panaro
    (MO), Via della Meccanica, 50;
    or sending an e-mail to privacy@atlanticfluidtech.com.
  11. Minors
    If the data subject is younger than 16 years of age, the data processing is lawful only if and to the
    extent that the consent is given or authorized by the child’s parent or custodian, for which the
    identification data and copies of ID documents have been acquired.
  12. Controller, data processors and persons in charge of the processing
    The data Controller is Atlantic Fluid Tech S.r.l. having its registered office in San Cesario sul Panaro
    (MO), Via della Meccanica, 50, Tax Code IT00899540363 in the person of Mr. Christian Storci.
    The updated list of data processors and persons in charge of the processing is kept at the Controller’s
    registered office.
  13. Changes to the present document
    This Privacy Policy may be subject to changes. We encourage you to check this Privacy Policy
    regularly and to check the latest version.

Keep informed regarding our Privacy Policy