Privacy Policy according to EU GDPR N.679/2016

Privacy Policy  for Customers and Suppliers and for their respective contacts pursuant to articles 13/14 and art. 21 of the General Data Protection Regulation (General Data Protection Regulation – Rev. N.679 / 2016 in force since 25.05.18, hereafter GDPR) of C.R.M. di Mazzoccato Arturo & Figli srl (hereinafter referred to as “CRM Mazzoccato” or “we”)

In the form of simple questions and answers we provide below all the information necessary for a peaceful and useful conduct of our relationships under new Privacy rules.

Who is the Data Controller? Who should I contact?

Name and address of the Data Controller:

C.R.M. of Mazzoccato Arturo & Figli srl, Via S.S. of the Giovi 44, 22073 FINO MORNASCO / CO
Legal Manager
Tel .: +39 031 928352

The Data Processor can be contacted at the following addresses:

C.R.M. of Mazzoccato Arturo & Figli srl, Via S.S. of the Giovi 44, 22073 FINO MORNASCO / CO
Tel .: +39 031 928352

What are the categories of Data processed by C.R.M. Mazzoccato and for what purposes?

We deal with the following categories of customers’ and suppliers’ data: company name, legal form, registered office, legal representatives and contact persons (name, surname, e-mail address and telephone / fax numbers) and all the data necessary for the conclusion of contracts various type.

These data are stored and processed where necessary:

  • For the preparation and execution of a contract (including the management of the relationship with the client);
  • For billing purposes and to offer our customers any additional services that may be of interest to them, provided they have not expressed opposition to the use.

Beside whis, our website may contain links to other sites. C.R.M. Mazzoccato is not responsible for the content or privacy practices of these sites and this Policy does not apply to the practices of those companies.

Where do the data come from?

The information processed was collected directly from the client / supplier and from the respective contacts with the customer / supplier or through publicly available information sources, such as business registers or the customer / supplier website.

On what legal basis is data processing performed?

The legal basis for the processing of personal data is the General Data Protection Regulation (GDPR) as above and in particular

  • Art. 6 (1) (b), which allows processing for the purposes of stipulation and execution of contracts,
  • Art. 6 (1) (f), which allows the processing for the protection of our legitimate interests, provided that there is no priority interest of the natural person concerned that prevents such treatment.

We also process personal data on the basis of the consent provided by the interested parties. Interested parties can withdraw their consent at any time, this action will not have retroactive effect. However, the withdrawal of consent will prevent the further processing of personal data of the subject on our part. The other regulations allowing the processing of data (Article 6 (1) (b) and Article 6 (1) (f) of the GDPR will remain unchanged.

With whom are the data provided shared? Where are the data stored?

We share personal information that allows identification with recipients within C.R.M. Mazzoccato who must know this information in the performance of their functions and obligations, and with any third parties in charge of data processing on our behalf, as service providers, bound in turn by the contracts required by law on data protection , or to which CRM Mazzoccato must provide information to fulfill his legal obligations. We do not share personal information that allows identification with third parties for commercial purposes (= we do not sell information). Personal data are stored on C.R.M.Mazzoccato’s servers.

Are the data transferred to recipients outside the European Union or the European Economic Area (ie the so-called third countries) or to international organizations?

Personal data of customers / suppliers could be transferred to third countries only if necessary for the execution of any contracts.

For how long are the provided data stored?

We retain personal data only for the time necessary to achieve the purposes described above, and for the retention periods required by the numerous Italian laws in various subjects.

What are the rights of the affected Subject? Where is a complaint possible?

  • Right to be informed about the data in our possession (Article 15 GDPR)
  • Right of correction at any time in the presence of incorrect or outdated information (Article 16 of the GDPR)
  • Right of possible cancellation of personal data (Article 17 of the GDPR – in the absence of our greater powers or rights in favor of the continuation of the treatment)
  • Right to restrict / limit the processing of personal data (Art.18 GDPR)
  • Right to obtain information regarding the data held by C.R.M. Mazzoccato

For all these actions, please contact the address given in point 1. You may request the sending of information provided to us in a structured, common and legible format by automated means, or the transmission of such information to third parties. To oppose the processing of data pursuant to art. 21 of the GDPR. see the specific information box below. To contact the competent supervisory authority, Personal Data Protection Authority, please write to: Garante Privacy Piazza Montecitorio n. 121 00186 ROMA (Italy)    Tel .: (+39) 06.696771  Email:

Is the sharing or updating of data obligatory?

Providing your personal data is a free choice. However, we are authorized to process the personal data of the subjects with whom we maintain contractual or pre-contractual relations, for the purposes of use specified above (see point 2 above. What are the categories of Data processed by CRM and for what purposes? and point 4. On what legal basis do we process data?)

Are the personal data provided used for automatic decision-making processes?

In principle we do not use customer / supplier data for automatic decision-making processes as described in art. 22 of the GDPR.

Are the I data used for profiling / assignment of scores?


Opposition law pursuant to art. 21 GDPR

  • Opposition right based on a particular situation

Pursuant to art. 21 (1) of the GDPR the interested party has the right to object to the processing of their personal data at any time in the presence of a particular situation. In the event of opposition, we will discontinue the processing of personal data provided that the existence of convincing and legitimate legal bases in our favor, prior to the interests of the subject (eg to assert our rights or to defend ourselves in case of legal actions)

  • Right to oppose treatment for commercial purposes

Pursuant to art. 21 (2) of the GDPR, the subject also has the right to oppose the processing for direct commercial purposes. In this case, we will stop using personal information received for promotional purposes. An opposition may be sent in any format to the addresses indicated in paragraph 1.

Have Questions?
We will answer as soon as possible

Read the privacy policy

Please, fill in the form below

Read the privacy policy

File download is now available!
Our staff will take care to send you the requested file