Privacy Policy

We wish to inform you that Chapter III of Regulation (EU) 2016/679, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, provides safeguards for individuals. Under the legislation mentioned above, this processing will be based on the principles of correctness, lawfulness and transparency and will ensure your rights and privacy are safeguarded. Therefore, Labware Spa (hereinafter, the “Company”), as the Controller, in terms of processing personal data, is required to provide you with certain information regarding the processing of your personal data.

1) The role of the Controller performed by the Company

The Controller is:

Labware Spa

Via Enzo Ferrari, 3

62012 Civitanova Marche (MC), Italy

VAT no. 01424730438

Contact details: Tel. (+39) 0733 829696 Email info@labware.it

1.1 Data Protection Officer

The Data Protection Officer (hereinafter, the “DPO”) is Stefano Dellabiancia who can be reached at s.dellabiancia@hotmail.it

2) Personal data subject to processing

Complete personal details, tax details (Tax Code and VAT number), contact details, names of some employees,

3) Purposes for which personal data is processed by the Company

Personal data will be processed by the Company specifically for the following purposes:

• For accounting purposes, to issue tax or tax-relevant documents, to compile documentation for tax and statutory purposes.
• To manage logistics and internal company operations, to manage operational communications related to the customer or supplier relationship and the contract agreed with the Company

3.1 Legal basis on which the Company processes personal data

The processing of personal data for the purposes outlined above is, therefore, carried out by the Company only upon request or if authorised by express legal provisions and in order to follow up on contracts agreed between your organisation and Labware.

4) The legitimate interests of minors

Processing the data of minors is not envisaged.

5) Categories of subjects to which personal data may be communicated

In relation to the first two purposes indicated above under point 3, the Company may transmit your personal data to the following public-sector (non-financial) entities:

• Police forces, the armed forces and other public administration bodies in compliance with the law, regulations and Community legislation;
• Financial administration bodies and public officials.

The Company may also transmit your personal data to private-sector and/or public-sector financial entities only if necessary for the purposes of mutual legitimate interest and, in particular, to the following:

• Parties authorised to transmit tax returns, intermediaries such as banks, post offices, Tax Assistance Centres, trade associations, professionals, etc.;
• Any credit institutions potentially engaged for collections and/or payments;
• Carriers engaged for deliveries and/or collections of goods or services.

6) Transferring personal data to a third country

Data will not be transferred or communicated or disclosed to entities, associations or companies based outside the European Union. Data is stored on servers owned by the Company, or on third-party servers located, in any case, in the territory of the Italian Republic, used for a specific purpose and suitably protected. If, in the future, it becomes necessary to use servers located outside the European Union, only those systems that meet article 28 of the GDPR, which requires the Controller to use “only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the Regulation and ensure the protection of the rights of the data subject”, following standard practices.

7) Data retention period

Personal details will be stored for the entire duration of the customer or supplier relationship and will be deleted upon the Data Subject’s request. It should be noted that, by law, accounting data, whether paper-based or electronic, must be kept for at least 10 years and that, therefore, following a request by a Data Subject, the only data that can be deleted is contact data once all financial dealings have been settled.

In any case, when the Data Subject’s personal data is deleted, they will receive a confirmation email or a confirmation SMS.

8) A Data Subject’s rights

Data Subjects may ask the Controller

• for access to the personal data that concerns them
• to have such data rectified or erased (see point A2).

Data Subjects may exercise their rights by sending a suitable request directly to the Controller.

Data Subjects may also request that the processing of their personal data be restricted or they may object to such processing.

These rights may only be exercised if they are not in breach of the law or the Company’s legitimate interest.

9) The right to withdraw consent

In this case, this is not envisaged.

10) The right to file a complaint with a Supervisory Body

Data Subjects have the right to file a complaint with a competent Supervisory Body. In Italy, this is the Italian Data Protection Authority, http://www.garanteprivacy.it, and the website explains how to make a complaint.

11) The mandatory or optional nature of providing data and the consequences of not providing data

With reference to the purposes outlined above for which personal data is processed:

Providing the requested data is mandatory since any failure to provide the data in full will make it impossible for us to keep appropriate VAT and accounting documentation and, therefore, to comply with tax regulations.

12) Existence of automated decision-making processes

Profiling operations are not envisaged

13) Date of validity

This policy is effective from 27/11/2024