Informational disclosure pursuant to Chapter III of Regulation (EU) 2016/679
Dear Sir/Madam,
We wish to inform you that Chapter III of Regulation (EU) 2016/679, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, provides safeguards for individuals. Under the legislation mentioned above, this processing will be based on the principles of correctness, lawfulness and transparency and will ensure your rights and privacy are safeguarded. Therefore, Labware Spa (hereinafter, the “Company”), as the Controller, in terms of processing personal data, is required to provide you with certain information regarding the processing of your personal data.
1) The role of the Controller performed by the Company
The Controller is:
Labware Spa
Via Enzo Ferrari, 3
62012 Civitanova Marche (MC), Italy
VAT no. 01424730438
Contact details: Tel. (+39) 0733 829696 Email
info@labware.it
1.1 Data Protection Officer
The Data Protection Officer (hereinafter, the “DPO”) is Stefano Dellabiancia who can be reached at
s.dellabiancia@hotmail.it
2) Personal data subject to processing
Complete personal details, contact details
3) Purposes for which personal data is processed by the Company
The Controller will process personal data for the following purposes:
- To allow registrations to the application by creating a personal account
The Controller will process a user’s personal data in order to allow the use of the services reserved for registered users. To access the reserved areas of the service, users need to be authenticated by entering authentication credentials consisting of a username and password. In addition, to complete the registration process, a first name, last name and mobile telephone number need to be provided. The legal basis which legitimises this processing is the fulfilment of the contract or, depending on the case, the execution of pre-contractual measures adopted upon the Data Subject’s request. To this end, personal data will be processed for the time strictly necessary to carry out the individual processing operations. The Controller may, however, store personal data for a longer period in order to comply with certain specific obligations, as established by regulations and/or legislation in effect and to which the Controller is subject. To this end, the Controller will process a user’s personal data:
- To allow the user to access the app;
- To allow the user to access the service and to use it as a logged-in user, recognising the user regardless of the device used;
- To maintain, recover and manage the user’s account;
- To store data and information in the account;
- To allow feedback and requests to be sent on the quality of the service, the status of distributors, credit management and any faults or bugs.
- Processing the Data Subject’s access credentials and personal data is necessary in order to allow access to the service and/or to provide the services supplied by the Controller, including the management and maintenance of the account. Failure to provide the personal data requested in full will make it impossible for the user to complete the registration process, to access the reserved area of the service, and to make use of the services reserved for registered users.
- Geolocation
The Controller will process the user’s personal geolocation data in order to monitor payments and to use this data and information in the event of fraud, or illicit or non-permitted use of the system, or unauthorised access to the same. The legal basis for this processing is the Controller’s legitimate interest. Failure to provide the device’s geolocation data will make it impossible for the user to purchase credit in order to make use of the services and to access the application, even if the user has registered successfully, and, therefore, to make use of all the services reserved for registered users.
The informational and promotional activities relating to products and services which are similar to those already sold will be published in the appropriate section of the app. The optional, specific and voluntary choice of entering the additional fields in the account section (date of birth, gender, country, location, address and profile photograph) will give access to additional promotional activities relating to products and services which are similar to those already sold. If these fields are completed voluntarily, this information will be processed by the Controller. Failure to provide this additional, optional data will not entail any consequence whatsoever for the Data Subject in their use of the service. Processing this data does not require the Data Subject’s specific consent (art. 130, para. 4 of Italian Legislative Decree no. 196/2003, as amended by Italian Legislative Decree no. 101/2018), since processing is based on the Controller’s legitimate interest. Data Subjects may object - at any time - to the processing of the personal data that concerns them by emailing:
info@labware.it
- For maintenance purposes and to resolve any technical issues in the software (app)
Software maintenance and support activities. Processing that might, accidentally, lead to our representative coming into contact with data in the app is, therefore, done by the Company in order to follow up on the contract agreed between your organisation and Labware.
- Sales statistics and analysis
The Controller will generate statistics and will analyse sales using anonymous, aggregated data. Therefore, this purpose does not provide for associating this data to a Data Subject.
4) The legitimate interests of minors
Processing the data of minors is not envisaged.
5) Categories of subjects to which personal data may be communicated
In relation to the first two purposes indicated above under point 3, the Company may transmit your personal data to the following public-sector (non-financial) entities:
- Police forces, the armed forces and other public administration bodies in compliance with the law, regulations and Community legislation;
- Financial administration bodies and public officials.
The Company may also transmit your personal data to private-sector and/or public-sector financial entities only if necessary for the purposes of mutual legitimate interest and, in particular, to the following:
- Parties authorised to transmit tax returns, intermediaries such as banks, post offices, Tax Assistance Centres, trade associations, professionals, etc.;
- Any credit institutions potentially engaged for collections and/or payments;
- Carriers engaged for deliveries and/or collections of goods or services.
6) Transferring personal data to a third country
Data will not be transferred or communicated or disclosed to entities, associations or companies based outside the European Union. Data is stored on servers owned by the Company, or on third-party servers located, in any case, in the territory of the Italian Republic, used for a specific purpose and suitably protected. If, in the future, it becomes necessary to use servers located outside the European Union, only those systems that meet article 28 of the GDPR, which requires the Controller to use “only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the Regulation and ensure the protection of the rights of the data subject”, following standard practices.
7) Data retention period
Personal details will be stored for the entire duration of the customer or supplier relationship and will be deleted upon the Data Subject’s request. It should be noted that, by law, accounting data, whether paper-based or electronic, must be kept for at least 10 years and that, therefore, following a request by a Data Subject, the only data that can be deleted is contact data once all financial dealings have been settled.
In any case, when the Data Subject’s personal data is deleted, they will receive a confirmation email or a confirmation SMS.
8) A Data Subject’s rights
Data Subjects may ask the Controller
- for access to the personal data that concerns them
- to have such data rectified or erased (see point A2).
Data Subjects may exercise their rights by sending a suitable request directly to the Controller.
Data Subjects may also request that the processing of their personal data be restricted or they may object to such processing.
These rights may only be exercised if they are not in breach of the law or the Company’s legitimate interest.
9) The right to withdraw consent
In this case, this is not envisaged.
10) The right to file a complaint with a Supervisory Body
Data Subjects have the right to file a complaint with a competent Supervisory Body. In Italy, this is the Italian Data Protection Authority,
http://www.garanteprivacy.it, and the website explains how to make a complaint.
11) The mandatory or optional nature of providing data and the consequences of not providing data
With reference to the purposes outlined above for which personal data is processed:
Providing the requested data is mandatory since any failure to provide the data in full will make it impossible for us to keep appropriate VAT and accounting documentation and, therefore, to comply with tax regulations.
12) Existence of automated decision-making processes
Profiling operations are not envisaged
13) Date of validity
This policy is effective from 27/11/2024
