INFORMATION GIVEN TO THE INTERESTED PARTY REGARDING THE PROCESSING OF PERSONAL DATA

pursuant to Art. 13 of EU Regulation 2016/679

Dear Data Subject, we wish to inform you that the “European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data” (hereinafter “GDPR“) provides for the protection of persons and other subjects regarding the processing of personal data.

Best Surface Holding S.r.l. with registered office in Via Camperio Manfredo, 14 – 20123 Milan and operational headquarters in Via San Clemente, 1 – 20122 Milan Tel. +39 02 58215360 – Fax +39 02 588215368 Tax code and VAT number 10463820968;

Best Surface SL. with registered office in Carretera de Castellón, 117, DS Foyes 5D en partida Foyes Ferraes, CP 12110 Alcora, España, número de NIF B44513752 y Tel. +34 964 784545- Fax +34 964 784500

Having jointly determined the purposes and means of processing, as “Joint Data Controllers” (hereinafter “Controllers“) pursuant to Article 26 of the GDPR, in implementation of the obligations arising from the GDPR, provide you with some information regarding the methods and purposes of the processing of personal data concerning you, of which the Joint Data Controllers are or may come into possession. According to the GDPR, such processing will be based on the principles of correctness, lawfulness and transparency and protection of your privacy and your rights.

1. DATA CATEGORIES: The Controllers will process the categories of Identifying and Personal data necessary for the purposes of treatment.
2. DATA SOURCE: Personal data in the possession of the Controllers are collected directly from the person concerned.
3. LEGAL BASIS OF THE PROCESSING: The Controllers process the personal data of the interested party in the event that at least one of the following conditions exists:
   – the Data Subject has given his/her consent for one or more specific purposes

   – the processing is necessary for the performance of a contract with the Data Subject and/or the execution of pre-contractual measures- the processing is necessary to fulfil legal obligations to which the Data Controllers are subject

   – the processing is necessary for the performance of a task of public interest or for the exercise of public powers vested in the Data Controllers

   – the processing is necessary for the pursuit of the legitimate interest of the Data Controllers or of third parties.

4. PURPOSES OF DATA PROCESSING: The processing of your data is carried out for the following purposes:
   a) Activities related to the management of any commercial and contractual relations, more precisely for the compilation of master lists, the keeping of customer/supplier accounts, invoicing, creditor management and to fulfill all fiscal obligations and by the current legislation.

   b) Disclosure activities such as the sending of information material relating to stock and/or production updates, price list adjustments, invitations to training events, meetings, fairs and exhibitions, responses to requests for information or assistance. These communications may be made via automated messages, via e-mail, via sms/MMS, via fax, via paper mailing and/or the use of the telephone with operator.

   c) Marketing activities such as market analysis, periodic sending of newsletters, commercial and/or promotional communications relating to products and services offered by the owners or third parties, sending surveys to improve the service (“customer satisfaction”), administration of personalized advertisements. These communications may be made via automated messages, through third party digital platforms and channels, via e-mail, via sms/MMS, via fax, via paper mail and/or the use of telephone with operator.

5. DATA RECIPIENTS: Within the limits relevant to the purposes of processing indicated, your data may be communicated to partners, subsidiaries, consulting companies, banks, private companies, appointed by the Data Controller. Your data will not in any way be disseminated for other purposes. The Data Processors and Persons in charge of the processing are punctually identified in the Privacy Document, which is periodically updated. The list of Data Processors is available by writing to privacy@idylium.com or at the registered offices of the Data Controllers.
6. TRANSFER OF DATA ABROAD: Data collected will not be transferred outside the EU.
7. PERIOD OF STORAGE: Data collected will be stored for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of limitation of storage”, art.5, GDPR) or according to the deadlines provided by law. The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically by the Data Controller.
8. RIGHTS OF THE INTERESTED PARTY: The interested party always has the right to request from the Data Controller access to his/her data, the rectification or cancellation of the same, the limitation of the processing or the possibility to oppose the processing, to request the portability of the data, to revoke the consent to the processing by asserting these and the other rights provided for by the GDPR by simple communication to the Data Controller writing in at privacy@idylium.com. The data subject may also lodge a complaint with a supervisory authority (Privacy Guarantor).
9. OBLIGATORYITY OF DATA SUBMISSION: The provision of personal data by the interested party is compulsory according to the purpose of the Treatment indicated in this statement. 
10. COMPULSORY CONSENT: The provision of consent to the processing of data by ticking the appropriate box is optional, but essential to proceed with the purposes of the treatment indicated in this statement. 
11. DATA PROCESSING METHODS: Personal data provided by you will be processed in compliance with the above-mentioned regulations and the obligations of confidentiality which inspire the activity of the Data Controller. The data will be processed both with computer tools and on paper or any other suitable support, in compliance with appropriate technical and organizational security measures provided by the GDPR.