HOW WE USE YOUR DATA

(Articles 13 and 14 of EU Regulation 2016/679)
INF14 – v.04 of 20/04/26

Dear Customer Contact,
We would like to provide you with information regarding the methods and purposes of the processing of your personal data. Regulation (EU) 2016/679 on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter, the “Regulation” or “GDPR”) establishes rules aimed at ensuring that personal data is processed in compliance with fundamental rights and freedoms. This privacy notice reflects those provisions. 
Pursuant to Article 13 of Regulation (EU) 2016/679, we inform you as follows.

1. Data Controller

The Data Controller is Difass International S.p.A. (hereinafter “Difass”), represented by its legal representative pro tempore, Tax Code/VAT No. 02172260974, with registered office in Coriano (RN), Via Ausa 5, 47853, Italy.

2. Nature and Provision of Data

The provision of your personal data to Difass is useful for establishing and managing the contractual relationship between the company you work with and Difass. Therefore, failure to provide the necessary data may result in disruptions in the establishment or continuation of such contractual relationship.

3. Purposes of Processing

Your personal data will be processed for the following purposes:

  1. Active invoicing. This includes the preparation and issuance of quotations, contracts, orders, delivery notes, mandates, fee notices and invoices to the company you collaborate with.
    Retention period: 10 years from the date of entry in mandatory accounting records
  2. Debt collection management. This includes activities related to the recovery of receivables from the company you collaborate with.
    Retention period: until all civil law effects related to the contractual relationship have expired, in accordance with statutory limitation periods.
  3. Customer management. This includes the collection and management of personal data relating to customers, including contact persons (e.g. Commercial Manager and Administrative Manager).
    Retention period: in accordance with legal requirements and in the company’s interest in managing any disputes.

4. Legal Basis for Processing

Difass processes your personal data lawfully.

  • Processing activities 1, 2 and 3 are based on the legitimate interest of the Data Controller, namely the maintenance and management of the contractual relationship with the company you collaborate with

The Data Controller will process your personal data only to the extent necessary for the purposes described above, in compliance with applicable data protection legislation.

5. Methods of Processing

Your personal data, as a data subject, includes in particular:

  1. Name, surname, email address, telephone number.
    Category: Identification data – Personal data: common
    (Processing activities 1, 2, 3)

These data will be processed with a high level of security and always in accordance with current standards. All protection measures required by data protection legislation and applicable regulations, as well as those defined by the Data Controller, are implemented.
Data will be processed by the following authorised categories:

  • Authorised personnel:
    • C.O.O. (Processing: 1, 2, 3)
    • Deputy CEO – Commercial Strategy (Processing: 3)
    • Head of Administration (Processing: 1, 2, 3)
    • Executive Secretariat Manager (Processing: 1, 2, 3)
    • Board of Statutory Auditors and Auditors (Processing: 1, 2, 3)
    • Supervisory Body (Processing: 1, 2, 3)
    • Administrative Staff (Processing: 1, 2, 3)
    • Logistics Manager (Processing: 1, 3)
    • Logistics Staff (Processing: 1, 3)
    • Quality Control Manager (Processing: 1, 3)
    • Quality Control Staff (Processing: 1, 3)
    • Senior Agents Coordinator (Processing: 3)
    • Marketing Director Italy (Processing: 3)
    • Marketing Staff Italy (Processing: 3)
    • Commercial & Dynamic Coordinator (Processing: 3)
    • Italy Licensing (Processing: 3)
    • International Licensing (Processing: 3)
    • Commercial Secretariat (Processing: 3)

6.  Data Communication and Transfer

Your data may be communicated, in addition to the parties listed above, to other categories of recipients where such communication is necessary, appropriate and consistent with the legal basis governing the processing of your data, including:

  • Legal advisors and accountants providing services related to the purposes outlined above;
  • Banking and insurance institutions providing services related to the purposes outlined above;
  • Entities processing data in compliance with specific legal obligations;
  • Judicial or administrative authorities, for the fulfilment of legal obligations.

Your data will not be transferred to third countries or international organisations. However, the Data Controller reserves the right to use cloud services; in such cases, providers will be selected among those offering adequate safeguards as required by Article 46 of the GDPR.

7. Automated Decision-Making and Profiling

No decisions are made based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

8. Data Subject Rights

As a data subject, you are entitled to the rights set out in Sections 2, 3 and 4 of Chapter III of Regulation (EU) 2016/679 (e.g. the right to request access to your personal data, rectification or erasure of such data, restriction of processing, and to object to processing).
In particular, you have the right to:

  • obtain confirmation from the Data Controller as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and the information provided for in Article 15 of Regulation (EU) 2016/679;
  • obtain from the Data Controller the rectification of inaccurate personal data concerning you;
  • obtain the erasure of personal data concerning you where such data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or where the conditions set out in Article 17 of Regulation (EU) 2016/679 apply, provided that the exceptions referred to in Article 17(3) do not apply;
  • obtain restriction of processing where:
    1. you contest the accuracy of the personal data, for a period enabling the Data Controller to verify the accuracy of the data;
    2. the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead, or request that the data be processed for the establishment, exercise or defence of legal claims;
  • receive your personal data in a structured, commonly used and machine-readable format and, where applicable, request that such data be transmitted directly to another data controller;
  • object to the processing of personal data concerning you where the conditions set out in Article 21(2) of Regulation (EU) 2016/679 apply;
  • lodge a complaint with a supervisory authority.

For the exercise of the above rights, you may contact: