1. Data Controller
The Data Controller is the Company HANGZHOU OPEN ONE WORLD LOGISTICS CO.,LT, in the person of its pro tempore legal representative, with registered office in T1 NO. 3 WAREHOUSE, HANGZHOU BONDED LOGISTICS CENTER, WEST SIDE OF BAOSHUI ROAD, JINGJIANG STREET, XIAOSHAN DISTRICT, 311223 HANGZHOU, CHINA.
2. Permanent Representative in Italy - Data Supervisor for processing personal data in Italy
HANGZHOU OPEN ONE WORLD LOGISTICS CO.,LT website is hosted by the Italian provider VISIONOVA on servers located in Italy. Pursuant to Legislative Decree 196/2003 as amended, and the current GDPR, there is the obligation to designate a permanent Representative in Italy also having the function of Personal Data Controller for personal data processing. We are hereby communicating that MESSAGGERIE DEL GARDA S.P.A. - VAT no. 09159810150 - accepted this appointment and was assigned to process your data; The person to contact is Ms. Rebecca Beschi at the email: email@example.com and telephone +39 0376 9420255.
The company is not obliged to appoint the DPO.
In compliance with the requirements of EU Regulation 2016/679 on the protection of personal data (GDPR), we hereby inform you that the company HANGZHOU OPEN ONE WORLD LOGISTICS CO.,LT with registered office T1 NO. 3 WAREHOUSE, HANGZHOU BONDED LOGISTICS CENTER, WEST SIDE OF BAOSHUI ROAD, JINGJIANG STREET, XIAOSHAN DISTRICT, 311223 HANGZHOU, CHINA (hereinafter the “Company”) will be processing personal data that concern you, which you or other persons have supplied or will supply to us.
The processing of personal data will be undertaken in compliance with the laws in force and the conditions set out below.
3. Purpose of the data processing
The processing of personal data will be to achieve only the following purposes:
a) For the requirements preliminary to the execution and performance of sales contracts and for the protection of the receivable positions arising from those contracts;
b) To comply with any obligation provided for by current legislation or regulations in force, especially as concerns tax law;
c) For operational, management and accounting requirements;
d) To log Company website accesses and the use of the services provided by such a website;
e) For the requirements relevant to the monitoring of customer relations performance and/or related risks and to improve those relations;
f) For strategic and operational sales and marketing purposes.
4. Data processing procedures
Processing the information may comprise, apart from their collection, their recording, preservation, amendment, communication, deletion, distribution, etc., which shall be undertaken both on paper and using electronic computer and telecommunications equipment, according to appropriate procedures and with suitable tools that will ensure security and confidentiality of the data, in compliance with the provisions of the GDPR. In particular, we have adopted the technical, IT, organisational, logistical and procedural security measures required by the type of data processed so as to guarantee an adequate level of protection. In addition, the methods applied will guarantee that access to the data shall be permitted only to those persons assigned to the processing by our Company.
5. Data provision
Provision of the information is:
a) Obligatory to achieve the purposes connected to the obligations provided for by law or other binding regulations;
b) Necessary for the proper initiation and pursuit of the relationship begun with you.
Any refusal to supply the data referred to above, even though legitimate, could compromise the regular performance of the relationship with our Company. In particular, it could make it impossible for us to fill your orders and carry out the services requested as well as invoicing those items.
c) Optional for sending marketing material.
6. Communication and distribution of the data
Communication of the personal data collected for the purposes referred to in Point 1 outside may only occur when:
a) communication is obligatory to ensure compliance with the law or other binding regulations;
b) communication is obligatory to ensure the proper initiation and pursuit of the business relationship begun with you.
The personal data collected, to achieve the aims indicated above, may be communicated, as concerns their specific competence, to public and private subjects and/or natural and/or legal persons having aims concerning the commercial and/or management of IT and/or payment systems, including external subjects who perform specific assignments on behalf of our Company.
In particular, the data may be communicated to the following categories of subjects: sales networks, banks and companies specialised in payment management, law offices and advisory agencies, subjects assigned to the audit of our company's financial statements, public authorities or administrations to fulfil legal requirements, Italian and foreign vendors, finance and shipping companies, third parties assigned to the quality control of logistical-commercial flows, and other companies in our Group.
The data may be disclosed, but only in aggregate and anonymous form for statistical purposes and only with the prior expression of specific consent.
7. Transfer of the data abroad
Within the limits strictly necessary for the execution of the contractual relationship with you, your personal data may be disclosed to third parties (such as suppliers) located abroad, within or outside the European Union that ensure adequate security standards in the protection of data recognised by the EU and declared in data transfer contracts entered into with the standard clauses designed by the EU.
8. Storage of data
The data will be stored in a complete manner throughout the period of performance of the contract. Subsequently they will be kept for a period of ten years in order to comply with legal obligations including the obligations under art. 2214 of the Italian Civil Code. Any further storage of data or part of the data may be arranged to assert or defend one’s own rights in any possible venue and in particular before judicial courts.
The data processed for sending material relating to marketing activities will be retained for the period of execution of the contract.
9. Rights of the data subject (articles 15 to 22 of EU Regulation no. 2016/679)
- Access (art. 15 of EU Regulation no. 2016/679);
- Rectification (article 16 of EU Regulation no. 2016/679);
- Erasure (art. 17 EU Regulation no. 2016/679);
- Limitation (art. 18 of EU Regulation no. 2016/679);
- Portability, understood as the right to obtain from the data controller the data in a structured format which is commonly used and readable by an automatic device to transmit them to another data controller without hindrance (art. 20 of EU Regulation no. 2016/679);
- Opposition to the treatment (art. 21 of EU Regulation no. 2016/679);
- Withdrawal of consent to processing, without prejudice to the lawfulness of processing based on consent acquired before the withdrawal (article 7(3) of the EU Regulation no. 2016/679);
- Lodge a complaint to the Data Protection Authority (art. 51 EU Regulation no. 2016/679). More explicitly :
1. The data subject is entitled to obtain confirmation as to whether or not data relating to him or her are held, even if they have not yet been recorded, and the transfer of the same in an intelligible form.
2. The data subject is entitled to obtain the following information:
a. the source of the personal data;
b. the purposes and methods of processing;
c. the logic applied in the event of processing with the help of electronic instruments;
d. the identification data concerning the data controller, data processors and the representative designated as per article 5, paragraph 2;
e. the entities or categories of entities to whom the personal data may be communicated and who may get to know said data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing.
3. The data subject is entitled to obtain:
a. updating, rectification or, where interested therein, integration of the data;
b. erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose storage is unnecessary for the purposes for which they have been collected or subsequently processed;
c. certification to the effect that the operations as per letters a) and b) have been notified, also as regards their content, to the entities to whom the data were communicated or disseminated, unless this requirement proves impossible or involves the use of means or instruments that are disproportionate compared to the safeguarded right;
d. data portability.
4. The data subject is entitled to oppose, in whole or in part:
a. for legitimate reasons, to the processing of personal data, even if pertinent to the purpose of collection;
b. to the processing of personal data for purposes of sending advertising materials or direct selling or for carrying out market research or commercial communication.
5. The data subject has the right to be informed within 72 hours in case of theft of his or her personal data or accidental loss of them.
The above rights can be exercised either directly or through a person in charge, by writing to the Permanent Representative in Italy, also acting as Data Processing Officer, MESSAGGERIE DEL GARDA S.p.A Via Carpenedolo, 90 46043 Castiglione d/s (MN), by calling the telephone number +39 0376 94201 or by sending an email to firstname.lastname@example.org or to Rebecca Beschi, who can be contacted at the email address email@example.com and at the phone number +39 0376 9420255.
MESSAGGERIE DEL GARDA S.p.A. guarantees the effective exercise of these rights, meaning that in the event of inertia by the Company, the person concerned has the right to report to the Data Protection Authority ( www.garanteprivacy.it) the personal data processing considered as non-compliant.
10. Consent to the processing of personal data
Last, we would like to inform you that your consent for processing your personal data as set out above is optional. If you refuse consent, our Company will not be able to process your personal details, but will only be able to use them to comply with the law or other regulations in force, and with the consequences set out in Point 5 above.
As you may know, the DPGR provides that processing your personal data be undertaken with the consent of the person involved, except in those cases specifically indicated by the the law. Therefore, please fill out the electronic forms requesting your consent as verification that you have received the information in this Privacy Code brief and that you expressly consent to the processing of your personal data.