Dear Customer,
Blue Farm S.r.l. (hereinafter also "Blue Farm" or the "Owner" or the "Company") needs to process your personal data, as well as the data of subjects belonging to your corporate organization or beneficial owners (hereinafter "Data") for provide you with the services and/or products requested by you, as well as - within the limits of the law - to carry out further activities indicated in point 1 below. To this end, pursuant to EU Regulation 2016/679 (General Regulation for data protection, hereinafter "Regulation"), the Data Controller provides this information.
1. Purpose of the processing and nature of the provision of data
Data processing will take place for the following purposes:
Instrumental purposes: purposes connected and instrumental to carrying out the preliminary investigation (management of the request, assessment of the customer's situation and identification of the most suitable solution) and (in case of acceptance of the supply request) for the stipulation, management and execution of the related contractual relationship;
Mandatory purposes: purposes related to the fulfillment of legal obligations, as well as deriving from provisions issued by the Authorities legitimated by the law and by Supervisory and Control Bodies (such as the central risk office, usury law, identification, conservation and reporting obligations envisaged by anti-money laundering legislation).
Purpose of exercising and defending a right: also in court. The processing of data for instrumental and mandatory purposes is necessary to be able to proceed with the evaluation and subsequent conclusion of the contract and the fulfillment of any related legal obligations. Any refusal could prevent Blue Farm from following up on your supply proposal as well as concluding and executing the contract.
Commercial purposes: the Company may use some contract data provided at the time of stipulation of the contract to offer you products, services and services similar to those covered by the previous agreement stipulated between the parties. In any case, these contacts will be limited in time and frequency and, if you do not wish to receive such communications, you can notify the Company at any time, using the addresses indicated in paragraph 8 of this privacy policy or using the link on the email communications received . In this case, the Company will interrupt the aforementioned activity without delay. It should be noted that for these activities only contact data relating to the organization will be used and not private contact data of subjects belonging to the company organization or of the beneficial owner, where communicated to the Company for the aforementioned purposes.
It should be noted that the request to stop sending messages of a commercial nature will in no case affect the contractual relationship.
2. Legal basis of the treatment
With reference to the treatments carried out for the purposes referred to in the previous point:
- 1 a) (instrumental purposes), the legal basis lies in the fulfillment of contractual and pre-contractual obligations;
- 1 b) (mandatory purposes), the legal basis lies in the fulfillment of legal obligations;
- 1 c) (purpose of exercising and defending a right), the legal basis lies in the legitimate interest of the Bank to protect its rights and interests;
- 1 d) (commercial purposes): the legal basis lies in the legitimate interest of the Company, taking into account the reasonable expectations nourished by the interested party based on the relationship with the Data Controller (as per Recital 47 of the Regulation).
3. Data processing methods and data retention period
In relation to the aforementioned purposes, the Data will be processed using manual, IT and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the Data.
Your data will be kept for the following periods of time:
- pre-contractual data: (in case of failure to stipulate the contract): for 10 years from the date of failure to stipulate;
- contractual data collected for mandatory: 10 years following the end of the contractual relationship, in compliance with national civil and fiscal legislation.
- data relating to the protection of one's rights in court (also in court): for the deadline for the relative sentence or final instance of judgment to become final and, where necessary, for the subsequent executive phase;
- data processed for commercial purposes: for the duration of the contractual relationship and the following six months.
4. Categories of data processed and source of data
The Data processed by Blue Farm S.r.l are personal data (name, surname, date of birth, etc.), contact data (e-mail address, home address, mobile number, etc.), personal data (such as, for example , tax code, etc.) and data relating to the economic and financial situation (income, property, etc.). The source of your data is the contract or the pre-contractual form signed by you.
5. Categories of recipients of the Data
Your Data may be communicated, exclusively for the purposes previously indicated in point 1 a), b) and c), to the following categories of subjects:
- supervisory and control authorities and bodies and in general subjects, public or private, with functions of public law importance;
- public entities that manage obligatory risk centres;
- private managers of credit information;
- entities that perform financial and insurance services;
- subjects who carry out acquisition, processing and processing services
Data:
- subjects who carry out document filing and data entry activities;
- subjects who carry out activities of transmission, printing, enveloping, transport and sorting of communications with the interested party;
- subjects who carry out the credit recovery service;
- management company of national and international systems for the control of fraud against companies, banks and financial intermediaries;
- auditing firm;
- subjects who carry out assistance and consultancy activities;
- companies belonging to the same group as Supplier Lease S.r.l.;
The subjects to whom the Data are communicated will process such Data as "responsible" for the treatment, appointed by Blue Farm, or operating in total autonomy as separate independent "owners" of the treatment. It should also be noted that - with regard to the Data necessary for carrying out the tasks assigned and always acting as persons authorized to process and instructed in this sense by the Data Controller - natural persons belonging to the following categories may become aware of the Data: a) employees of Blue Farm S.r.l. or seconded to it; b) interns, collaborators and temporary workers c) promoters and "dealers" d) employees of external companies or service providers (previously appointed managers by Blue Farm).
6. Transfer abroad
For the aforementioned purposes, the Data may be transferred abroad to countries belonging and not belonging to the European Union, using in any case suitable tools to guarantee the security of the Data, in compliance with the provisions of the Regulation, such as, for example, the Standard Contractual Clauses approved by the European Commission. In case of transfer to non-EU countries, you may at any time know the collation of the Data and a copy of the same, by contacting the Data Controller at the addresses indicated in point 8 below. Your Data will not be disclosed in any way.
7. Rights of the interested party
Finally, we inform you that pursuant to articles 15, 16, 17, 18, 20 and 21 of the Regulation, you, as an interested party, have the right to: a) access data concerning you; b) obtain the rectification, cancellation, oblivion, updating of data as well as oppose the processing of data; c) exercise data portability, obtaining a copy of the data processed in a structured, commonly used and readable format; d) revoke the previously given consent; e) obtain the limitation of the treatment as well as oppose the treatment itself; f) obtain the transmission of data to another owner; g) lodge a complaint with the competent Supervisory Authority; i) obtain the limitation of the processing of personal data. The interested party also has the right to oppose the processing of personal data, even if pertinent to the purpose of the collection, as well as the processing of personal data for the purpose of sending advertising material or commercial communication and communication to third parties. The interested party has the right to request at any time not to receive the commercial communications referred to in point 1 (d). In this regard, it should be noted that the request, even if it were expressed with regard to a specific means of communication, will automatically extend to all types of sending and communication means. You may exercise these rights at any time at the addresses indicated below.
8. Data controller
The Data Controller is Blue Farm S.r.l. with headquarters in via Clauzetto, 8/2 in 33078 San Vito al Tagliaemnto (PN). The Data Controller can be contacted at any time at the following email address contatto@bluefarm.it.
INTEGRATION TO THE PRIVACY INFORMATION REGARDING HOW YOUR DATA ARE USED IN THE CONTEXT OF CDs. CREDIT INFORMATION SYSTEMS (Article 5 of the code of ethics on credit information systems)
Dear Customer,
in addition to what has already been communicated to you regarding the processing of your data, we specify that, in order to accept your request for supply, we use some data concerning you, which you yourself provide us or which we obtain by consulting some databases, which we need to evaluate your reliability and without which you may not be granted the supply of the goods and/or services you have chosen. This information will be held with us; some will be communicated to large databases set up to assess credit risk, managed by private individuals and which can be consulted by many subjects.
You have the right to access your data at any time. Contact our company (Blue Farm S.r.l., via Clauzetto, 8/2, 33078 San Vito al Tagliamento PN), or the manager of the credit information systems, at the addresses indicated above. In the same way, he may request the correction, updating or integration of inaccurate or incomplete data, or the cancellation or blocking of those processed in violation of the law, or even oppose their use for legitimate reasons to be highlighted in the request (art. 7 of the Privacy Code; art. 8 of the code of ethics).
Data retention times in credit information systems:
- loan requests: 6 months, if the investigation requires it, or 1 month in the event of refusal of the request or renunciation of the same;
- arrears of two installments or two months then remedied: 12 months from regularization;
- greater delays remedied also on transactions: 24 months from regularisation;
- negative events (i.e. arrears, serious defaults, bad debts) not remedied: 36 months from the contractual expiry date of the relationship or from the date on which their last update was necessary (in case of subsequent agreements or other relevant events in relation to the repayment) ;
- relationships that took place positively (without delays or other negative events): 36 months in the presence of other relationships with unregulated negative events. In the remaining cases, 36 months from the date of termination of the relationship or expiry of the contract, or from the first update made in the month following these dates.