This site uses technical cookies and profiling third party cookies to offer a better user experience; third party cookies require your consent. By continuing to browse the site, clicking or tapping the screen, scrolling the web page or closing this banner, you are agreeing to our use of cookies. For further information or opt out options.
IMA is loading

Client Information

PURSUANT TO ART. 13 – 14 OF THE REGULATION (EU) 2016/679

We inform you, pursuant to Art. 13 -14 of the Regulation (EU) 2016/679 on the protection of personal data (“GDPR”) that your personal data could be processed according to the current legislative and contractual provisions.

In relation to the above, we inform you that:  

  1. Data Controller

The Data Controller, that is whoever determines the purposes and means of the processing of personal data, is the IMA Group company with which your company has a contractual relationship (hereinafter “Company” or “Data Controller”).

The updated list of the IMA Group companies is available at the following website: https://ima.it/it/il-gruppo-ima/societa-del-gruppo-ima/.

You can request all the details regarding the Data Controller identification data by sending an email to: privacy@ima.it.

The IMA Group companies have appointed a data protection officer (“DPO”) who can be contacted to obtain clarifications on the processing of your personal data.

In particular, the Italian companies of the IMA Group has appointed the following DPO:

Alberto Bertuzzo
Pirola Pennuto Zei & Associati
Via delle Lame 109
40122 Bologna (Italy)
Tel.:+39 051 526711
E-mail: dataprotectionit@ima.it

other European companies of the IMA Group has appointed the following DPO:

Christian Schwinge

schwinge GmbH

Am Kochenhof 12

70192 Stuttgart

GERMANY

Phone: +49 (0) 711 / 258560-0

E-mail: dataprotectioneu@ima.it

  1. Personal Data Processed

The Data Controller collects and processes “contact” personal data (name, surname, fiscal code, email address, telephone number, position and company) of the client employees with whom it have dealings(“Personal Data”).

Moreover, the Company could carry out checks on the solvency of its commercial counterpart through credit control and credit risk analysis and, during these activities, may gain knowledge of Personal Data relating to the members of the corporate bodies of the analysed Company.

Data update

At any time, you can verify that the Personal Data processed for the purposes as per this information are correct and, should they be changed, you can request the update of this data, by sending an email to privacy@ima.it or by registered post to the Company’s headquarters.

  1. Purposes of the processing and legal basis

The collection and the processing of your Personal Data are carried out for the following purposes:

  1. to perform the contractand to provide the client with the relative services requested;
  2. to verify the solvencyof the commercial counterparts;
  3. to fulfil any legal and/or regulatory obligations(e.g. invoicing and book-keeping);
  4. to protect the rightsof the Company or the IMA Group, both in court and out-of-court proceedings;
  5. to provide commercial information on products and/or services similar to those already purchased by the customer (c.d. soft spam);
  6. to carry out direct and indirect marketing activities and market research: these activities include:
    1. sending (via email, traditional mail, telephone, fax and/or SMS/MMS, push notifications) of newsletters and commercial communications relating to the products of the IMA Group companies (and their commercial partners);
    2. invitation to events and/or fairs;
    3. performing statistical analysis, surveys and market researches, including customer satisfaction activities.

The processing of your Personal Data for the purposes mentioned above has its legal basis on:

  • 6, para. 1 lett. b) of the GDPR – processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract – with regard to lett. a) above;
  • 6, para. 1 lett. c) of the GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject – with regard to lett. c) above ;
  • 6, para. 1 lett. f) of the GDPR – processing is necessary for the purposes of a legitimate interests pursued by the controller – with regard to lett. b), d), e) and f).

We hereby remind you that you can object to the processing at any time by contacting the Company as per in paragraph 8 below, except in the event that the Company demonstrates the existence of prevailing, compelling, legitimate grounds for the exercise or the defence of a right, pursuant to Art. 21 of GDPR.

  1. Means of data processing

The processing by the Company of your Personal Data shall be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights, in accordance with the principles expressed by the GDPR.

Your Personal Data may be processed by paper-based or IT instruments and it shall include – in compliance with the limits and conditions laid down by the privacy legislation – all the operation or set of operations necessary for the processing at issue, including communication to subjects as per para. 6 below. The processing of Personal Data shall be carried out in compliance with confidentiality and security rules provided by European regulations, by law, and other national provisions.

Processing of your Personal Data is achieved by means of the operations described in Art. 4 no. 2 GDPR, that are: collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, comparison, alignment, restriction, erasure or destruction.

The Company guarantees the logical and physical security of the Personal Data and, in general, the confidentiality of the Personal Data processed, implementing all the appropriate technical and organisational measures required to avoid the loss of Personal Data, the unlawful use or, in any event, the incorrect use of the same, and unauthorized access by third parties.

  1. Categories of personal data recipients.

The Company, for the purposes described in paragraph 3 above, could communicate your Personal Data to:

  • employees and collaborators of the Company itself, who shall act in their capacity as authorized data processing personnel and/or consultants appointed by the Data Controller who need to process the Personal Data for the performance of their duties;
  • third parties who carry out outsourcing activities on the behalf of the Data Controller, providing specific services as data processors pursuant to Art. 28 GDPR (“Data Processor”). For information on the names and other details of the Data Processors, you can contact the Data Controller to the following address: privacy@ima.it or by registered mail to the Company headquarters;
  • IMA Group companies;
  • banks for the management of collections and payments from the execution of the contract;
  • members of control bodies, such as the Board of Statutory Auditors, the Vigilance Body pursuant to Legislative Decree 231/2001, independent auditors and other internal or external auditors in charge of carrying out checks and inspections on behalf of the Company;
  • judicial or supervisory authorities, public administrations, public (national or foreign) bodies, in compliance with the provisions of the law and conforming to a previous formal request from such subjects.

The third parties as above to which the Company may communicate your Personal Data shall process them in their role as Data Processors, expressly appointed by the Company pursuant to Art. 28 of the GDPR or as autonomous data controller.

The Personal Data collected by the Company shall not be disseminated, without prejudice to the communications provided by laws.

It is understood that, in the event of any extraordinary corporate transaction (e.g. sale or lease of a company, merger, etc.) concerning the Company, the Personal Data may be transferred or communicated to third parties purchasers/lessee or others, entitled by the Company.

  1. Transfers of personal data to third countries or international organisations.

The complex IMA Group business structure necessarily entails the circulation of Personal Data outside of the European Union and the European Economic Area (“EEA”), which is defined in Art. 44 of GDPR as “transfers of personal data to third countries”.

In the event that your Personal Data are transferred to third countries, they shall be processed in compliance to the provisions of Articles 45 et seq. of GDPR.

For more information on the transfer of your Personal Data, you can contact the Company to the following address: privacy@ima.itor by registered mail to the Company headquarters.

  1. Personal Data Storage Period

Your Personal Data shall be stored for the period of time strictly necessary for the purposes of the data processing indicated in para. 3 above and in particular:

  • for the purposes indicated in paragraph 3 lett.a), c) and d): the period of time necessary for the fulfilment of the contractual obligations and, in any event, for no longer than 10 years from the termination of the contractual relationship and, anyway, no later than the terms provided by the applicable laws;
  • for the purposes indicated in paragraph 3 lett. b): the period of time strictly necessary to carry out the aforementioned checks;
  • for the purposes indicated in paragraph 3 lett. e) and f) (soft spam, direct and indirect marketing and market research): 24 (twenty-four) months from the last contact with the Company, understood as, for example, the participation in an event organized by the Company, the use of a product or service supplied by the Company, the opening of a newsletter or until your objection to the processing or your request of erasure.
  1. Rights of the Data Subject

With reference to your Personal Data you can exercise, at any time, the rights pursuant to the GDPR as indicated below:

  • Right of Access pursuant to Art. 15: obtain confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the following information: thepurposes of the processing, the categories of Personal Data concerned, the recipients to whom the Personal Data have been or will be disclosed,  the envisaged period for which the Personal Data will be stored, the right to lodge a complaint with a supervisory authority, the existence of the right to request from the controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the data subject or to object to such processing and the existence of automated decision-making;
  • Right to Rectification pursuant to Art. 16: obtain from the controller, without undue delay, the rectification of inaccurate Personal Data concerning you and the right to have incomplete personal data competed;
  • Right to Erasure pursuant to Art. 17: obtain from the controller, without undue delay, the erasure of Personal Data concerning you;
  • Right to Restriction of Processing pursuant to Art. 18:‘restriction of processing’ means the marking of stored Personal Data with the aim of limiting their processing in the future. This will imply the responsibility on the part of the Company to suspend the processing of your Personal Data;
  • Right to Data Portability pursuant to Art. 20:in the event of automated processing carried out in execution of a contract or on the basis of the explicit consent, to receive your Data in a structured, commonly used and machine-readable format;
  • Right to Object pursuant to Art. 21: object to the processing of Personal Data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing;

The Company, moreover, informs you that it is possible to lodge a complaint pursuant to Art. 77with the competent supervisory authority based on your residence, workplace or place of infringement of your rights.

You may exercise your above listed rights by means of a request to be sent by email to privacy@ima.it or by registered post to the Company Headquarters.

Requests relating to the exercise of your rights shall be processed without undue delay and in any event within 30 days from the receipt of the request.

Finally, we inform you that the Data Controller reserves the right to modify or update this information also in order to comply with new obligations imposed by laws or for technical reasons.