Business Information
HOME COMPANY CONTACT Italy member area
Certified Company
SERVICES PRICE LIST SUBSCRIPTION GUIDE
Certified company business information
latest news

LAW ON PRIVACY

Comas S.r.l. pays the utmost attention to the needs of personal data protection entrusted to it by its interlocutors. It therefore releases the following information on the processing of personal data pursuant to current legislation to protect privacy:

CUSTOMER DATA

Pursuant to art. 13 of the 2016/679 EU Regulation

Comas S.r.l., with head office in Arezzo (AR) via Martiri di Civitella n. 11 (hereafter "Company"), pursuant to and in compliance with the provisions of art. 13 of EU Regulation 2016/679, provides the following information on the processing of personal data of its Customers, as Data Controller.

Categories and types of data collected

The Data processed by the Company may include common data collected for the purpose of concluding the contract with the Customer and / or in the context of execution and / or stipulation of the same.
The processing of personal data of third parties communicated by the Customer to the Company is also possible. With respect to this hypothesis, the Customer stands as an independent data controller and assumes the consequent legal obligations and responsibilities, relieving the Company from any objection, claim and / or request for compensation for damage caused by treatment that should reach the Company from third parties .

Purpose of the treatment

The data are stored, collected and processed as part of the Company's activity in compliance with the current privacy legislation and without the need for a specific consent of the Subject:

  1. for preliminary requirements for the stipulation of contracts;
  2. for the fulfillment of the obligations and the execution of the operations envisaged by the stipulated contracts;
  3. for the execution of the obligations and obligations (administrative, fiscal, accounting, etc.) laid down by the legislation in force;
  4. for sending memorandums and / or explanatory material on services rendered or requested or for carrying out market research or commercial communication;
  5. for the supply of goods and services through a mailing list;
  6. for the sending, directly or through third parties, of marketing and communication services, newsletters and communications for direct marketing purposes through email, fax, paper mail, telephone with operator.

Legal basis of the processing and nature of the provision of data

The legal basis of processing for the purposes 1), 2) and 3) above are the art. 6.1.b) and 6.1.c) of the Rules. The provision of data for the aforementioned purposes is optional, but any failure to provide the data and the refusal to supply them would make it impossible for the Company to execute and / or stipulate the contract and provide the services requested by the same.

The legal basis of the processing of personal data for the purposes 4), 5) and 6) is the art. 6.1.a) of the Rules as the treatments are based on consent; it is specified that the Data Controller may collect a single consent for the marketing purposes described herein, pursuant to the Provisions of the Privacy Guarantor on the subject. The conferment of consent to the use of data for marketing purposes is optional and once conferred, it will be stored up to a maximum of 24 months. Should the interested party wish to object to the processing of the Data for marketing purposes performed with the means indicated herein, as well as revoke the consent given, he may at any time do so without any consequence (except for the fact that he will no longer receive marketing communications) the indications in the "Rights of the Interested" section of this Notice.

Method of treatment

The processing can be carried out using manual, automated, computerized, electronic tools for managing, storing and transmitting data and in any case suitable for guaranteeing security and confidentiality. The data being processed are:

  • processed lawfully and fairly;
  • collected and registered for specific, explicit and legitimate purposes, and used in other processing operations in terms compatible with these purposes;
  • exact and, if necessary, updated;
  • relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed;
  • kept in a form that allows identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

Possible communication and dissemination of data

For the aforementioned purposes, the data may be disclosed to third parties appointed as data controllers pursuant to Article 28 of the Rules and in particular to banks, to companies active in the insurance field, to service providers strictly necessary for the performance of business activities, or consultants of the company, where this is necessary for tax, administrative, contractual or for reasons protected by current regulations or for administrative and / or accounting purposes, according to recitals 47 and 48 and Article 6 of the Rules. Finally, the Data may be shared with authorities, entities and / or subjects to whom the Data must be communicated pursuant to legal provisions or orders of authority. These authorities, bodies and / or subjects will act as independent data controllers. Data will not be disclosed. The updated periodically and complete list of data processors appointed for data processing may be requested by sending an email to the Data Controller at the addresses indicated below.

Data transfer in non-EU countries

Customer Personal Data is stored on servers located within the European Union. Customers acknowledge that, for certain specific operations, and with prior consent or other appropriate legal basis, their Personal Data may be processed within countries outside the European Union.

Data retention period

The Data will be stored on paper and / or computer for only the time necessary for the purposes for which it was collected, respecting the principles of limitation of conservation and minimization referred to in Article 5, paragraph 1, letters c) and e) of Regulation.

The Data will be kept to comply with regulatory obligations and to pursue the above-mentioned purposes, in compliance with the principles of indispensability, non-excess and relevance.

The Company may retain Data after termination of the contractual relationship to comply with regulatory and / or post-contractual obligations in relation to the legal requirements (10 years); subsequently, after the aforementioned reasons for the processing have been lost, the Data will be deleted, destroyed or simply stored anonymously.

Upon request, it is possible to have more information from the Company to the contacts indicated below.

Rights of the interested party

Each interested party (an identified or identifiable natural person) has the right to ask the Data Controller, at any time, to access the data concerning him / her, to correct it or, if necessary, to cancel it or oppose its processing; where applicable, the interested party also has the right to request the limitation of processing in the cases provided for by law, to obtain, in a structured format, in common use and readable by automatic device the data concerning him, in the cases provided for by art. 20 of the Regulations; as well as to propose a complaint to the competent supervisory authority (Guarantor for the protection of personal data), if it considers that the treatment of the data is contrary to the law in force.

Without prejudice to the right of the interested party to make a request for opposition to the processing of their data in which he must give evidence of the reasons justifying the opposition, the Controller reserves the right to evaluate this request, which will not be accepted if there are grounds of legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party.

Data controller and contact details

Pursuant to art. 4 of the 2016/679 EU Regulation, the Company is the owner of the processing of data concerning ist Cusmomers.

All communications and requests must be addressed in writing to the Data Controller, by post to the address of Comas Srl, Via Martiri di Civitella n. 11 - 52100 Arezzo (AR) or forwarded to the address mail@infocomas.it.

Pursuant to Article 37 of EU Regulation 2016/679, the Company has designated its own data protection officer ("Data Protection Officer" or "DPO").

The DPO can be contacted at the following address: dirprivacy@crif.com or PEC at the address crif@pec.crif.com

Last update: 08 September 2022


DATA CONCERNING THE SUBJECTS OF INFORMATION

Information on the processing of personal data for purposes of commercial information.

This information according to the privacy legislation (Legislative Decree No. 196/2003 - Personal Data Protection Code and Regulation (EU) 2016/679 - hereafter 'Regulation') is provided by COMAS S.R.L. located in via Martiri di Civitella n. 11 of Arezzo (AR) p.iva 01209940517 (- hereinafter "our Company") for commercial information purposes in compliance with the Code of Conduct approved by the Authority for the protection of personal data , with Resolution of 17/09/2015, n.479, and published in the GU No. 231 of 10/13/2015.

Source of the processed data

Dear Sir / Madam,
We wish to inform you that, even on the basis of the Territorial Government Office authorization (pursuant to Article 134 of the Consolidated Act on Public Safety), our Company collects and processes both personal data provided directly by the data subjects and some personal data from public registers, lists and archives or contained in deeds or documents that can be known by anyone (held, for example, by Chambers of Commerce or the Revenue Agency) or otherwise generally accessible (as derived, for example, from categorical lists, press news and internet sites that can be consulted by anyone).

Type of data processed

Our Company can acquire information regarding organizational, production, industrial, commercial, economic, financial, property, administrative and accounting aspects related to the activity carried out by economic operators (such as individual or family businesses, small entrepreneurs, professionals, relevant company representatives, etc.), and data referring to natural persons who do not exercise a business or professional activity (in the commercial information are also included data relating, for example, to chamber of commerce records, financial statements, protests and insolvency proceedings, register of extraordinary real estate charges, mortgages surveys as well as any judicial data reported in public sources or generally accessible by anyone).

Where requested by our customers, personal data may be supplemented by research, by post, fax or telephone, at private sources (other companies and economic operators) of additional commercial information, including for example to payment habits of an enterprise or professional in commercial relations with its customers, suppliers or partners. For these aspects, in the information provided by the latter subjects to the interested parties, the possibility of communicating data to companies of commercial information, such as ours, is provided for purposes of verifying the reliability or solvency of the economic operator. This is an accounting information that is processed in aggregate form within our information systems and reports. The acquisition of both sensitive data and information covered by company and industrial secrecy is excluded.

In the cases strictly required by the Code of Ethics, our Company may process data relating to criminal convictions and offenses (Article 10 of the Regulations) from public sources or, under certain circumstances, even from generally accessible sources such as those identified in the previous par. 1.

Purpose of the processing

The data are processed by our company, as the owner, to provide the third parties who request them (our customers) commercial information services that are used to assess the activities, solidity and economic and commercial capacity of a person and to carry out checks in the scope of any commercial relationships in progress or to be established (which, in the absence of correct and complete information, could remain precluded) and to the protection of the relative rights.

Commercial information may also be requested by our customers, also in the form of lists (by sectors or categories), for marketing activities, telephone contacts and postal communications for commercial, promotional and advertising purposes (in compliance with the obligation to disclose and prohibition imposed by the regulations in force for the use of automated systems, such as e-mails, faxes, pre-recorded telephone messages and SMS messages, in the absence of prior consent from the interested parties).

The personal data acquired by our Company may also be the subject of further analysis or statistical processing, both in automated form and through the intervention of experts, in order to attribute an evaluation or judgment, even synthetic or in the form of a score on the degree of reliability solvency or economic and commercial capacity of the undertaking or person concerned and / or the probability of insolvency of an enterprise, taking into account, for example, its overall economic, financial and capital situation as well as previous and current receivables and payables , also in reference to subjects with responsibility or relevant positions.

Legal basis of the data processing

The data processing for the purposes of commercial information described above, even when finalized to formulate, in the terms already specified, a judgment on the solidity, solvency and reliability of the registered subject , is based on the need to pursue the legitimate interests of our Company that lends the services of commercial information and of the clients who request them both to carry out the necessary checks on the economic, financial and assets situation of the interested parties, in the context of protection, prior to the establishment and management of commercial relationships, even pre-contractual, to the supply of goods , performance and services and to the definition of the related payment methods and conditions, and to the fulfillment of the related regulatory obligations, including anti-money laundering, the prevention and fight against fraud and the protection of related rights, including in court.

It is understood that such processing will be carried out in full compliance with the Code of Ethics and applicable law and in compliance with the interests, rights and freedoms of the interested parties, pursuant to art. 6, paragraph 1, let. f), of the Regulations.

Mode and security of the processing

The data are collected mainly through IT tools with appropriate computerized controls to ensure their consistency, completeness and accuracy.

All personal data collected and processed by our Company are stored and protected by appropriate measures of confidentiality and security, even in the case of use of electronic communication systems and networks, and can only be known internally by employees and external collaborators managers or persons in charge of collecting, analyzing, processing and communicating the same data or preparing economic information reports, as well as technical assistance and maintenance of our information systems.

Scope of data communication

Personal data may be communicated, even with telematic tools, exclusively to our customers, established in Italy and abroad, who request them and who will act as autonomous data controllers.

The data are in no case subject to dissemination.

Data retention

The information coming from public sources and relating to negative events dealt with in the terms set out in this Notice, as better detailed in the Code of Ethics, are kept by our Company, for the purpose of providing commercial information services, in compliance with the following time limits :

  • information concerning bankruptcy or bankruptcy proceedings, for a period of time not exceeding 10 years from the date on which the bankruptcy procedure was opened; after this period, the aforementioned information may be further used by our Company, only when other information relating to a subsequent bankruptcy or if a new bankruptcy or insolvency procedure has been initiated referring to the person being registered or to another related party, in this case, treatment may last for up to 10 years from their openings;
  • information concerning prejudicial and register of extraordinary real estate charges and burdens (mortgages and foreclosures) for a period of time not exceeding 10 years from the date of their registration or registration, unless they are canceled before this deadline, in this case it will be kept for a period of 2 years from the cancellation.

Notwithstanding the above, personal data from the sources identified in paragraph 1 above may be retained by our Company, for the purpose of providing customers with commercial information services, for the period of time in which they remain knowable and / or published in such sources according to the provisions of the relevant regulations.

Rights of the interested parties

Finally, we point out that the applicable legislation grants each interested party the right to exercise certain rights at any time, including (i) access rights, aimed at ascertaining whether and which data are being processed by our Company, (ii) correction and updating of inaccurate and incomplete data, (iii) cancellation of data in the cases provided for by art. 17 of the Regulations, (iv) limiting the treatment to the recurrence of the established conditions (Article 18 of the Regulations), (v) notification of corrections, cancellations or limitations by the Company towards subjects to whom the data have been communicated, (vi) to file a complaint with the Authority for the protection of personal data.

The interested party can exercise his right to objection to the processing of commercial information by our Company if he proves, pursuant to art. 21, paragraph 1, of the Regulations, that their interests, rights and freedoms prevail over the legitimate interests of the owner referred to in paragraph 4 above.

The exercise of the right to data portability (Article 20 of the Regulation) must be considered excluded, except for the case in which the processing by our Company concerns data collected directly from the data subject, is done through automated means and is finalized to the execution of a contract between our company and the same interested party.

The interested party may exercise his rights provided that the relative request does not have as its object the rectification or integration of personal data processed by our Company and concerning judgments, opinions or other subjective evaluations, or to indications of behaviors to be held or decisions being taken by our Company.

Through the portal www.informaprivacy.it and the appropriate section dedicated to, each interested party can forward a first request to our company to confirm the presence or not of personal data concerning him in the archive or database of our company, to which, if necessary, he can directly contact, using the specific references indicated below, to exercise the other rights mentioned above.

Data controller and contact details

Pursuant to art. 4 of the 2016/679 EU Regulation, the Company is the owner of the processing of data concerning ist Cusmomers.

All communications and requests must be addressed in writing to the Data Controller, by post to the address of Comas Srl, Via Martiri di Civitella n. 11 - 52100 Arezzo (AR) or forwarded to the address mail@infocomas.it.

Pursuant to Article 37 of EU Regulation 2016/679, the Company has designated its own data protection officer ("Data Protection Officer" or "DPO").

The DPO can be contacted at the following address: dirprivacy@crif.com or PEC at the address crif@pec.crif.com

Last update: 08 September 2022


DATA FOR THE SUBJECTS OF RECOVERY PRACTICES

Information on the processing of data carried out for credit recovery activities on behalf of third parties.

Pursuant to art. 13 of the 2016/679 EU Regulation

Comas S.r.l. with head office in Arezzo (AR) via Martiri di Civitella n. 11 (hereafter "Company"), pursuant to and by effect of art. 13 of EU Regulation 2016/679, provides the following information on the processing of personal data that will be collected, processed and used by the Company itself in the performance of debt collection for third parties.

Categories and types of data collected

The Data referring to the interested party (hereinafter referred to as "Interested") are provided by the subjects who have entrusted the Company with the task of carrying out the debt collection activities (hereinafter the "Customers"); The clients have collected them in turn directly from the Interested parties, their customers and / or debtors, usually within the contractual relationships to which the credits to be recovered are connected, and acquired also through third parties, as well as in the contacts, also by telephone and letters, of the Company with the same Interested parties.

The Company establishes the activity:

  1. as responsible for the processing of the Data pursuant to Article 28 of the GDPR on behalf of the Customers, for which the Company performs the management and recovery of claims by virtue of a public security license issued pursuant to Article 115 of the single text of public security laws. With reference to these treatments, reference is made to the information already provided by the Clients to the Interested parties, typically in the contract;
  2. as data controller, for the activities and processing operations carried out by the Company for the purposes indicated below, with regard to which it intends to provide the additional information below.

Method and purpose of the treatment

The data are collected, processed and archived as part of the activity of credit recovery activities carried out by the Company, following a formal written assignment by our customers:

  1. regulatory, administrative and accounting fulfillment in relation to obligations under the law, regulations or community legislation;
  2. exercise and defense of rights in the event of disputes regarding the Company's operations;
  3. fulfillment of all activities related to debt collection;

The Company does not process any particular data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person , data relating to the health or sexual life or sexual orientation of the person.

The processing can be carried out using manual, automated, computerized, electronic tools for managing, storing and transmitting data and in any case suitable for guaranteeing security and confidentiality.

The data being processed are:

  • processed lawfully and fairly;
  • collected and registered for specific, explicit and legitimate purposes, and used in other processing operations in terms compatible with these purposes;
  • exact and, if necessary, updated;
  • relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed;
  • kept in a form that allows identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

Nature of the contribution

The Company processes the Data of the Interested parties for the aforementioned purposes in order to comply with regulatory obligations related to debt collection activities, whose legal basis for processing is Article 6, paragraph 1, letter b) of EU Regulation 2016/679, and to protect their rights in the case of actions or disputes. In such cases, the consent of the data subjects is not required.

Categories of subjects to whom the data can be communicated

The data can be communicated, in Italy and abroad, only to:

  • natural persons authorized by the Company to process data pursuant to article 29 of the EU Regulation 2016/679 due to the performance of their job duties;
  • service providers, who typically act as data controllers pursuant to article 28 of 2016/679 EU Regulation;
  • the Customers;
  • authorities and public bodies.

No data will be disseminated.

Data transfer in non-EU countries

Personal Data for certain specific transactions relating to debt collection in non- EU countries, and prior consent or other appropriate legal basis could be processed within countries outside the European Union by lawyers appointed for this purpose.

Data retention period

The Data will be stored on paper and / or computer for only the time necessary for the purposes for which it was collected, respecting the principles of limitation of conservation and minimization referred to in Article 5, paragraph 1, letters c) and e) of Regulation.

The Data will be kept to comply with regulatory obligations and to pursue the above-mentioned purposes, in compliance with the principles of indispensability, non-excess and relevance.

The Company may retain Data after termination of the contractual relationship to comply with regulatory and / or contractual obligations in relation to the legal requirements (10 years) ; subsequently, after the aforementioned reasons for the processing have been lost, the Data will be deleted, destroyed or simply stored anonymously.

Upon request, it is possible to have more information from the Company to the contacts indicated below.

Rights of the interested party

Each interested party (lost physique identified or identifiable) has the right to request the Data Controller, at any time, access to data concerning him, correction or, where appropriate, the cancellation of the same or to oppose their treatment; where applicable, the interested party also has the right to request the limitation of processing in the cases provided for by law, to obtain, in a structured format, in common use and readable by automatic device the data concerning him, in the cases provided for by art. 20 of the Regulations; as well as to propose a complaint to the competent supervisory authority (Guarantor for the protection of personal data), if it considers that the treatment of the data is contrary to the law in force.

Without prejudice to the right of the interested party to make a request for opposition to the processing of their data in which he must give evidence of the reasons justifying the opposition, the Controller reserves the right to evaluate this request, which will not be accepted if there are grounds of legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party.

Data controller and contact details

Pursuant to art. 4 of the 2016/679 EU Regulation, the Company is the owner of the processing of data concerning ist Cusmomers.

All communications and requests must be addressed in writing to the Data Controller, by post to the address of Comas Srl, Via Martiri di Civitella n. 11 - 52100 Arezzo (AR) or forwarded to the address mail@infocomas.it.

Pursuant to Article 37 of EU Regulation 2016/679, the Company has designated its own data protection officer ("Data Protection Officer" or "DPO").

The DPO can be contacted at the following address: dirprivacy@crif.com or PEC at the address crif@pec.crif.com

Last update: 08 September 2022


COMAS srl A sole shareholder Company subject to the direction and coordination of CRIBIS Holding S.r.L.
Via Martiri di Civitella, 11 - 52100 - Arezzo - Italy - Phone +39 0575.26125 - Fax +39 0575.26436 - mail@infocomas.com
VAT number 01209940517 - Share capital 100.000,00 € i.v. - © Copyright 2013 Comas S.r.l.

Link

Site map

Privacy Policy | Cookie Policy | Business Ethics Policy