1. Data Controller
Wonder S.p.A., with registered office in via Boschetto, 10, 26100 Cremona, Tax Code and VAT no. 00106500192, hereinafter referred to as "Data Controller", guarantees compliance with the regulations on the protection of personal data by providing the following information on the processing of data pursuant to Art. 13, EU Regulation 2016/679 (General Data Protection Regulation – GDPR) and subsequent amendments.
2. Data processed, purposes and legal bases of the processing
The personal data are collected and processed for the following purposes:
- adaptation to the "European Agreement concerning the International Carriage of Dangerous Goods by Road" or ADR;
- for the fulfilment of further legal obligations or to comply with requests from the judicial authority.
The legal basis of the processing is the need to comply with a legal obligation to which the Data Controller is subject (Art. 6 letter c of EU Regulation 679/2016 – GDPR).
3. Nature of data provision
The provision of the data with respect to the purposes referred to in point 2 letter a and b is optional, but any refusal will make it impossible for the Data Controller to implement the contractual commitments undertaken.
4. Places and methods of data processing and retention times
Data collected by the site are processed at the Data Controller's headquarters.
The data collected will be processed by electronic or automated, computerized and telematic means, or by manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in order to ensure the security of the same.
The data are kept for the time strictly necessary to manage the purposes for which the data are processed ("Conservation limitation principle", Art. 5, EU Regulation 2016/679) or in compliance with the deadlines provided for by current regulations and legal obligations.
In this regard, Art. 193, paragraph 2 of Legislative Decree no. 152/2006 states that copies of the form must be kept for 5 years from the date of their issue.
Periodic verification of the obsolescence of stored data is performed in relation to the purposes for which it was collected.
In any case, the Data Controller practices rules that prevent the retention of data for an indefinite period of time and therefore limits the retention time in compliance with the principle of minimising data processing.
5. Subjects authorised to process data, data processors and communication of data
The processing of the collected data is carried out by internal personnel of the Data Controller for this purpose identified and authorised for the processing according to specific instructions given in compliance with current legislation.
The data collected, within the limits pertinent to the processing purposes indicated and if it is necessary or instrumental to the execution of such purposes, may be processed by third parties appointed as External Data Processors, or, as the case may be, communicated to all subjects necessary for the proper performance of the purposes set out in paragraph 2.
The data collected may be provided in case of legitimate request, only in the cases provided for by law, by the Judicial Authority.
Your personal data will in no case and for no reason whatsoever be disclosed.
The Data Processors and Persons in Charge of the processing in office are identified in the Privacy Document, which is updated on a regular basis.
6. Transfer of Data to Non-EU Countries
The data collected will not be transferred outside the European Union.
7. Rights of the Data Subject
In relation to the Personal Data communicated, the Data Subject has the right to exercise the following rights:
- (Art. 7.3 EU Regulation 679/2016 – GDPR) withdrawal of consent;
- (Art. 15 EU Regulation 679/2016 – GDPR) access and request a copy;
- (Art. 16 EU Regulation 679/2016 – GDPR) request correction;
- (Art. 17 EU Regulation 679/2016 – GDPR) request cancellation ("right to be forgotten");
- (Art. 18 EU Regulation 679/2016 – GDPR) obtain the limitation of processing;
- (Art. 20 EU Regulation 679/2016 – GDPR) receive them in a structured, commonly used and machine-readable format for the purpose of exercising the right to portability;
- (Art. 21 EU Regulation 679/2016 – GDPR) oppose the processing.
Requests relating to the exercise of the user's rights will be processed without undue delay and, in any case, within one month of the request; only in cases of particular complexity and according to the number of requests may this period be extended by a further 2 (two) months.
Last updated: June 1st, 2020