GDPR Disclosure

Dear Sirs,

As of May 25, 2018, the amendment to the provisions concerning the protection of personal data will come into force. On that date, the General Data Protection Regulation of April 27, 2016 (hereinafter referred to as "GDPR") will come into force. Therefore, we are sending this privacy notice to our customers and potential customers to provide some information on how our company processes your personal data.

Data Controller

The controller of your personal data, and therefore the entity that determines the purposes and methods of processing your personal data, is the company Borz SRL Via del Garda 42 38068 Rovereto Trento (hereinafter: BORZ.IT). The provision of data is voluntary, however, it is necessary for the conclusion of the contract and the subsequent realization of the service.

Information on the processing of personal data

Regarding personal data protection, you can contact the Data Protection Authority at info@borz.it or by writing to our registered office address.

Data Acquisition and Purpose of Processing

The processing of your personal data is necessary for the performance of the stipulated contract, i.e., for the provision of the service (in accordance with Article 6, paragraph 1, letter b) of the GDPR), including for:

  • User registration in the order submission system and provision of user support, including presenting product offers and fulfilling orders (pursuant to Article 6, paragraph 1, letter b of the GDPR);
  • Examination of reports and complaints (pursuant to Article 6, paragraph 1, letter c) of the GDPR);
  • Presentation of claims associated with the stipulated insurance contract (pursuant to Article 6, paragraph 1, letter f) of the GDPR), where the legitimate objective is the right to assert claims;
  • For archiving purposes (pursuant to Article 6, paragraph 1, letter c) of the GDPR);
  • For statistical purposes (pursuant to Article 6, paragraph 1, letter f) of the GDPR) where the legitimate purpose of the controller is to have information on the statistics of actions carried out by our company, to allow us to improve our business.

Furthermore, legal provisions require us to process your data for tax and accounting purposes.

In addition, your data may be processed for marketing purposes, i.e., to promote our products and services. If this occurs without the use of electronic communication means, the legal basis for carrying out such activities will be Article 6, paragraph 1, letter f) of the GDPR, where the legitimate purpose of the controller is the conduct of marketing activities. Whereas, if electronic communication means such as email, telephone are used for these activities; in consideration of other applicable legal provisions, the data will be processed only based on your consent (pursuant to Article 6, paragraph 1, letter a) of the GDPR).

Recipients of Data

Your personal data may be communicated to other entities that process your data on their own behalf, including, but not limited to:

  • Entities carrying out shipping or express courier activities;
  • Banks – for the return of undue amounts;
  • Public bodies or other entities authorized by legal provisions, to fulfill the obligations imposed on our company (Tax Office, law enforcement, etc.);
  • Entities managing our tele-IT systems (hosting companies, IT service providers);
  • Entities providing our company with legal, accounting, tax, or consulting services.

Data Storage Period

Your personal data will be stored until the expiration of the contract term (service provision), as well as after its completion:

  • Data present in contracts – until the claims arising from the contract expire (for a maximum period of 10 years from the date of completion of the contract execution);
  • For purposes arising from legal provisions, particularly in relation to the obligation to archive accounting documents, issue invoices, etc.;
  • Documents relating to warranty and legal guarantee will be kept for 1 year after the expiration date of the legal guarantee or from the examination of the complaint;
  • Data for marketing purposes:
  • in case of data processing based on consent – until its withdrawal;
  • in case of data processing based on the legitimate interest of the company BORZ.IT – until the objection is submitted;
  • Data transmitted via the contact form – until the end of the decay period for any claims (maximum 3 years).

Rights in relation to processed data

You have the right to access the content of your data and to rectify, erase, restrict processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (if processing is based on consent).

Furthermore, if you believe that our processing violates the provisions of the GDPR, you have the right to lodge complaints with the data protection supervisory authority.

Automated Data Processing (Profiling)

Your personal data will be processed in an automated manner (including profiling), however, this will not produce any legal effects or similarly affect your situation.

The profiling of personal data by BORZ.IT consists of processing your data (also in an automated manner), by using them to evaluate certain information, in particular for the analysis or prediction of personal preferences and interests.