Information Notice on the Processing of Personal Data

Pursuant to EU Regulation No. 679/2016

GAMMAPLAST S.r.l., with registered office in Viale Europa, 12, 33070 – Brugnera (PN),
phone: +39 0434 608192, VAT and Tax Code 01437650938, Email:
info@gammaplast-italia.com
(hereinafter “Gammaplast”, “we”), in its capacity as Data Controller through its legal representative pro tempore,
pursuant to EU Regulation No. 2016/679 (hereinafter, “GDPR”), hereby provides the following information:

1. Purposes of Processing

GAMMAPLAST S.r.l. will process the personal data provided through the CONTACT form on the website, as well as further data acquired during pre-contractual and contractual phases, for the following purposes:

  • to manage communications with customers and potential customers;
  • to manage requests and orders, to plan and carry out activities, provide the requested products and services, and related after-sales services;
  • to comply with obligations under the law, regulations, EU legislation, or orders of the Authorities;

On the basis of the Controller’s legitimate interest, we will process:

  1. analytical data collected from visitors to our website, in order to improve the website, our products and services, marketing, customer relations, and user experience;
  2. personal data acquired during pre-contractual and contractual phases for the management of any complaints and disputes, for credit checks during the pre-contractual phase, as well as to exercise and protect the Controller’s rights, for example the exercise of a right in judicial proceedings;
  3. customers’ personal data to assess the level of satisfaction with the quality of the products and services provided.

2. Methods of Processing

Personal data will be processed by GAMMAPLAST S.r.l. through authorized personnel (duly identified and trained), and duly identified processors, in accordance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and rights of the data subjects.
Data will be processed according to the principles of relevance and non-excessiveness, using paper and electronic tools, ensuring confidentiality and integrity of the data.

3. Possible Recipients / Categories of Recipients of Personal Data

Without the need for explicit consent, personal data may be disclosed, following inspections or audits (if requested), to all supervisory bodies responsible for verifying compliance with legal obligations.

Personal data may be disclosed to companies/professional firms providing assistance, consultancy or collaboration to the Data Controller in accounting, administrative, tax, legal, fiscal and financial matters, to public administrations for the performance of institutional functions within the limits established by law or regulations, and to third-party service providers where communication is necessary for the fulfillment of contractual obligations.

We may disclose the data of our suppliers to end customers and to other suppliers with whom we have a contractual relationship, limited to the execution of the supply.

Personal data may be processed by companies providing services on our behalf (banks or other companies providing payment management services; companies providing shipping/delivery services; companies providing customer support services, market analysis and research services, or IT system maintenance services).

4. Obligation to Provide Data

Providing personal data is optional; however, the requested data is necessary to allow the Controller to properly handle requests and comply with legal obligations. Any refusal to provide data, or provision of incorrect/incomplete information, may make it impossible for the Controller to guarantee the provision of the service or product.

5. Scope of Communication and Transfer Abroad

Processing will take place within the borders of the European Union. Personal Data processed may be transferred to third countries, provided that Standard Contractual Clauses approved by the European Commission pursuant to Art. 46 GDPR are in place, or on the basis of an adequacy decision adopted by the European Commission pursuant to Art. 45 GDPR, to recipients who will process the Personal Data as controllers or processors in compliance with personal data protection laws.

6. Period of Retention of Personal Data

Personal data will be processed and retained for as long as necessary to carry out the requested activity, and also afterwards if required by legal obligations or to protect, assert or defend the rights of the Controller in court.

7. Data Subject’s Rights

The Data Subject has the right:

  • to access, rectify, erase, restrict and object to the processing of their data;
  • to obtain from the Data Controller, without hindrance, the data in a structured, commonly used and machine-readable format, and to transmit it to another data controller;
  • to withdraw consent to processing, without prejudice to the lawfulness of processing based on consent given prior to withdrawal;

The Data Subject may exercise their rights at any time by contacting the Data Controller at the references indicated above.

In accordance with applicable law, in addition to the rights listed above, the Data Subject also has the right to lodge a complaint with the competent supervisory authority by visiting
www.garanteprivacy.it.

Rev. 03, 29-9-2025