This information is provided to customers, whether natural persons or persons acting on behalf of customers who are legal persons of TOMPOMA SRL by article 13 GDPR 679/2016 – “European Regulation on the Protection of Personal Data”.

Owner identity

The Data Controller of the data of customers who are natural persons or of natural persons acting in the name and on behalf of customers who are legal persons is TOMPOMA SRL with registered office in via Baiettini, 19-28921-Verbania.

 Contatti del Titolare
Il Titolare potrà essere contattato, per questioni relative al trattamento dei dati, ai seguenti recapiti:
Posta ordinaria: via Baiettini, 19-28921-Verbania
Telefono: 0323010128

 Owner contacts
The Data Controller may be contacted for matters relating to data processing at the following addresses:
regular mail: via Baiettini, 19-28921-Verbania
telephone: 0323010128

 Data source

The personal data processed are those provided by the data subject during:

  • visits to premises;
  • visits to trade fairs, events, exhibitions;
  • interactions through the website;
  • information requests, including by email;
  • previous transactions.

 Purpose of processing
Fiscal fulfilments, organisational management and bureaucratic fulfilments of the services requested. Management of negotiations and pre-contractual relations. Management of business activities.

Finally, all the personal data of the aforementioned interested parties will be included in the Data Controller’s archives and used (by article 130, paragraph 4 of legislative decree 196/2003 and by the General Provision of the Garante G.U. (Provvedimento generale del Garante G.U) number 188/C of July 1, 2008, wording 6, points a, b, c) to send communications concerning products, services, news and promotions.

 Legal basis
The legal basis is the performance of a contract in which the data subject takes part or the performance of pre-contractual measures taken at the request of the data subject. Some processing is carried out in the legitimate interest of the Data Controller (promotion of its commercial activities and pursuit of statutory purposes).

 Data recipients
The personal data processed by the Data Controller will not be disseminated, i.e. they will not be disclosed to unspecified persons in any possible form including by making them available or consultable. On the contrary, they may be communicated to workers employed by the Data Controller and to some external subjects who collaborate with them. They may also be communicated, when strictly necessary, to subjects who, for processing purchases or other requests or services relating to the transaction or contractual relationship with the Controller, must supply items and/or perform services. Finally, they may be communicated to the subjects entitled to access them by provisions of law, regulations and EU legislation. In particular, based on the roles and duties performed, some workers have been authorised to process personal data within the limits of their competence and by the instructions given to them by the Data Controller.

 Data transfer
The Data Controller does not transfer personal data to third countries or international organisations. However, the Data Controller reserves the possibility of using cloud services. In that case, service providers will be selected from among those who provide adequate guarantees, by article 46 GDPR 679/16.

 Data retention
The Data Controller shall retain and process personal data for the time necessary to fulfil the purposes indicated. Thereafter, the personal data will be stored, and not further processed, for the time established by the applicable civil and tax provisions.

Data subject’s rights
Concerning art. 7 of legislative decree 196/2003 and to art. 15 – right of access, 16 – right of rectification, 17 – right to cancel, 18 – right to restriction of processing, 20 – right to portability, 21 – right to object, 22 right to object to automated decision-making of the GDPR 679/16, the data subject shall exercise their rights by writing to the Data Controller at the above address or by email specifying the subject of their request, the right they intend to exercise and attaching a photocopy of an identity document certifying the legitimacy of the request.

 Consent withdrawal
Concerning art. 23 of legislative decree 196/2003 and art. 6 of GDPR 679/16, the data subject may revoke at any time any consent that may have been given. However, the processing referred to in this notice is lawful and permitted, even in the absence of consent, insofar as it is necessary for the performance of a contract to which the data subject is a party (the supply relationship) or the fulfilment of their requests.

The data subject has the right to complain to the supervisory authority of their country of residence.

Refusal to provide data
Customers, who are natural persons, may not refuse to provide the Controller with the personal data required to comply with the legal regulations governing commercial transactions and taxation. Providing further personal data may be necessary to improve the quality and efficiency of the transaction. Therefore, refusal to provide the data required by law will prevent orders from being processed, while the provision of further data may compromise the processing of other requests and the quality and efficiency of the transaction in whole or in part.

Persons acting on behalf of customers who are legal persons may refuse to provide the Controller with their data. However, the provision of personal data is necessary for the proper and efficient management of the contractual relationship. Therefore, any refusal to provide personal data may compromise the contractual relationship in whole or in part.

 Automated decision-making processes
The Data Controller does not carry out processing operations consisting of automated decision-making processes on the data of customers who are natural persons or of natural persons acting in the name and on behalf of customers who are legal persons.