Policy and request for consent to processing of personal data pursuant to article 13 of EU Regulation 2016/679
Dear Sir/Dear Company
In compliance with obligations pursuant to EU Regulation 2016/679 governing protection of personal data (“Regulation”) we herein inform you that Mahindra Europe Srl, Single Member Company with registered office in Via Cancelliera, 35 – 00072 Ariccia (Rome) (“Company”) will process personal data which concerns you and which has been or will be communicated to us by yourself of others.
Data will be processed pursuant to laws in force and the following provisions.
1. Scope of processing of personal data
Personal data will be processed exclusively for the following purposes:
a. for reasons preliminary to stipulating sales contracts, for implementing same and for protection of credit situations arising therefrom;
b. to fulfil any kind of obligation pursuant to laws or regulations in force, more specifically for tax compliance;
c. for operating, management and accounting purposes;
d. for registration to gain access to the Company’s website or that of supplier companies and for use of services provided by such site;
e. to monitor relations with clients and/or risks connected and to improve such relations;
f. to provide after sales services and recall or other commercial activities;
g. for commercial and strategic or operating marketing reasons.
2. Data processing method
Data processing could, besides collection of data, involve its registration, preservation, modification, communication, cancellation, disclosure etc. and will be made both in hard copy as well as using electronic means through suitable systems and tools which safeguard the security and confidentiality thereof, pursuant to article 32 of the Regulation. More specifically, all technical, IT, organisational, logistic and procedural safety measures will be adopted in such way that an adequate level of protection is guaranteed on the data as provided
by law. Moreover the methods applied ensure that access to data is given only to persons authorised to process the data by our Company.
3. Nature of provision of data
Provision of data is:
a. Obligatory to fulfil legal obligations and in observance of other binding regulations;
b. Necessary for the proper establishment and maintenance of the relationship established with you.
c. Optional with respect to commercial information or advertising material. In this case refusing consent will not prejudice implementation of the contract.
Should you refuse to provide data as per point a) and b), even legitimately, this may prejudice your relations with our Company and could in particular make it impossible for us to process your orders and to provide services and invoice them.
4. Communication and disclosure of data
Personal data collected for the purposes pursuant to point 1 above may only be disclosed to third parties for the following reasons:
a. if it is obligatory to ensure compliance with legal or other binding provision;
b. if it is obligatory to ensure proper establishment and maintenance of the business relationship with you.
Personal data provided may be disclosed to persons appointed pursuant to article 28 of EU Regulation 2016/679 who will process the data as processors of data and/or in their capacity as natural persons acting on behalf of the Data Controller or the Processor for the execution of the contracts or the implementation thereof. In other words, data may be divulged to persons pertaining to the following categories: the sales network and assistance network of our Company, banks and companies specialised in managing payments, law firms and consultancy companies, our auditors, public and administrative bodies for compliance with law, financing companies and transport companies and third parties appointed to carry out quality control on the logistic-commercial flow, companies which provide vehicle breakdown service, external companies providing guarantee extension services, software companies to manage the Company’s website and databases. If you give your consent to processing data for marketing purposes, your data could be communicated to third companies to enable these to undertake marketing activities. Your personal data will not be disclosed.
5. Transfer of data
Within the limits strictly necessary for execution of the contractual relationship with you, your personal data could be communicated to third parties situated abroad, both within and outside the European Union, for example to the parent company Mahindra & Mahindra Ltd. The Company hereby guarantees that transfer of data outside the EU will be made in line with the applicable legal provisions, subject to acceptance of standard contract provisions as prescribed by the European Commission.
6. Criteria or period of Data preservation
Pursuant to article 5, section 1, letter e) of EU Regulation 2016/679, personal data collected will be preserved in such form that allows identification of the data subjects for a period not exceeding that necessary for the purposes for which the personal data is processed and in compliance with legal provisions governing preservation of data for legal, tax and accounting purposes.
7. Data Controller and Data Processor
The Data Controller is the undersigned company, with registered office in Ariccia at Via Cancelliera, 35.
8. Rights of the data subject
You may enforce your rights pursuant to articles 15, 16, 17,18,19, 20, 21, 22 of EU Regulation 2016/679 by referring to the Data Controller:
Mahindra Europe Srl, Single Member Company with registered office in Via Cancelliera, 35 – 00072 Ariccia (Rome) or by writing to [email protected] .
You have the right at any moment to request the Controller access to your personal data, that such data is amended or deleted and to limit its processing.
Moreover you have the right at any time to object to processing of your data (including automated processing, for example profiling) as well as to data portability.
Without prejudice to recourse to administrative or judicial proceedings, should you consider that processing of your personal data is in breach of the provisions of EU Regulation 2016/679, pursuant to article 15, letter f) of the above referred to EU Regulation 2016/679, you have the right to appeal to the Garante per la protezione dei dati personali (Italian supervisory authority) and with reference to article 6, paragraph 1, letter a) and article 9, paragraph 2, letter a) – at any time, you have the right to withdraw the consent given.
In the event of a request for portability of data the Controller will provide you with your personal data in a commonly used and readable structured format from an electronic device, without prejudice to sections 3 and 4 of article 20 of EU Regulation 2016/679.
Consent to process data
Finally, please note that your consent to process your personal data in the manner and for the scope described above is at your discretion and solely covers processing for marketing or commercial purposes.
Should you refuse to provide consent, our Company will process your data for the purposes of implementing the contract pursuant to law and other regulations in force.
The Regulation provides that personal data is processed with the consent of the data subject except as specifically indicated. For this reason we kindly ask you to promptly return the enclosed consent form as evidence of receipt of the information provided in this policy as well as by way of consent to processing of your personal data.
Mahindra Europe Srl – Unipersonale – Via Cancelliera, 35 – 00040 Ariccia (Rome) – Italy – P.iva/cod.fisc. 07206571007 C.C.I.A.A. di Roma – R.E.A. n° 1018401 – Cap. Soc. € 1.421.151,00 i.v.