Privacy policy in accordance with the European regulation on data protection 2016/679
(GDPR - General Data Protection Regulation)
 
Pursuant to articles 12 and following of the GDPR
 
WE INFORM YOU THAT
our cooperative society Alpha & Beta processes the personal data of clients, suppliers, collaborators, members and other parties who communicate their data to our offices intentionally (orally, in written form, also via fax or email or through our internet pages), as well as those of people whose data are collected from third parties, for example when collecting details for commercial operations or from public contact lists and so on.
 
Our company is therefore a data controller according to data protection legislation and the legal basis for data processing is based on the framework of article 6, section 1, of the GDPR.
In line with the provisions of this legislation, our company guarantees that the processing of personal data will occur with due regard for the fundamental rights and freedoms, as well as the dignity of the party involved, with particular attention being paid to privacy, personal identity and to the right to protection of personal data. The protection and processing of personal data occurs mainly through digital media and procedures. The systems of these procedures are described in detail in a specific security document (DPS).
 
Aims of the acquisition and processing of data:
Personal data is acquired and processed in the following circumstances:

1. the processing is necessary for the stipulation of a contract which includes the concerned party or for the implementation of pre-contractual measures requested by the concerned party;
2. the processing is necessary in order to fulfill a legal obligation which the controller is subject to;
3. the processing occurs in order to send business information and advertising material (via post, fax, sms or email), as well as in order to carry out surveys among clients, market research etc.;

For the objectives expressed in points 1 and 2 the communication of data is obligatory. Any refusal to comply entails the partial or total impossibility of carrying out the contractual or legal obligation. “Sensitive data” (particular categories of personal data) are necessary exclusively to comply with legal or contractual obligations and are acquired solely in the cases listed in article of 9 the GDPR. In these cases, explicit consent is required.
For the objectives expressed in point 3 the consent of the concerned party is necessary.
 
Data communication:
In relation to the aims described above, your personal data will be communicated, when necessary, to:

• those people responsible for the processing of data on behalf of the controllers (article 28 GDPR), and to any persons, natural and/or legal, public and/or private (legal or commercial advice firms, courts, chambers of commerce, insurance companies, etc.), when the communication is necessary or expedient to the carrying out of our activities and in the ways and for the aims above mentioned;
• public administration and welfare institutions for the execution of their institutional functions according to the law, as well as trade unions for the aims prescribed by collective contracts;
• credit institutions which our company has relations with for credit/debts management and for financial mediation; 
• contractual or cooperating partners with which we carry out events or business operations, insofar as this communication of personal data is necessary for the proper operation of our common activities. These partners may also be in non-EU countries where there are agreements regarding data protection.
• legal entities providing services related to the maintenance and management of information technology systems which can also include cloud computing;
• digital platform operators in the case of online teaching, online meetings and teleworking.

Data deletion and retention periods
The personal data of the concerned party will be deleted as soon as the company no longer requires it for operational purposes, unless laws and national prescriptions, to which the controller is subjected, prescribe a longer conservation period. The deletion of data also occurs when the period of conservation prescribed by the above mentioned laws comes to an end, unless further storage of the data is necessary due to the stipulation or fulfillment of a contract.

Rights of the concerned party
European legislation regarding data protection gives the concerned parties the possibility to exercise extensive rights: the right to obtain from the controller information regarding their personal details (art. 15); the right to obtain the correction (art. 16), erasure (art. 17) or the restriction of the processing of their data (art. 18); the right to object to data processing (art. 21), and, furthermore, the right to data portability (art. 20); the right to revoke, at any given moment, their consent to personal data processing (art. 7 and 8), and, finally, the right to file a complaint with the supervisory authorities (art. 77).
Except for the right to file a complaint with the authorities, the concerned party can exercise their above mentioned rights by directly contacting the controller (alphabeta@pec.it).

The controller of the data
The controller of the data is: Alpha & Beta Cooperative Society, with legal headquarters at Piazza della Rena 2, 39012 Merano and registered at the Chamber of Commerce of Bolzano, nr. 01374810214, the Cooperatives Register of Bolzano, n. A145621, fiscal code and VAT registration number: 01374810214.
 
Merano, 28.05.2023        ALPHA & BETA Cooperative Society, Dr. Ingeborg Mahlknecht (legal representative)