Dear customer/supplier, this is to inform you about the update of your personal data processing by our Company according to European Regulation regarding personal data protection, Reg. 679/2016/UE (“GDPR”).


1. Data Protection Controller

OCREV S.r.l. – Via dell'Industria, 28 – 36070 Castelgomberto (VI) - Italia – P.IVA IT 01206650242

The Data Protection Controller has adopted safety measures suitable to protect data against the risk of loss, violation or alteration.

2. Personal data we process, for what scope and on which legal basis

The personal and fiscal data freely informed, directly and/or through third parties, to the Data Protection Controller, are processed in a legal way and according to correctness, following what is established by the Regulation only for contractual and law needs (including protection of our credits and/or rights deriving from each business relation), for the documentation of the activity performed, as well as an efficacy management of the commercial relations, including the specific requirements received through our web site.

The lawful interest chased by the data processing collected in this way is, in particular, the right to exercise our own Company activity, beside the possible protection and safeguard of our own rights.

3. Modalities of processing

The data themselves will be processed through the following modalities:

- recording and storage for the sole purpose already mentioned, therefore for well identified, explicit and lawful scopes;

- use of the same data for further processing operations compatible with said scopes.

Data are organized in paper files and in electronic databases; their processing is performed by using manual devices, PC, telematics instruments and procedures suitable to grant their safety and confidentiality, anyhow respecting the safety measures considered suitable pursuant to principles of GDPR (art. 32).

4. Communication of data to third parties

The personal data will be processed by the Data Protection Controller, by the possible Data Protection Officers, he nominated, and by possible strictly authorized people in charge of the processing. Data may be communicated (when required), to all inspection authority in charge to verify and control the compliance of law fulfillments. Data may also be communicated to external companies/professional studios which give their work assistance and consultant activity and to Data Protection Controller cooperators in accounting, administration, fiscal, tax-related and financial matters, to public administrations for the institutional roles, in the limits established by the law and regulations.

5. Recipient and transfers outside the European Community and automate decisions

Personal data will not be communicated to third parties different from those mentioned under point 4, or re-sold, for any reason. The electronic file is stored in our Company and consequently no data transfer will be done outside Italy. No automate decisional process is performed which may produce effect on the interested parties.

6. Storage time

Personal data processed for the scope mentioned in this informative report will be processed for the whole duration of the contractual relation and also afterward for the fulfillment of legal obligations, for administrative and commercial purpose, as well as evidence purpose, for the whole duration required by the law and, in any case, until the prescription of possible legal actions toward our Company or as safeguard of our Company. Data will not be subject to processing in case of cancellation of the consent as per point 2., unless that the same information is part of other processes of the same Data Protection Controller. In any case at the cancellation of consent, data will not be processed anymore for the purpose of point 2.

7. Rights of Data Subject

As Data Subject, he has the rights of art. 15-21 of GDPR.

He can anytime require to the Data Protection Controller the access to his personal data and the adjustment or cancellation of the same or limitation of the data processing involving himself or to stand against their processing. He has the right to cancel his consent in any moment without compromise the legitimacy of the process based on the consent given before the cancellation and he has the right to propose a claim to a control authority.

8. Modality of rights application

The exert of rights may be done in any moment by sending a communication to the PEC (certified email) address This email address is being protected from spambots. You need JavaScript enabled to view it. or by registered mail to the head office of our Company, specifying in the requirement the right the Data Subject wants to exert, together with a valid email or PEC address where to deliver the feedback.

9. Obligation of data supply

The character of the assignment of data is mandatory so that the Data Protection Controller can perform the existing contract of supply of goods and services. In case of refusal our Company may not be able to fulfill the contractual obligations.