Art. 13 D. Lgs. 30 giugno 2003 n°196 ed Art.13 del Regolamento (UE) 2016/679 – GDPR

This information is provided to customers and natural persons who operate in the name and on behalf of customers legal entities or suppliers, the company ABM Company S.r.l. (hereinafter “ABM“) pursuant to art. 13 Legislative Decree no. 196/2003 and art.13 GDPR 679/2016 – “European Regulation on the protection of personal data” (hereinafter also “GDPR”).

1. Identity of the Owner and contacts

The Data Controller of the data of customers, natural persons, or natural persons operating in the name and on behalf of customers/suppliers legal persons (hereinafter also “Interested Party”), is the company ABM Company S.r.l., C.F./P.IVA IT 11902430153 with registered office in Milan, Via Frua n.9 and operational headquarters in Lainate (MI) Via Rho n.6, 2002, T+ 39 02 9373781, F+ 39 0293790148, e-mail:

Further information on privacy regulations can be found on the following website:

2. Treatment object

The personal data processed are those provided by the interested party on the occasion of:

  • Optelephoned visits at our registered office;
  • requests for information, also viamail;
  • conclusion and execution of contracts;
  • information sutransazioni /invocations.

3. Purpose of treatment

The personal data of customers / suppliers of natural persons, if provided, are processed by the Data Controller for:

  • acquire data and pre-contractual information;
  • manage and control risks, prevent possible fraud, insolvencies or defaults;
  • carry out the necessary operations for the execution of orders and other requests;
  • prevent and manage possible litigation, take legal action in case of need;
  • manage the accounting and fiscal fulfillment;

In addition, they are treated by the Data Controller and the Tax Consultant for:

Manage the administrative, accounting, civil, fiscal obligations;

    • to prepare and submit declarations and documents of a civil, fiscal nature, required by laws, regulations, rules and directives and extra

The personal data of natural persons operating in the name and on behalf of clients/suppliers of legal persons, if provided, are processed by the Data Controller for:

    • forwarding service communications and with different means of communication (phone, cell phone, sms, email, fax, mail);
    • formulare requests or fulfill requests that have been received;
    • exchangeinformation finalized to the execution of the contract relationship,

include them

pre and post contract activities;

    • carry out the necessary operations for the execution of orders and others

Only after specific and separate consent (art.7 GDPR), for the following Marketing Purposes:

  • send by e-mail, mail, sms or through telephone contacts: commercial communications, advertising material about products or services offered by ABM.

4. Treatment Modes

All the treatments, both automatic and manual, carried out by the Owner are in compliance with the regulations contained in the GDPR and the principles enucleated in it and indicated below:

– Lawfulness: ABM will process the personal data of which it is the Data Controller in compliance with the rights of each Interested Party and within the limits of its consent, as well as with the provisions of this policy and any contracts stipulated;

– Minimisation: the Owner will use as little personal data as possible, i.e. only those that are necessary for the processing and purposes described.

– Security: The Owner guarantees the application of security measures suitable for the protection of the data collected and processed and the fundamental freedoms of the Data Subject.

– Correctness: The Owner provides the interested parties with the appropriate tools to verify the truthfulness and updating of their personal data and any changes to them.

– Transparency: the Owner adopts appropriate measures to provide the interested party with all the information related to the processing and facilitates the exercise of his rights.

– Limitation: the Owner collects the data for specific, explicit and legitimate purposes, as stated above, and then keeps them for a period of time not exceeding the achievement of the above purposes.

– Correctness: the Owner takes all reasonable measures to update, delete or correct inaccurate data in a timely manner with respect to the purposes for which they are processed.

– Integrity and confidentiality: the Owner adopts the best data management techniques functional to the best usability of the data through the Site, including protection from unauthorized or unlawful processing and accidental loss, destruction or damage.

Personal Data will be kept only for the period necessary for the purposes for which they were collected and then processed and in any case for no more than 10 years from the termination of the business relationship and no more than two years from the collection of data for the purposes of marketing. After this period these data will be deleted.

5. Recipients of the data

The personal data processed by the Owner will not be disseminated, but may be communicated to workers who work under the Owner and to some external parties who collaborate with them. They may also be communicated, to the extent strictly necessary, to subjects who, for the purpose of fulfilling orders or other requests or providing services related to the transaction or contractual relationship with the Owner, must provide goods and/or perform services on behalf of the Owner. Finally, they may be communicated to persons entitled to access them by virtue of laws, regulations, and Community legislation.

In particular, on the basis of the roles and work tasks performed, some workers have been authorized to process personal data, within the limits of their skills and in accordance with the instructions given to them by the Owner, in full compliance with GDPR.

6. Data transfer

The Data Controller does not transfer personal data to third countries or international organizations. However, it reserves the right to use cloud services; in this case, the service providers will be selected among those providing adequate guarantees, as provided for by art. 46 GDPR. The personal data collected by ABM are stored on servers located in the company.

7. Data retention

The Data Controller keeps and processes personal data for the time necessary to fulfill the purposes indicated. Subsequently, the personal data will be stored, and not further processed, for the time established by the current civil and fiscal provisions.

8.Refusal to provide data.

Clients/suppliers of natural persons cannot refuse to provide the Owner with the personal data necessary to comply with the law governing commercial transactions and taxation.

The provision of additional personal data may be necessary to improve the quality and efficiency of the transaction.

Therefore, the refusal to provide the data necessary by law will prevent the processing of orders; while the provision of additional data could compromise in whole or in part the processing of other requests and the quality and efficiency of the transaction itself.

Persons who operate in the name and on behalf of legal entities may refuse to provide the Owner with their personal data.

However, the provision of personal data is necessary for a correct and efficient management of the contractual relationship. Therefore, any refusal to provide the data could compromise in whole or in part the contractual relationship itself. The provision of personal data for marketing activities is instead optional and, therefore, the interested party is free to provide or not its explicit and separate consent. If the interested party does not accept the processing for marketing purposes, ABM will not be able to send advertising material or simple communications relating to the services offered by the same.

9. Automated decision-making processes.

The Data Controller does not carry out any processing that consists of automated decision-making processes on the data of customers/suppliers natural persons, or natural persons operating in the name and on behalf of customers or suppliers legal persons.

10. Rights of the interested party

The data subject has the right to exercise all the rights provided by GDPR, in particular Articles 9: right of complaint, 15: right of access, 16: right of rectification, 17: right to cancellation/obligation, 18: right to limitation of processing, 20: right to portability, 21: right of opposition. The interested party may exercise these rights by writing to the Data Controller at the above address, or by email, specifying the subject of his/her request, the right he/she intends to exercise and attaching a photocopy of an identity document attesting the legitimacy of the request.

11. Revocation of consent

With reference to Art. 6 of the GDPR, the interested party may revoke any consent given at any time.

However, the processing covered by this information is lawful and permitted, even in the absence of consent, as it is necessary for the execution of a contract to which the data subject is a party (the service provision relationship) or for the processing of his requests.

12.Proposition of complaint.

The interested party has the right to lodge a complaint to the supervisory authority of the state of residence.

    1. How to exercise rights – contact

To exercise one or more of the rights listed above, if not exercisable through the Site, the Interested Party must send a specific request to the e-mail address: