INFORMATION ON THE PROCESSING OF PERSONAL DATA
CUSTOMERS AND POTENTIAL CUSTOMERS
(Information pursuant to Articles 13 and 14 of Regulation (EU) 679/2016, known as the GDPR)
Below we provide you with some information that you need to be aware of, not only to comply with legal obligations, but also because transparency and fairness towards those concerned is a fundamental part of our business.
This information is intended for customers and potential customers of T2 WELDING SRL.
Who is the data controller?
The Data Controller ofyour personal data is T2 WELDING SRL (VAT number IT05632850284), with registered office in Via Bacchiglione, 22/1 – 35030, Cervarese Santa Croce (PD) – Italy, which is responsible for the legitimate and correct use of your personal data and which you can contact for any information or requests at the following addresses: info@t2welding.com, t2welding@pec.it
Where is the data collected?
The data processed is communicated by you and/or by third parties, such as public authorities and bodies (e.g., Chamber of Commerce) and/or collected from publicly accessible sources.
What data processing is carried out?
Your personal data is collected and processed, both automatically and manually, as specified below.
Sale and commercial activity prior to sale
| Purpose and legal basis | – Promotional activities, based on the performance of a contract and/or pre-contractual measures, legitimate interest – Offer of products and services, based on the performance of a contract and/or pre-contractual measures, legitimate interest |
| Categories of data | Personal details, contact details, address details, details relating to purchases or use of services |
| Storage time* | 10 years from the relevant year |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, authorities and public administrations with respect to which there is a legal obligation to communicate data. |
Customer management
| Purpose and legal basis | Follow up on requests from customers or potential customers and manage pre-contractual or contractual obligations, based on the execution of a contract and/or pre-contractual measures. |
| Categories of data | Personal details, contact details, address details, payment details, details relating to purchases or use of services |
| Storage time* | 10 years from the year of the contract or from the termination of the effects of the last contact |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, Banks, authorities, and public administrations with respect to which there is a legal obligation to communicate data. |
Customer support
| Purpose and legal basis | Allow the exercise of the right of guarantee, based on the execution of a contract and/or pre-contractual measures, legal obligation |
| Categories of data | Personal details, contact details, data relating to purchases or use of services |
| Storage time* | 10 years from the year in which the right was exercised |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes stated by the data controller. |
Warranty
| Purpose and legal basis | Allow the exercise of the right of guarantee, based on the execution of a contract and/or pre-contractual measures, legal obligation |
| Categories of data | Personal details, contact details, data relating to purchases or use of services |
| Storage time* | 10 years from the year in which the right was exercised |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes stated by the data controller. |
Activity planning and control
| Purpose and legal basis | Planning of activities, based on the legitimate interest of the Data Controller in carrying out business activities |
| Categories of data | Personal details, Contact details, Data relating to work activities, Data relating to purchases or use of services |
| Storage time* | 10 years from the year the data was acquired |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes stated by the data controller. |
Quality of service
| Purpose and legal basis | Verify the quality of the service, based on legitimate interest to verify compliance with internal procedures. |
| Categories of data | Personal details, contact details, address details, details relating to purchases or use of services |
| Storage time* | 10 years from the year in which the last contract ceased to have effect |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes stated by the data controller. |
Accounting
| Purpose and legal basis | – Keeping accounting records, based on a legal obligation – Tax compliance, based on a legal obligation |
| Categories of data | Personal details, Contact details, Address details, Payment details, Work-related details, Details relating to purchases or use of services |
| Storage time* | 10 years from the year in which the last contract ceased to have effect |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, Authorities and public administrations with respect to which there is a legal obligation to communicate, Data processors appointed pursuant to Art. 28 of EU Reg. 2016/679 (see register of data processors), other subjects for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, Banks |
Management control
| Purpose and legal basis | Internal management control, based on legitimate interest in the exercise of business activities |
| Categories of data | Personal details, Contact details, Work-related details |
| Storage time* | 10 years from the relevant year |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, banks, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes stated by the data controller. |
Invoicing and delivery notes
| Purpose and legal basis | Shipping of documents and goods, based on the execution of a contract and/or pre-contractual measures |
| Categories of data | Personal details, Contact details, Address details |
| Storage time* | 10 years from the year in which the last contract ceased to have effect |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, Banks, authorities, and public administrations with respect to which there is a legal obligation to communicate data. |
Creation and subsequent publication/dissemination of multimedia content
| Purpose and legal basis | Creation, use, and publication/dissemination of multimedia content, in whole or in part, based on the consent of the data subject. |
| Categories of data | Personal details, contact details, multimedia content (including photos and videos) |
| Storage time* | The data will be stored, unless disclosed, until consent is revoked or an explicit request for deletion is accepted. In any case, once the purpose for which the data was collected no longer applies, it will be deleted. |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes stated by the data controller. |
**Consent is always optional and may be revoked at any time. You may contact the Data Controller using the contact details provided above.
*In addition to the time required for the limitation periods relating to mutual rights to expire and the backup retention period.
In addition to the above, as part of activities functional to the proper management of the organization, your personal data will also be processed by duly authorized internal or external personnel for:
1) the management and maintenance of the network and IT systems, when the processing is carried out using even partially automated methods (e.g., when the data passes through the IT systems of T2 WELDING SRL), based on the legitimate interest in protecting them and for obligations relating to information security; the data is stored in accordance with security implementations and the provisions for the main processing referred to above;
2) managing compliance activities, including personal data protection requirements, as required by law, in accordance with the storage times provided for the main processing referred to;
3) to prevent and detect abuse and to defend the rights and interests of the Data Controller, storing them until the expiry of the limitation periods, except in the event of litigation (in which case, the data will be stored until the final resolution of the dispute), based on the legitimate interest of the Data Controller in protecting its rights and interests;
4) to verify compliance with procedures and quality standards based on the legitimate interest of the Data Controller in pursuing control and efficiency within the Organization, in accordance with the retention periods provided for by applicable regulations, including voluntary ones, and internal procedures.
Are there any automated processes?
The processing is not based on automated decision-making.
Is it mandatory to provide data?
Except for purposes based on consent, the provision of your data is a necessary requirement: failure to provide the data indicated as mandatory could entail legal and contractual consequences. Therefore, in case of failure to provide such data, you may not obtain the expected result or obtain it only partially.
Are data transferred outside the European Union?
The processing of personal data (e.g., storage, archiving, and retention of data on our servers or in the cloud) will be limited to the circulation and processing of personal data within countries belonging to the European Economic Area, with an express prohibition on transferring them to non-EU countries that do not guarantee (or lack) an adequate level of protection, i.e., in the absence of the safeguards provided for in EU Regulation 2016/679 (third country deemed adequate by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).
What are your rights?
● You have the right, in accordance with Articles 15 et seq. of EU Regulation 2016/679, to request access to your personal data from the Data Controller, as well as their correction and deletion or erasure;
● You also have the right to request data portability or restriction of processing;
● You have the right, for reasons related to your particular situation, to object to the processing of your personal data based on legitimate interest;
● You have the right to view the essential contents of any joint controller agreements signed;
● For processing based on consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal;
● You may also lodge a complaint with the Italian Data Protection Authority, located at Piazza Venezia 11, 00187 – Rome – protocollo@pec.gdpd.it.
To exercise your rights or request additional information, you may contact the Data Controller using the contact details provided above.
Can the information in this policy change?
We reserve the right to update our Personal Data Processing Policy. Any changes will be communicated in the manner deemed most appropriate and we will update the date in this Privacy Policy. Therefore, we recommend that you consult our Personal Data Processing Policy periodically, including by requesting a copy from the Data Controller.
Last update: December 20, 2025
