Privacy statement refers to information regarding the use of personal data. Pursuant to article 12 of Regulation 679/2016, the information provided to data subjects must be concise, transparent, intelligible, easily accessible, with the use of clear and plain language.

In view of the above, we are providing the information that the European Regulation requires us to supply to you, divided into two macro groups: basic information and additional information.



Data controller:

The Data Controller is the company  ZETASASSI SRL, with registered office in Parma Via Maestri del Lavoro 5/a, 43122, tax ID 02461980373, VAT no. 01606950341, tel. 0039 0521 772808, – the person in charge of receiving and responding to all privacy-related enquiries shall be Eleonora Flore


Purpose of processing and legal basis:

Processing is necessary to effectively execute the sales contract, and only personal data that is strictly  necessary for the execution of the sales contract (i.e. Name,  Surname, Tax ID, address for correct entry in the invoice, destination address for the goods to ensure correct delivery of the goods sold) shall be gathered;

The purpose is the preparation of commercial documentation (quotes, orders, etc.) and tax-related documents (invoices, credit notes) required for the fulfilment of commercial procedures.

Our corporate policy excludes any direct or indirect marketing activity.


Recipients of personal data:

The personal data provided for the above purpose will be processed by our departments to correctly fulfil the orders received and may be communicated to third parties for the following purposes:

-          compliance with tax-related obligations (e.g. chartered accountants);

-          execution of transport contracts (carriers);

-          payment  of agreed price (banks);

Your personal data will NOT be sent to third countries



Storage period:

In compliance with recital 39, Regulation EU 679/2016, which "requires, in particular, ensuring that the period for which the personal data are stored is limited to a strict minimum", we determine such "strict minimum" as the maximum time estimated to allow for possible tax-related inspections (within 31/12 of the fifth year following filing of tax return).


Rights of the data subject:

The data subject protection rights envisaged by Regulation no.679/2016 and their regulatory references are listed in the table below.

Rights of the data subject:.


Right of access


Right of rectification


Right of erasure (to be forgotten)


Right to restriction of processing


Right to data portability


Right to object


Right not to be subject to automated processing


If you  wish to exercise such rights, please send an email to Eleonora Flore with c.c. to and  in the subject line indicate “exercise of privacy right (specify the type as per table above) art. (indicate article number)”


Further information on right to data portability:

The right to data portability has been analysed and illustrated by the Article 29 Working Party, in the Document WP 242, rev. 01 “Guidelines on the right to data portability”, where it is defined as follows:

Article 20 of the GDPR creates a new right to data portability, which is closely related to the right of access but differs from it in many ways.

It allows for data subjects to receive the personal data that they have provided to a controller, in a structured, commonly used and machine-readable format, and to transmit those data to another data controller.

The purpose of this new right is to empower the data subject and give him/her more control over the personal data concerning him or her.

Since it allows the direct transmission of personal data from one data controller to another, the right to data portability is also an important tool that will support the free flow of personal data in the EU and foster competition between controllers.

It will facilitate switching between different service providers, and will therefore foster the development of new services in the context of the digital single market strategy".

The Article 29 Working Party observes that while the right to access is constrained by the format that the controller decides to use when providing the requested information, the new right to data portability under Regulation no. 679/2016 aims to empower data subjects' regarding their own personal data, facilitating circulation, copying or transmission of data from one IT environment to another, whether to their own systems, the systems of trusted third parties or those of another data controller.

The Working Party lists a set of FAQ regarding the new right to data portability.

According to the Art.29 Working Party, data portability includes a set of components, the right to receive and store personal data, the right to transmit personal data from one controller to another data controller, the position of the data controller receiving the persona data, the relationship between data portability and other rights of data subjects.

As regards the structured format, Art.29 Working Party experts observe that the most suitable format will depend on the individual sectors of activity and that the choice of format should always aim for maximum data portability.

Complaints safeguarding fair data processing - Art. 77 Regulation EU 679/2016

"Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. 2The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78."

To this end, we invite you to refer to the web page of the data protection authority in order to obtain further information on the actual exercise of the right to lodge a complaint.



The provision of personal data is required to fulfil the order received, and a refusal could make it impossible to process the order.

We also wish to inform you that processing will be carried out using enterprise software where all the details needed to process the order are entered, along with the information required to comply with bookkeeping and tax-related obligations; quotes, order confirmations, delivery notes and invoices are managed by enterprise software.

All the documentation is printed on paper, filed in locked cabinets, the key to which is kept by Eleonora Flore, with access guaranteed to data processing officers.

Zetasassi Srl has set up an internal IT regulation as well as privacy guidelines and the company's staff attend IT update courses.




Given that the provision of personal data is required to correctly process the order received and that refusal could make it impossible to fulfil the order, I, the undersigned, __________________________, having received the information provided in the above notice, in my capacity as data subject:


         give my consent              do not give my consent

to the processing of the personal data strictly required for correct processing of the sales contract as illustrated in the above notice to data subjects.





Legible signature