INFORMATION REGARDING PRIVACY - pursuant to EU REG 2016/679 - G.D.P.R. art.12,13,14.
We would like to inform our customers/suppliers (data subjects) and their contact subjects (hereinafter referred to as “data subjects” ex Art.4, para.1 of the GDPR) that professional relations established with us, the Data Controller, may entail the processing of personal data, in observance of the following general principles:
DATA TO BE PROCESSED
The Data Controller processes the customer’s/supplier's personal identification data (e.g. Name, surname, company name, personal/fiscal details, address, telephone number, email, bank and payment details) as well as those of their operational contacts (name, surname and contact details) acquired and used in the realm of providing the services supplied by the Data Controller.
LEGAL BASIS AND PURPOSE OF PROCESSING
The data are processed for the purpose of:
Non-transmission of the above data will make it impossible to establish a relationship with the Data Controller. The above purposes, pursuant to article 6, paragraphs b, c, f, are suitable legal basis for the legality of data processing. If processing is to be carried out for different purposes, specific consent will be requested from the data subjects.
Personal data are processed using the operations stated in article 4 no. 2) GDPR and specifically: collection, registration, organization, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Personal data are processed on paper, electronically and automatically. The Data Controller will process the personal data for the time required to fulfil the purposes for which they have been collected and relative legal obligations.
REALM OF PROCESSING
Data are processed by internal subjects correctly authorised and trained to do so pursuant to Article 29 of the GDPR. It is possible to request the realm of communication of personal data, receiving precise indications about any external subjects that work as autonomous data processors or controllers (consultants, technicians, banks, transport firms etc). Personal data may be the subject of intercompany communications between companies in the Group. The data are not subject to diffusion or transfer to non-EU countries. Should it be necessary, during calls for tender or while carrying out regulatory obligations (e.g.: joint responsibility, anti-corruption, anti-Mafia, anti-laundering etc),to acquire personal data regarding employees, the parties agree that we will be authorised to process said data as external data processors (Article 28 GDPR) or as authorised subjects (Article 29 GDPR). Within said relationship, this company undertakes to process said data in full observance of the requirements of compliance as set out in the GDPR, guaranteeing any communication to other subjects solely within the realm of specific legal obligations.