CAPITALE € 50.000,00 INTERAMENTE VERSATO
SABBIATURE, VERNICIATURE E TRATTAMENTI PROTETTIVI PER L’INDUSTRIA
C.C.I.A.A. Brindisi N. 57591 Tribunale xx Xxxxxxxx Reg. Soc. 3634
Codice Fiscale e P.IVA: 01252400740
CAPITALE € 50.000,00 INTERAMENTE VERSATO
“SABBIATURE, VERNICIATURE E TRATTAMENTI PROTETTIVI PER L’INDUSTRIA”
Information for the processing of personal data of customers and suppliers
according to European Regulation n.679 / 2016
Dear interested,
Xxxxxx xxx (hereinafter the "Organization" or the "Data Controller"), owner of the processing of personal data, provides below the privacy policy pursuant to art.13 of Regulation (EU) 2016/679 (hereafter "GDPR"), to the interested parties (hereinafter the "Interested parties").
The organization, as the data controller, undertakes to protect the confidentiality and rights of the interested party and, according to the principles dictated by the aforementioned standards, the processing of the data provided will be based on principles of correctness, lawfulness and transparency..
1. PURPOSE OF THE TREATMENT
The personal data you provide, both before and during operations that regulated the relationship between our companies, are collected and used within the limits established by law and regulations, for:
a) the execution of legal obligations deriving from the contract for the supply of services or the sale of material;
b) to fulfill specific requests regarding pre-contractual and contractual obligations;
c) for administrative management: active invoicing, passive billing, estimates, order collection, order management and services;
d) for the management of any judicial and extra-judicial litigation;
e) for the periodic management of communications to and from credit, financial and insurance institutions;
f) to make payments: presentation of portfolios, bank transfers, issue of credit notes;
g) for the production of statistics, management control, industrial accounting.
Those involved in the processing must also be considered as natural persons such as administrators, employees and collaborators who work on behalf of the client company or supplier. The personal data of the data subjects (personal data, telephone contact data and e-mail addresses) concern only those processed for the purposes described above.
The provision of data is optional, however, failure to provide data and / or any refusal to process the data will make it impossible for the Owner to act on the contractual relationship between the parties.
The processing of data is lawful pursuant to art. 6 GDPR letters b) and c) since the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures taken at the request of the same; the processing is necessary to fulfill an obligation to which the data controller is subject.
pag. 1/4
Sede legale: Xxx Xxxxxxx Xxxxxx, 0/A 7 2 1 0 0 B R I N D I S I
Tel. 0000.000000 - Fax 0000.000000
As the purpose falls within the legal / economic management of the contractual relationship, the consent of the Data Subject is not necessary for data processing.
2. PROCESSING METHODS
The data will be processed with manual, electronic, IT, stored on computer, electronic, cloud, as well as on any other type of appropriate support, in compliance with the security measures pursuant to (art.32 GDPR).
The processing of your data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
The organization adopts specific policies for the processing, storage and destruction of data both computer and paper and, in carrying out the processing activities, the owner agrees to:
- ensure the accuracy and updating of the processed data and promptly incorporate any adjustments and / or additions requested by the Data Subject;
- adopt suitable security measures to guarantee adequate data protection, considering the potential impacts that the treatment involves on the fundamental rights and freedoms of the interested party;
- notify the interested party, in the times and in the cases provided for by the binding legislation, of any violation of personal data;
- guarantee the compliance of processing operations with the applicable provisions of the law.
3. COMMUNICATION AND DIFFUSION OF DATA
Without prejudice to the communications made in fulfillment of legal obligations, the personal data of the interested party may be known, in addition to the Data Controller, by:
- Employees and collaborators of the Data Controller as authorized data processing personnel;
- administrative / accounting and business organization consultants;
- authorities in general, administrations, public bodies and organizations;
- supplier companies appointed by the Owner for the realization of services or products subject to contract with the interested party;
- Information Technology service providers.
The list or names of such contacts are available to him at the administration office of the writer. In any case, the prohibition to communicate or disclose your personal data to persons not necessary for the performance of the services remains in place.
4. TRANSFER ABROAD
Personal data will be stored and processed within the European Union, including on third-party cloud servers located within the European Union.
In the event of any processing of personal data outside the European Union, the same will occur only after adoption of adequate guarantees, as required by the binding legislation.
5. DATA CONSERVATION POLICY
The Company will process the data of the Interested parties for the time strictly necessary to fulfill the purposes set out in point 1 and in any case for no more than 10 years from the termination of the contract, unless otherwise
provided by law. Once the storage terms described above have expired, the data will be destroyed or made anonymous.
6. RIGHTS OF THE INTERESTED PARTYThe interested party can assert his rights, recognized by the binding legislation and in particular by the articles. from 15 to 22 of the GDPR, such as:
a) right of access: the right to obtain from the Data Controller confirmation that personal data is being processed and, in this case, to obtain access to personal data and to further information on the origin, purpose, categories of data processed , recipients of communication and / or transfer of data, etc .;
b) right of rectification: right to obtain from the Owner the correction of incorrect personal data without unjustified delay, as well as the integration of incomplete personal data, also by providing an additional declaration;
c) right to cancellation: right to obtain from the Data Controller the cancellation of personal data without unjustified delay in the event that:
- personal data are no longer necessary with respect to the purposes of the processing;
- the consent on which the treatment is based has been revoked and there is no other legal basis for the treatment;
- personal data have been processed unlawfully;
- personal data must be deleted to fulfill a legal obligation.
d) right to object to processing: the right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the Data Controller;
e) right to limit processing: the right to obtain from the Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the treatment is unlawful and the interested party has opposed the processing, if the personal data are necessary for the interested party to ascertain, exercise or defend a right in court, if as a result of the opposition to the treatment the Interested is awaiting verification of the prevalence or otherwise of the legitimate interest of the owner;
f) the right to data portability: the right to receive personal data in a structured, commonly and automatically readable format, and to transmit this data to another data controller, only for cases where the processing is based on consent or on a contract and only for data processed by electronic means;
g) the right not to be subjected to automated decisions: the right to obtain from the Owner not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that affect the interested party or that significantly affect his person, except that such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the interested party;
h) the right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial appeal, the interested party who considers that the treatment concerning him / her is in violation of the GDPR has the right to lodge a complaint with a supervisory authority.
In order to exercise the rights provided by the GDPR, the interested party may at any time exercise the rights by sending:
- by e-mail, at the address xxxxxx@xxx.xx
- or by registered mail with AR receipt to the Data Controller: Bersud srl, Xxx Xxxxxxx Xxxxxx, 0/X – 00000 Xxxxxxxx (XX) - Xxxxx.
7. XXXXXX, RESPONSIBLE AND ALL IN CHARGE
We inform you that the Data Controller of your data is:
Bersud srl, Via Xxxxxxx Xxxxxx, 2/A – 72100 Brindisi (BR) C.F./P.IVA IT01252400740
Your personal data will be processed exclusively by personnel appointed by the Data Controller or by its external suppliers appointed as data processors. You can request a complete and updated list of the persons appointed responsible for processing by contacting the Data Controller.