INFORMATION ON PROCESSING THE PERSONAL INFORMATION OF CUSTOMERS/SUPPLIERS
pursuant and consequent to art. 13 of Regulation (EU) 2016/679
(GDPR – General Data Protection Regulation)
Dear Customer/Supplier, Pursuant to art. 13 of Regulation (EU) 2016/679 (hereinafter, the “Regulation”) and with regard to your personal data, our Company as the Controller of data processing wishes to provide the following information to you in the context of our contractual relations. If our relations are governed by specific contracts, the privacy clauses contained in those contracts take priority and this document represents a supplement to the extent applicable and not in conflict.
1. Identification details of the Controller of data processing
The Controller of data processing is La Piacentina S.p.A. with registered and operational offices at Viale J.F. Kennedy 20, 46019 Viadana (MN), Italy. Contact details: Telephone +39 0375 833124 – e-mail: firstname.lastname@example.org . Given that the Controller of data processing has a permanent establishment within the European Union, it is not necessary for the Controller of data processing to appoint an EU representative.
2. Contact details of the Data Protection Officer
A Data Protection Officer has not been appointed after checking the applicability of art. 37 of the Regulation, as none of the circumstances contemplated therein apply to the Company.
3. Purposes of processing the data and legal basis
Processing is carried out for the following purposes: – Compliance with legal and/or contractual obligations, performance of routine and customary business activities by the Company; – Processing for accounting and administrative purposes; Management of legal requirements and disputes; – Compliance with current occupational health and safety legislation; – Activities linked to application of the internal management system adopted by the Company. The lawfulness of processing is founded on the following elements: contract for the purchase/supply of goods or services, Decree 81/2008 and subsequent amendments and additions with regard to the legislation governing occupational health and safety and the regulations linked to application of the Italian Civil Code and Criminal Code. Processing is carried out via operations or sequences of operations and, in particular: the collection, registration, organisation, conservation, elaboration, modification, comparison, interconnection, selection, extraction, consultation, communication, blockage, erasure and destruction of data; processing may be carried out with or without the use of electronic equipment; processing is organised by the Controller and by authorised companies, a list of which is available from the Controller, that work directly with the Company and operate with full autonomy as separate external controllers of data processing that are obliged to operate directly and under contract with the Company in compliance with the regulations governing the protection of personal data. Personal data is never disseminated.
4. Legitimate interests of the Controller of data processing
Any processing carried out pursuant to art. 6, para. 1, letter f), will take place solely to satisfy the legitimate interests of the Controller of data processing.
5. Recipients of personal data
The personal data collected may be communicated to: – all parties whose right of access to that data is recognised under current legislation and regulations; – our collaborators in the performance of their respective duties; – all natural and/or legal persons, whether public or private, to which such communications are necessary or useful for the performance of our activities in the manner and for the purposes described.
6. Transfer of personal data abroad
The Controller of data processing does not intend to transfer any personal data to countries or international organisations outside of the European Union.
7. Period of retention of personal data
The retention period is established to be the duration for which data must be retained for tax purposes under current legislation (10 years).
8. Rights of data subjects
Data subjects are entitled (Chapter III Rights of data subjects) to ask the Controller of data processing for access to their personal data and for its rectification, erasure, restriction or portability, as well as to object to its processing. Refer to the contact details provided above in order to exercise these rights.
9. Revocation of consent
Data subjects are entitled to revoke their consent given pursuant to art. 6, para. 1, letter a), and art. 9, para. 2, letter a).
10. Right to complain to the Supervisory Authority
Data subjects are entitled to lodge complaints with the Supervisory Authority, which may be contacted as follows: Data Protection Ombudsman (Garante) – Piazza di Monte Citorio 121, 00186 ROME Fax: (+39) 06.69677.3785 Switchboard: (+39) 06.696771 e-mail: email@example.com Certified e-mail: firstname.lastname@example.org . Details and procedures for exercising the right to complain can be found on the website of the Data Protection Ombudsman http://www.garanteprivacy.it.
11. Communication of personal data
The communication and subsequent processing of personal data represents a necessary condition for completing the contract with our Company. Failure to communicate personal data will render the contract invalid.
12. Automated decision-making processes
The personal data collected will not be the subject of any automated decision-making processes, including profiling.