(articles 13, EU Regulation n. 2016/679)
In compliance with EU Regulation 2016/679 on the processing of personal data and their free circulation, to Legislative Decree no. 196/2003 and subsequent amendments “Code on the protection of personal data”, we inform you, as a “Data subject” on how we use your personal data, communicated with the paper forms prepared or sent via IT tools when we request the supply of goods and services, in order to guarantee a correct, lawful and transparent processing in compliance with the principles placed to the protection of your rights and your personal liberties.
DATA CONTROLLER: Moretti Forni Spa
Registered Office: Via A. Meucci n. 4 – Mondolfo (PU)
Vat number: 01298900414
Phone N. / FAX: 0721-96161 / 0721-9616299
E-mail / pec: email@example.com / firstname.lastname@example.org
WHAT WE DO WITH YOUR DATA (Categories of data, contractual requirement)
We mainly request and process only personal data classified as “common”. In some cases, however, it may be essential to also process data classified as “special”. In these cases, it will be the responsibility of our company staff to communicate specific information relating to the use and purpose of the processing.
In relation to the contract between the parties, may be collected and catalogued, within our organization, your contact details (telephone number, email, contact details, etc.), possibly also the data of your workers and collaborators, as well as the company’s data, in order to improve the management of the existent relationship.
The provision of some personal data (appropriately specified during the request phase) is mandatory in order to follow up the supply relationship and the related fulfilment. Without them, we will not be able to process your request or could result in the partial, or total, non-execution of the supply activity. Other data, on the other hand, are optional, consequently not providing them will prevent the supply of additional services, which however are not essential for the continuation of the relationship.
WHY WE PROCESS YOUR DATA (Purposes and legal bases)
Your personal data are requested for procedural purposes related to the management of suppliers, for the fulfilment of contractual and legal obligations deriving from civil, fiscal, accounting, administrative and security management rules. In addition, they can also be processed for scheduling supply activities, for order history, for internal control services, assessment of the quality of services provided, management of complaints and for the response of requests forwarded.
We may also process your contact details for the business promotion activity or for the communications related to the direct sale of products and services similar to those already provided, but for this purpose you will be asked for explicit consent.
In case there is a need to pursue further purposes of processing your data, which have not been indicated in this information, we will inform you in advance about the new methods of processing.
HOW WE PROCESS YOUR DATA AND WITH WHICH TOOLS (Processing mode)
Your personal data will be processed by our Company through the use of analog and digital systems.
Only personnel authorized by the Data Controller will be able to access your data to carry out the processing or system maintenance operations. We take all technical and organisational measures to avoid unauthorized access, disclosure, modification or destruction problems. These measures have been reported within our privacy management system, which allows to maintain a constant monitoring of protection against the data processed, as well as a continuous adaptation of the procedures according to the evolution of the Company reality. We also specify that we do not use, within our organization, an automated decision-making, including profiling, which produces legal effects that concern you and / or that significantly affect your person.
TO WHOM WE COMMUNICATE YOUR DATA (Communication to third parties and categories of recipients)
The data are processed at the legal and operational headquarters of the Data Controller and in any other place where the parties involved in the processing can be located. Your personal data may be disclosed to public bodies and institutions in charge, in order to comply with the obligations established by laws and regulations, as well as may be disclosed to external companies that carry out outsourcing activities on behalf of the Data Controller, in their quality of data processors. These data processors are accredited and authorized by us to process the data exclusively for the purposes described above, including the correct management of the contractual relationship established between the parties. All data processors have been identified individually, within our management system, and have received appropriate instructions to ensure the rights of data subjects, in addition to the requirement to respect the right of confidentiality. The complete and up-to-date list of data processors can always be requested to the Data Controller, as indicated in this information. Your data will not be transferred to third countries not belonging to the European Union and with personal data protection regulations not aligned with EU Regulation 2016/679. We also specify that your data will not be disclosed by us to any third parties neither authorized nor for any other purpose than those stated in this information.
HOW LONG WE KEEP YOUR DATA (Storage Period)
We will process your data for the time necessary to achieve the stated purposes for which they were collected and will be kept for the duration of the contractual relationship. They may also be maintained after the termination of the relationship, for the entire duration necessary for the extinction of the obligations contractually assumed and in order to fulfil the related obligations provided for by enforced laws. The personal data used for the business promotion activity may be processed until the possible exercise of the right of opposition. At the end of the period, the data will be destroyed, returned or processed ensuring compliance with the principle of minimisation, to protect the rights and freedoms of the data subject and always safeguarding them with appropriate technical and organisational security measures.
WHAT ARE YOUR RIGHTS
We guarantee all the rights of the Data subject provided for by the EU Regulation 2016/679. At any time, you can directly request the Data Controller to view, correct, cancel or limit the data concerning you. We guarantee the right to data portability and, therefore, at any time, you can request a digital copy of your data or even automatic transfer to other companies. In the foreseen cases, you can object or withdraw the consent given. Your right to lodge a complaint with the Authority Guarantor for the Protection of Personal Data is also safeguarded if you do not agree with our processing methods.
HOW TO EXERCISE YOUR RIGHTS
In order to follow up your rights or to request further information regarding the processing of your personal data carried out by our Company, please contact the Data Controller, in order to verify together the legal prerequisites and to be able to answer your requests in the most rapid and exhaustive way possible. You can send a request using the “GDPR Rights Form” provided by the Data Controller on the company website.
The Information is the tool provided by the EU Regulation 2016/679 as an application of the principle of transparency and has the purpose of helping you (Data subject) in the management of the information we process and which concern you. As the processing methods vary, or in the event of a change in national or European legislation, the information may be reviewed and integrated. In the event of important changes or changes in the processing purposes, you will be notified in advance through the corporate communication tools.