We inform customers/suppliers (interested in processing) and their contact persons (hereinafter “interested”, ex. Art.4, c.1 of the GDPR) that the professional relationships established with the undersigned Holder may involve the processing of personal data, in accordance with the following principles of a general nature:
– all data are processed in a lawful, correct and transparent manner towards the data subject, in compliance with the general principles set out in Art. 5 of the GDPR;
– specific security measures are observed to prevent loss of data, illicit or incorrect use and unauthorized access;
– The Data Controller is the undersigned Company: Istituto Italiano dei Plastici Srl, via Velleia 2 – 20900 Monza (MB), which can be contacted at firstname.lastname@example.org
– the Owner can apply to exercise all the rights provided for in art.15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), as well as revoke a consent previously granted or submit a complaint to the Control Authority for the protection of personal data.
OBJECT OF PROCESSING
The Owner processes personal identification data of the customer / supplier (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment references) and its operational contacts (name, surname and contact details) acquired and used in the provision of services provided by the Owner.
PURPOSE AND LEGAL BASIS OF THE TREATMENT
The data are processed for:
– conclude contractual/professional relations;
– fulfilling the pre-contractual, contractual and fiscal obligations deriving from the existing relationships, as well as managing the necessary communications connected to them;
– fulfil the obligations provided for by law, regulation, Community legislation or an order of the Authority
– exercise a legitimate interest as well as a right of the Owner (for example: the right of defense in court, the protection of credit positions; ordinary internal operational, management and accounting requirements).
Failure to provide such data will make it impossible to establish a relationship with the Owner.
The above purposes represent, pursuant to Art.6, paragraphs b, c, f, appropriate legal bases for the lawfulness of the treatment. If you intend to carry out processing for different purposes will be required a special consent to the interested parties.
MODALITY OF THE TREATMENT
The processing of personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subject to both paper and electronic and/or automated processing. The Owner will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.
SCOPE OF TREATMENT
The data are processed by internal subjects regularly authorized and instructed in accordance with Art.29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external parties who operate as managers or independent data controllers (consultants, technicians, banks, carriers, etc..).
We also inform you that your personal data may be the subject of intercompany communication between the companies of the Group. The data are not subject to dissemination or transfer to non-EU countries. If it becomes necessary, in the context of tenders / contracts or in the performance of regulatory obligations (eg: joint and several liability, anti-corruption, anti-mafia, anti-money laundering, etc..)
acquire personal data from customers / suppliers of their employees, it is agreed between the parties that the undersigned company will be entitled to the treatment as external manager (Art.28 GDPR) or authorized subject (Art.29 GDPR). In the context of this relationship, the undersigned company undertakes to process such data in compliance with the compliance requirements of the GDPR, guaranteeing any communication to other parties exclusively.