INFORMATION PURSUANT ART. 13 EU 679/2016 REGULATION
In this statement, Turati Idrofilo S.p.A. (hereinafter “Turati” or “Data Controller”) acknowledges the personal data processing policies. The information is provided pursuant to art. 13 of EU Regulation 679/2016 – General Regulation on the protection of personal data (hereinafter “Regulation”). 13 and 14 of Regulation (EU) 2016/679, concerning the protection of natural persons with regard to the processing of personal data (hereinafter, “GDPR”), the Data Controller informs its contractual counterparts, including physical consultants, about the treatment of the personal data provided by them.
1 – IDENTITY AND CONTACT DATA OF THE HOLDER OF THE TREATMENT
Treatment data holder is the company Turati Idrofilo S.p.A. with registered office in Luserna San Giovanni (TO) Via I ° maggio n. 242 VAT number 07243840019.
2 – CATEGORIES OF DATA PROCESSING
Pursuant to art. 4.1) of the GDPR, “personal data” is “any information concerning an identified or identifiable natural person (” subject “)”. Therefore, pursuant to this Notice, “Data” means those personal details and contact details relating to natural persons treated by the Company for the stipulation and execution of the contractual relationship, including those of the contractual counterparty, as well as the employees / consultants involved in the activities referred to in the contract. Personal data concerning the natural persons involved in the execution of the contract and relating to the contractual relationship may also be processed.
3 – PURPOSE OF THE PROCESSING AND LEGAL BASES
3.1 The Data will be processed by the Company for purposes related to the establishment and execution of the contract, including the compilation of the customer / supplier database. The processing of personal data for the mentioned purposes finds its legal basis in art. 6 lett. (b) of the Regulation, pursuant to which i”the treatment of data is necessary for the execution of a contract to which the subject is involved”. The communication of personal data is a contractual obligation. Failure to provide partial or inexact communication will make it impossible to pursue the mentioned purposes. The Data will also be processed for administrative and accounting purposes, such as accounting and management, as well as billing (for example, verification). and the registration of invoices), in accordance with the requirements of current legislation, or for the execution of other obligations provided for by laws, regulations and Community legislation. The Data may also be processed by the Company, where necessary, to assert and / or defend the Company’s rights in court. Your data will also be processed by the Company where necessary for the management of the verification requirements of the suppliers with respect to the company policies. The provision of the Data is mandatory for the achievement of the purposes listed above; therefore, their failure, partial or incorrect conferment could have the consequence of the objective impossibility for the Company to establish or to regularly carry out the contractual relationship.
4 – PERIOD AND METHOD OF STORAGE OF DATA
4.1 Data collected for the purposes indicated in art. 3 will be kept for the duration of the contract and, after the termination, for a maximum period of 10 years. In the case of legal disputes, the Data will be kept for the entire duration of the same, until the terms of possibility of appeal are exhausted. Once the above-mentioned conservation terms have expired, the Data will be destroyed or made anonymous, compatibly with the procedures deletion and backup techniques.
4.2 Personal Data will be processed using manual, IT and telematic tools with logic strictly related to the aforementioned purposes and, in any case, in order to guarantee the security and confidentiality of the data.
5 – TARGET CATEGORIES
5.2 Data can be communicated to subjects acting as Data Controllers or processed, on behalf of the Company, by external subjects designated as Managers, to whom adequate operating instructions are given. These subjects are essentially included in the following categories:
1. Customers / Suppliers;
2. Insurance companies;
3. Autonomous professionals;
4. Banks and credit institutions;
5. Subjects to whom the right to access the Data is recognized by legal provisions or regulatory or community regulations;
6. Subjects to whom the communication of the Data is necessary or is in any case functional to the management of the contractual relationship with the customers;
7. The reference holding company.
6 – TRANSFER OF EXTRA UE DATA
Data may be transferred abroad to countries outside Europe.
6.1 In the absence of a decision of adequacy of the European Commission on the level of protection of data subjects guaranteed by these countries pursuant to art. 45 of the GDPR, the transfer takes place subject to the signing of the standard contractual clauses adopted approved by the European Commission pursuant to art. 46, paragraph 2, lett. c) and d).
6.2 A copy of the standard contractual clauses can be requested by e-mail, by writing to the following e-mail address: firstname.lastname@example.org.
7 – RIGHTS OF THE INTERESTED PARTY
Interested parties may request the Data Controller access to the Data concerning them, the correction of inaccurate Data or the integration of incomplete Data, the deletion of Data, the limitation of processing in the cases provided for by art. 18 GDPR. They may also request to receive in a structured format, commonly used and readable by an automatic device, the Data, as well as, if technically possible, transmit them to another holder without impediment in the event that the conditions for exercising the right to portability pursuant to art. 20 of the GDPR (provided that the treatment is based on the consent pursuant to art. 6.1 letter a) or art. 9.2, lett. a) or on the contract pursuant to art. 6.1, lett. b) of the GDPR and is carried out with automated tools).
Interested parties have the right to object, for reasons connected to their particular situation, to the processing for the pursuit of the purposes based on the legitimate interest of the Company.
These rights can be exercised by writing to the Company at the offices of the Data Controller or via e-mail at the address: email@example.com. The interested parties also have the right to lodge a complaint with the competent control authority pursuant to art. 77 of the GDPR (in particular, in the Member State in which he habitually resides or works or in the place where the alleged violation occurred).