Information on the Processing of Personal Data Pursuant to Articles 13 and 14 of EU Regulation 2016/679
Dear Customer/Supplier,
In compliance with the provisions of European Regulation 2016/679 (GDPR), Tecnosplast di Marcon Antonio & C. S.A.S. wishes to inform you that the personal data concerning you, which have been or may be provided to us by you or other parties, and which you have provided and/or disclosed during your relationship with our company, will be processed in compliance with privacy legislation and the principles of fairness, lawfulness, transparency, and protection of your privacy and rights.
We would also like to provide you with the following information:
1 .Data Controller and Contact Information
Pursuant to Article 4 of the Regulation, the Data Controller is Tecnoplast di Marcon Antonio & C. S.A.S. with registered office in Marostica (VI), Via Leonardo da Vinci 18, VAT and Tax Code 00671630242, tel. 0424/470408, email info@tecnoplastonline.com, certified email tecnoplastonline@pec.it.
A Data Protection Officer and a Data Protection Officer are not designated.
2. Categories of personal data
The personal data processed will be those provided by you, in writing, directly sent to the Data Controller, by completing forms or other forms specifically designed for this purpose, including those included in contractual documents, or collected by the Data Controller by telephone, verbally, or by fax/email/website as part of pre-contractual activities.
Providing common personal data such as your first and last name and/or company name, domicile and/or residence/registered office, tax code and/or VAT number, telephone/fax, email, bank and payment details, details of your legal representative, and contact details of contractual contacts (hereinafter “your common personal data”) is mandatory for achieving all the purposes set out in point 3 of this privacy policy.
3. Purpose and legal basis of processing
The data provided will be collected and processed exclusively for the following purposes:
a) to fulfill contractual and pre-contractual obligations;
b) for internal administrative, tax, or accounting purposes related to the customer-supplier relationship;
c) inclusion in company databases used for contract management and monitoring;
d) to fulfill any obligation required by laws, regulations, or EU legislation;
e) to pursue the legitimate interests of the Data Controller or third parties.
The legal basis for the processing of the data referred to in points a), b), c), d), and e) is the performance of contracts for the supply of goods and/or services to which you are a party, or the performance of pre-contractual activities.
4. Processing Methods
Data is processed through the following operations: collection, recording, organization and storage, consultation, modification, use, transmission and communication, erasure and destruction, blocking, and restriction.
Processing will be carried out both manually in paper format and with the aid of electronic or automated, computerized, and telematic tools, in compliance with applicable legislation and solely for the purposes set out in this policy.
The collected data is recorded and stored by the Data Controller in computerized and paper archives, as well as stored and controlled in such a way as to minimize the risk of destruction or loss, even accidental, of unauthorized access, and of processing that is unauthorized or inconsistent with the purposes of collection.
5. Recipients or potential categories of recipients of personal data
The data will be processed by our employees and/or collaborators (sales, management, sales, production, marketing, purchasing, quality), specifically authorized to process data according to instructions provided in compliance with current legislation on privacy and data security.
If necessary for the purposes listed in Article 3, personal data may be processed by third parties appointed by the Data Controller as “External Data Processors” (pursuant to Article 28 of the GDPR) or “Independent Data Controllers,” namely: consultants and consulting firms, freelancers, self-employed workers, agents and representation agencies, banks and insurance institutions, debt collection companies, accounting firms, labor consultancy firms, transport and logistics companies, subcontractors, technical service companies, and company help desks.
Personal data may also be disclosed to public bodies, law enforcement agencies, or other public and private entities, but only for the purpose of fulfilling legal, regulatory, or EU legislation obligations.
The updated list of Data Processors and Persons in Charge of Data Processing is kept at the Data Controller’s registered office.
In any case, personal data is not subject to disclosure.
6. Data Transfer to a Third Country or International Organizations
The data will not be transferred to third countries outside the EU or to international organizations.
7. Processing Period
Your ordinary personal data will be processed and retained by the Data Controller for the entire duration of the contractual relationship and, after termination for any reason, will be retained for the period required by applicable accounting, tax, civil, and procedural legislation.
8. Data Provision
Pursuant to the current Privacy Code, the company is exempt from obtaining consent for processing in relation to the purposes referred to in points a), b), c), d), and e).
In relation to the purposes referred to in points a), c), the processing may be carried out without your consent as it is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures.
In relation to the purposes referred to in points b), d), the processing may be carried out without your consent as it is necessary to fulfill a legal obligation.
In relation to the purposes referred to in point e), the processing may be carried out without your consent as it is necessary to pursue the legitimate interests of the Data Controller or third parties, provided that this does not override your fundamental rights and freedoms.
The provision of data is mandatory for the achievement of all the purposes referred to in point 3, and any refusal to provide the data may make it impossible for the Data Controller to perform the contract.
9 Rights of the Data Subject
In your capacity as Data Subject and in relation to the processing described in this policy, you have the rights referred to in Articles 7, 15 to 21, and 77 of the GDPR and, in particular, the right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object to data processing, right to revoke consent, and right to lodge a complaint.
In any case, you may always request from the Data Controller a copy of your personal data, information regarding the location where the personal data is processed, and an updated list with the identification details of all Data Processors and System Administrators authorized to process data.
To exercise this right, you may contact the Data Controller by sending a certified email to tecnoplastonline@pec.it.
Finally, please note that you have the right to lodge a complaint with the supervisory authority if you believe there has been a breach of your data and you have the right to withdraw or modify the consent given at any time, without any liability or prejudice to the lawfulness of the processing carried out up to that point. By signing this document, the data subject declares having received and read the above information.
Marostica, 24/05/2018
Tecnoplast di Marcon Antonio & C. S.A.S. Legal Representative
Marcon Antonio