Privacy policy
Suppliers and AssociatesCartigliano, 19 September 2018
We hereby inform you that your personal data, acquired or to be acquired by Officine di Cartigliano Spa as “Data Controller (hereinafter referred to as the “Controller”), will be processed in compliance with legal requirements and your rights as data subject (hereinafter referred to as “Data Subject”).
Processing methods
The processing may include the following operations: collection (by telephone, via the internet or in writing), recording, organisation, storage and processing on paper or on magnetic, automated or computerized storage systems, alteration, selection, retrieval, alignment, use, interconnection, disclosure, erasure and destruction of the data, or combinations of two or more of the aforesaid operations.
The Controller may also appoint one or more Processors or persons authorised to process. Authorised in-house processors typically belong to the functional areas of this Company which need to process data for the purposes indicated in this disclosure.
The security of processing is ensured by appropriate technical and organisational measures, such as, among other things, electronic archives, access to which is restricted to authorised and periodically updated personnel profiles, protected by a firewall, anti-virus, anti-spam, backup and data recovery systems in the event of accidents, and maintenance services.
Purposes of processing
The purpose of the processing is to fulfil pre-contractual and contractual obligations (supply or purchase of goods and/or services, including the management of delivery, logistics and transport obligations relating thereto) and legal obligations (e.g. keeping accounts, tax procedures, administrative and accounting management, etc.).
Legal basis of processing
The legal basis of the processing is the fact that this is required for the execution of a contract of which you are a contracting party or for the execution of pre-contractual measures, or to fulfil a legal obligation which the Controller is subject to.
In any case, it is a legitimate interest of our Company to be able to process the data in order to effectively and efficiently manage relationships with suppliers/associates and the related internal and external organisational processes.
Scope of data disclosure
Without prejudice to the disclosure of data to third parties in compliance with legal requirements or pursuant to regulations or other EU legislation, or at the request of judicial authorities or other third parties whose right thereto is recognised by these provisions, the data may be disclosed by us to the following categories of third-party recipients:
- Banks and credit institutions, for the management of payments;
- Insurance companies;
- Consultants;
- Professionals and firms of professionals (lawyers, accountants, statutory auditors, members of Law 231 supervisory bodies, etc.);
- Auditors of the accounts;
- Suppliers of IT maintenance and/or IT support services in relation to our IT systems, databases and services;
- Other companies, organisations and/or private individuals who perform activities that are of use, support or assistance in executing contracts or services requested by you;
- Other companies in the Group;
The Controller will proceed to appoint as data Processors, all the categories of recipients to whom the data will be disclosed, except in those cases where they act in the capacity of independent data controller in accordance with the applicable legislation.
Data transfer abroad
The Controller will not transfer personal data to Third Countries or International Organisations. If this should happen in the future, we would provide a separate policy document in advance illustrating the appropriate legal guarantees that need to go with such transfer, and any request for consent to processing, where required.
Mandatory provision of data.
Your failure to provide any data requested from you may make it impossible for the Controller to meet contractual obligations and/or those required by law.
Data storage period
The data will be processed for the whole period specified within the contracts and, subsequently, only for the period required for us to perform our legal obligations (normally 10 years for accounting requirements). In the event of any dispute with the data subject and/or with third parties, the data will be processed for the time strictly required to exercise the protection of the Controller’s rights.
Data subject’s rights
Pursuant to Articles 15 to 22 of the GDPR 2016/679, you may, at any time, exercise the right to:
- Obtain from the Controller confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and the related information;
- Obtain information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom personal data has been or will be disclosed and, where possible, the storage period;
- Obtain rectification and erasure of the data;
- Obtain restriction of processing;
- Obtain data portability, i.e. to receive personal data from a data controller in a structured, commonly used and machine-readable format and to transmit such data to another controller without hindrance;
- Object to the processing at any time, including processing for direct marketing purposes;
- File a complaint with the Italian Data Protection Authority;
- Object to an automated decision-making process concerning individuals, including profiling.
Controller of your data
The Controller for the processing of your personal data is Officine di Cartigliano SpA, which you can contact in order to exercise the aforesaid rights via the following addresses:
- By registered post to Officine di Cartigliano SpA, addressed to its legal representative pro tempore, Via San Giuseppe no. 2 36050 Cartigliano (VI)
- By certified email to the following certified (PEC) email address: amministrazione@cert.cartigliano.com
