GDPR - suppliers
In compliance with the provisions of current legislation on the protection of personal data, namely EU Regulation 2016/679 (also called "GDPR") and, as applicable, complementary national legislation, we wish to inform you about the processing of your personal data by the organization of the Data Controller. Such processing will be based on principles of correctness, lawfulness and transparency as well as the protection of your privacy and rights. This information is provided for personal data concerning you, i.e. the person concerned who is reading this document.
a) Who is the Data Controller? How can the Controller be contacted?
The Data Controller is Bondioli & Pavesi Sp.zo.o., with registered office in PL - 76 200 SLUPSK - Poznańska, 71, hereinafter referred to as the "Controller." Your contact details are as follows:biuro@bondioli-pavesi.com
b) For what purposes is the data processed? On what legal basis? And for how long is it kept?
Below we indicate the purposes of the processing, the legal basis that legitimizes the processing and the retention time of your personal data:
|
Purpose |
Legal basis |
storage |
|
Execution of the contract: to conclude a contract and fulfill contractual and pre-contractual obligations, such as the economic-financial evaluation, request for documentation certifying the possession of certain requirements, fulfillment of specific requests before the conclusion of the contract, ordinary contract management, after-sales support and assistance, credit recovery, and the protection of rights in general. |
Execution of pre-contractual and contractual obligations |
The data will be kept for the ordinary prescription period rights for accounting and/or tax reasons, except for the additional retention time required by law or, in the event of a dispute, until its conclusion. |
|
Fulfillment of legal obligations: to fulfill the obligations established by the laws in force, including the bookkeeping of company accounts for both civil and fiscal purposes, the deeds and obligations for the drafting of financial statements, as well as provisions issued by authorities and legitimized by the law. |
Compliance with legal obligations |
|
|
Administrative/accounting management: to carry out administrative, financial, statistical and accounting operations connected to internal organizational needs, also in coordination with the other companies of the corporate group. |
Legitimate interest |
c) What is the legitimate interest that allows the processing?
The legitimate interest indicated above relates to the need to carry out administrative and management operations by the Data Controller, to manage its operations correctly and efficiently as well as to exercise rights recognized by law without affecting the freedom and fundamental rights of the Data Subject.
d) Is it mandatory to provide the data? What happens if it is not provided?
The provision of data is necessary for the conclusion and management of the contract. In the partial or total absence of this provision, the contractual relationship cannot be initiated or continued.
e) Who can know your data? Who is it communicated to?
The personal data relating to the treatments in question, for the aforementioned purposes, may be communicated or disclosed:
Ø to those within the organization of the Data Controller who need it due to their duties or hierarchical positions. These subjects are the persons authorized to process under the direct authority of the Data Controller;
Ø to Public Administrations, security and inspection authorities and, more generally, to subjects to whom the right to access data is recognized by specific provisions of the law or by a provision issued by an authority legitimated by the law.
Ø to the subjects whose activity is necessary for the execution of the contracts of which you are a party or to fulfill requests before the conclusion of the contract (e.g. companies and institutions in the banking, credit and insurance sectors, financial intermediaries, mail delivery companies, transporters, law firms, etc.) and who act as independent controllers;
Ø to third parties who carry out processing on behalf of the Data Controller, related to the processing and purposes described above, such as administrative, accounting, tax, information system management, attendance and payroll services. These subjects are authorized to process them as Data Processors in accordance with the provisions of Article 28 of the GDPR;
Ø to subsidiaries of the group within the EU.
f) What are your rights as a Data Subject?
The GDPR recognizes, in relation to your personal data, the following rights that you can exercise within the limits and in compliance with the provisions of the law:
- Right to access your personal data (Article 15);
- Right of rectification (Article 16);
- Right of cancellation (right to be forgotten) (Article 17);
- Right to limitation of processing (Article 18);
- Right to data portability (Article 20);
- Right to object (Article 21); the Data Subject has the right to object at any time, for reasons connected to his/her particular situation, to the processing of personal data concerning him/her based on legitimate interest, including profiling based on such data. The Data Controller refrains from processing unless it demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the interested party or for the assessment, exercise or defense of a right in judicial proceedings;
- Right to object to a decision based solely on automated processing (Article 22);
- Right to revoke the consent given at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation.
You can exercise these rights by sending a written request addressed to the Data Controller at the postal address or by e-mail, as indicated in the previous point a). Furthermore, you have the right to lodge a complaint with the Supervisory Authority if you believe that the processing of your data is contrary to the legislation in force (Article 77), or take legal action (Article 79).
