Information Notice on Personal Data Processing for Suppliers
In accordance with Art. 13 of the General Data Protection Regulation (GDPR 2016/679)
Pursuant to Art. 13 of the UE 2016/679 Regulation, the company E.S.A. Engineering Srl Via Mercalli 10/6, 50019 Sesto Fiorentino (FI), the Data Controller, shall provide you with the following information on personal data processing concerning natural persons.
Source of the Data
The personal data being processed generally come from direct contacts with the supplier following our requests, orders or as a result of offers and proposals by the supplier.
Purposes and legal basis for the processing
Your personal data, and possibly the data of your employees shall be used for:
- precontractual activities, exchanging information for purchasing your products or services, or providing quotations, and or
- performing contractual obligations, and/or;
- performing accounting and tax obligations
- protecting the rights of the Company, therefore the legitimate interest of the Data Controller, both in court and out of court
In pursuing the aforementioned purposes, it may be necessary to know and store the supplier’s personal data, a natural person or, in the case of a legal entity, its legal representatives and possibly its employees (name and surname, role/job, email and company telephone no.).
Refusal to Provide the Data
The data subject may refuse to provide the Data Controller with their personal data.
However, provision of personal data is necessary for the correct and efficient management of the contractual relationship. Therefore, refusal to provide the data may compromise the contractual relationship wholly or partly.
Methods of Processing
Data shall be processed by using suitable tools and procedures to ensure security and confidentiality, and shall be performed either by paper, or with electronic tools.
Scope of Data Processing and Communication
Personal data will be processed by our authorized personnel, and by our consultants within the limits necessary to carry out their professional assignment on behalf of our Company, and identified as the Processors.
To have the complete list of the Processors, you can contact the Data Controller at any time at the addresses provided at the end of this document.
We shall not “disseminate” your personal data, i.e. we shall not made it available to unspecified parties; we may “communicate” it to public and private third parties, that can access the data by virtue of the provisions of law or regulation and within the limits imposed by these rules.
Transfer of Personal Data to Third Countries or International Organizations
No data shall be transferred to countries outside the EU nor to international organizations.
Automated Data Processing
The company does not carry out data processing based on an automated decision-making process, including profiling that produces legal effects concerning a person or that may significantly affect him or her.
Data retention periods
Data shall be processed throughout the duration of the contractual relationships and for the following time required to fulfill all legal obligations. The data provided shall be retained in our archives according to the following parameters:
For administration, accounting, contracting, management of any litigation: from 5 to 10 years as established by the Italian Civil Code and by the rules governing powers and inspections on tax matters, without prejudice to any specific reasons that justify its extension (e.g. in the event of litigation or investigations by the competent authorities).
Rights of the Data Subject
As data subject, natural person, you can enforce your rights as per art. from 15 to 21 of the RGPD 2016/679, summarized below, by contacting the data controller at any time.
Specifically, you may access your personal data, request rectification or erasure of your personal data, or restriction of processing of your personal data, data portability, or object to such processing.
Right to Complain
Each data subjects that believes that the processing infringes the Regulation has the right to lodge a complaint with the Garante (Italian Data Protection Authority), as provided for by art. 77 of the Regulation, or to start judicial proceedings (Article 79 of the Regulation).
Contact details for the Data Subject to enforce its or her rights
Data Controller, E.S.A. Engineering Srl, Via Mercalli 10/6, 50019 Sesto Fiorentino (FI), Italy, Tel. +39 055 373949, Fax +39 055 0675863, email: email@example.com
Data Protection Officer, HR and General Affairs Manager, Via Mercalli 10/6, 50019 Sesto Fiorentino (FI), Italy, Tel. +39 055 373949, Fax +39 055 0675863, email: firstname.lastname@example.org
The Company E.S.A. Engineering Srl