Your Cart

No products in the cart.

Supplier Privacy Policy

  1. SUBJECT OF PRIVICY NOTICE

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”), the Data Controller informs its suppliers/collaborators, including individual consultants, about the processing of personal data provided to the Data Controller.

  1. PRINCIPLES APPLICABLE TO PROCESSING ACTIVITIES

The processing of personal data is carried out in accordance with the principles set out in Article 5 of Regulation (EU) 2016/679, which are briefly summarized below:

  • Lawfulness, fairness, and transparency of processing must be lawful, fair, and transparent to the data subject;
  • limitation of the purpose of processing, including the obligation to ensure that any subsequent processing is not incompatible with the purposes for which the data was collected;
  • data minimization personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • accuracy and updating of data, including that data must be accurate and, where necessary, kept up to date, including timely correction or deletion of inaccurate data in relation to the processing purposes;
  • storage limitation, personal data must be kept no longer than necessary for the purposes for which they are processed;
  • integrity and confidentiality, appropriate security measures must be in place to ensure the protection of personal data.Fine modulo
  1. DATA CONTROLLER

The Data Controller is:

Tesori del Matese S.r.l., con sede legale in Via Canonica, 99 – 86027 San Massimo (CB).

  1. PURPOSE AND LEGAL BASIS OF THE PROCESSING.

Personal data are processed without consent [Art. 6 letter B) GDPR], for the following purposes:

  • fulfilment of pre-contractual, contractual, tax and administrative obligations deriving from commercial relationships established with suppliers;
  • administrative management of the supply of goods or services;
  • management of any disputes.
  1. DATA RECIPIENTS

The personal data may be processed by:

  • company employees and collaborators, acting in their capacity as persons authorized to process data (so-called “data processing appointees”), as well as by consultants appointed by the Data Controller who need to process Personal Data in order to perform their duties;
  • external entities, operating as independent data controllers such as, by way of example, supervisory and control authorities and bodies and in general public or private entities entitled to request data;
  • external entities designated as Data Processors pursuant to Article 28 del GDPR, – , who receive appropriate operational instructions, including tax consultants, business consultants, and companies providing software or web applications for accounting and administration purposes.

The complete list of Data Processors is available at the company headquarters listed in p.to 3.

  1. PERIOD OF DATA RETENTION

Tesori del Matese will process personal data for as long as necessary to fulfill the purposes described above and to comply with legal and/or tax obligations. In any case, personal data will not be retained for more than 10 years after the termination of the relationship for administrative purposes, in accordance with tax regulations.

  1. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION

Personal data are stored, both in paper and electronic form, in the premises specifically used for the processing whitin our organization, and by the aforementioned external entities. All such locations are currently within the EU area, which is subject to the protections established by the GDPR.

  1. PROFILING ACTIVITIES

The personal data collected are not subject to automated decision-making processes, including “profiling.”

  1. 1. RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEM

Data subjects, in addition to the right to lodge a complaint with a supervisory authority, may exercise the following rights:

Art. 15 Right of access – The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her is being processed and, if so, to obtain access to the personal data and information regarding the processing.

Art. 16 Right to rectification – The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the completion of incomplete personal data, including by providing a supplementary statement.

Art. 17 Right to Erasure (Right to Be Forgotten) – The data subject has the right to obtain from the Data Controller the deletion of personal data concerning them without undue delay, and the Data Controller is obliged to erase personal data without undue delay.

Art. 18 Right to Restriction of Processing – The data subject has the right to obtain from the Data Controller the restriction of processing when one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for the period necessary for the Data Controller to verify the accuracy of such data;

b) the processing is unlawful and the data subject opposes the deletion of the personal data and requests restriction of its use instead;

c) although the Data Controller no longer needs the data for the purposes of processing, the personal data are necessary to the data subject for the establishment, exercise, or defense of a legal claim;

d) the data subject has objected to processing pursuant to Article 21(1) of the Regulation, pending verification of whether the legitimate grounds of the Data Controller prevail over those of the data subject.

Art. 20 Right to Data Portability – The data subject has the right to receive the personal data concerning them, which they have provided to a Data Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another Data Controller without hindrance from the Data Controller to whom the personal data were provided.

When exercising their right to data portability, the data subject also has the right to have the personal data transmitted directly from one Data Controller to another, if technically feasible.

Art. 21 Right to Object – The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them, including profiling based on these provisions.

Art. 22 Right Not to Be Subject to Automated Decision-Making, Including Profiling – The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Rights may be exercised by submitting a request directly to the Data Controller, contactable at the addresses indicated in Section 3. The data subject may also lodge a complaint with the ITALIAN DATA PROTECTION AUTHORITY (Garante per la Protezione dei Dati Personali, www.garanteprivacy.it) or the EUROPEAN DATA PROTECTION SUPERVISOR (www.edps.europa.eu).

  1. LEGAL/CONTRACTUAL OBLIGATIONS OR REQUIREMENTS NECESSARY FOR THE CONCLUSION OF A CONTRACT

The provision of personal data for the purposes indicated in Section 4 is mandatory. Without such data, it will not be possible to carry out the processing activities described, making it effectively impossible to perform the services provided under the commercial relationship or to fulfill the applicable legal obligations.