PRIVACY POLICY PURSUANT TO ARTICLE 13 AND 14 of the GENERAL DATA PROTECTION REGULATION (EU) 2016/679 (GDPR) European regulation on personal data protection)
Dear Supplier, this information is provided to individual customers (natural persons) and to natural persons operating in the name of and on behalf of corporate customers (legal persons), pursuant to art.13 and art.14 GDPR 2016/679 (European regulation on personal data protection).
1) THE DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS
The data controller is Sipol S.p.A. – Via Leonardo Da Vinci, 5 – 27036 Mortara (PV) – VAT NO. 01842120188| C.F. 01669490037 – Tel. +39 0384 295237 – privacy@sipol.com.
2) DATA AND SOURCE OF PERSONAL DATA: The Data Controller processes all personal data relating to legal persons (not governed by the GDPR) as well as common personal data, identification, economic, financial and any payment data obtained directly from the interested party and / or acquired from external companies for the purpose of collecting commercial information (including, for example, information on management).
3) THE PURPOSES OF AND LEGAL BASIS FOR THE DATA PROCESSING
The processing of your data is necessary
- to meet obligations arising from a contract to which you are party, or to comply, before and after the execution of the contract, with your specific requests;
- to comply with legal obligations of an administrative, accounting, civil or fiscal nature, regulations, EU and non-EU legislation;
- for supplier management purposes (administration, management of suppliers, contracts, orders, arrivals, invoices, selections based on company need, credit rating);
- for litigation management (breaches of contract; formal notices, transactions, debt collection, arbitration, legal disputes);
The legal basis for the data processing is art. 6, para. 1, points b), c) and f) of the above-mentioned Regulation (EU) 2016/679 (GDPR).
4) METHODS OF PROCESSING
Your data will be processed using paper and electronic methods. Please be assured that we have implemented all measures deemed necessary and/or appropriate in order to maintain the integrity, the confidentiality and the availability of the data.
5) RECIPIENTS OF PERSONAL DATA
Your personal data will not be disseminated, only communicated to specific subjects. On the basis of their roles and qualifications, internal and external staff members are entitled to process the data within the limits of their competences and in accordance with the instructions given them by the data controller. The same data may also be communicated to parties entitled to access them pursuant to legal provisions, rules and regulations, to mail delivery companies, banks and credit institutions, debt/commercial information collection companies, consultants, law firms, insurance companies, IT support companies, professional studios/companies providing accounting, fiscal and tax services, freelance/casual collaborators, agents, bodies/companies appointed by and/or in a collaboration relationship with the undersigned, judicial authorities.
6) DATA TRANSFER
Your personal data will be managed and stored on servers located within the European Union and will not be transferred outside the European Union. It is nevertheless understood that the data controller retains the right, if necessary, to choose to use servers located in other locations in Italy and/or the European Union and/or non-EU countries, and/or to use cloud services. In such cases, the data controller guarantees, as of now, that any data transfer outside the EU will take place in compliance with the applicable legal provisions, if necessary through the stipulation of agreements designed to guarantee an adequate level of protection and/or through adoption of the standard contractual clauses envisaged by the European Commission.
7) DATA STORAGE
The data controller keeps and processes personal data for the time strictly necessary to fulfil the purposes indicated, or for the period imposed by applicable civil and tax laws.
8) THE RIGHTS OF THE DATA SUBJECT
Pursuant to articles 15 of GDPR 2016/679, data subjects may exercise their rights by writing to the data controller at the address given above or by sending an e-mail to privacy@sipol.com. Data subjects also have the right to lodge complaints with the supervisory authority in the member state of their habitual residence.
9) PROVISION OF DATA
Where provision of the data requested is necessary in order to comply with legal requirements, rules and regulations, and thus determines our ability to meet, correctly and effectively, our contractual obligations, your possible refusal to provide the said data will make it impossible for us to establish and maintain a business relationship with you.
10) AUTOMATED DECISION-MAKING PROCESSES
The data controller does not process data using methods involving automated decision-making processes.