| |
Customer/supplier privacy statementStatement regarding personal data processing pursuant to section 13, Legislative Decree 196/2003, on the protection of persons and other subjects with regard to personal data processing.You are hereby informed that for the purposes of establishing and performing the contractual relationships existing between us, our company is in possession of data regarding you which have been acquired, including by verbal means, either directly or through third parties, and which qualify as personal pursuant to Legislative Decree 196/2003 (Privacy Code). The law in question requires first that personal data processors inform data subjects about which data are processed and several important matters regarding such processing. Processing must also take place in a fair, lawful and transparent manner, in such a way as to protect your privacy and rights.Pursuant to this legislation, we hereby provide you with the following information.Purpose of data processingThe collection and processing of personal data has the sole purpose of complying with obligations connected with the performance of our company’s business activities and in detail: preliminary requirements regarding the stipulation of contracts; compliance with contractual obligations regarding the data subject by performing a deed, multiple deeds or the set of operations needed to discharge the aforementioned obligations; to discharge the obligations connected with or instrumental in performing the contract at all public or private entities; to discharge legal obligations and for the purposes of internal statistical assessments regarding company business.Nature and source of Customers’ and Suppliers’ Personal Data Customers’ and Suppliers’ personal data are NOT sensitive data (section 4(d), Legislative Decree 196/03) or legal data (section 4(e), Legislative Decree 196/03) and are supplied by same in the form of orders (Customers) or offers (Suppliers). Customers and Suppliers must always provide their personal data in writing.Methods of processingFor the stated purposes, personal data is processed manually and by electronic means, applying the logic that is strictly correlated to such purposes and, in any case, in such a way as to ensure the security and confidentiality of such data pursuant to the law.Nature of collectionWith regard to the stipulation and performance of contractual relations, the collection of personal data is also obligatory for the purposes of discharging legal and fiscal obligations; the refusal to provide such data makes it impossible to establish relations with the company. The relative processing does not require the consent of the data subject in question.Communication and disseminationCustomers’ and Suppliers’ personal data represent a corporate asset and as such are protected by appropriate security procedures and may not be communicated to third parties. Customers’ and Suppliers’ personal data may be communicated to third parties exclusively by company management for the purposes of discharging obligations of a financial nature (banks) and of managing any arising disputes (lawyers, professional consultants, debt collection agencies).Rights of data subjectsData subjects may contact the data controller to verify their own data and supplement, update or rectify same, and/or to exercise the other rights provided by section 7 of Legislative Decree 196/03, which is given below:Section 7 (Right to Access Personal Data and Other Rights)1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.2. A data subject shall have the right to be informed: a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2); e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.3. A data subject shall have the right to obtain: a) updating, rectification or, where interested therein, integration of the data; b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.4. A data subject shall have the right to object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.Data Controller and Processor:Controller: Api S.p.A. - via Trieste, 13 - 16018 Mignanego (GE).Processor: the General Manager - API S.p.A. - via Trieste, 13 - 16018 Mignanego (GE).Contact: for information regarding the processing of Customers’ and Suppliers’ personal data, and in order to exercise the rights afforded to data subjects, please write to privacy@api-spa.com. Data Processing Clarifications Your personal data will be retained for the entire period needed to perform all the contractual and legal obligations arising from the contractual relations established with you, even after the termination of same. Personal data which does not need to be retained in relation to the purposes for which it is processed will be deleted or anonymized pursuant to the law.
|
|
|
