Privacy policy for actual or potential customers and suppliers and other contacts for work-related communications

Art. 13-14 of Regulation (EU) 2016/679

1. SUBJECT MATTER OF THE PROCESSING

The personal data in the possession of the undersigned organisation are collected directly from the data subjects and

directly and freely provided by them and/or available from third parties (e.g. on the Internet, in public registers, etc.).

This information concerns personal details, contact details, bank accounts, addresses, telephone numbers, postal and e-mail addresses. The data subjects are understood as identified and identifiable third parties having actual or potential relations with the undersigned or with a contractual counterparty, such as customers, suppliers, partners, public administrations, associations, etc. with which working relations and/or relations of interest are held with the undersigned.

2. PURPOSES OF THE PROCESSING

The personal data are processed for the purpose of communication between the undersigned organisation, including its staff, and the data subject within the framework of the normal activities performed.

Your personal data are processed without your express consent (Art. 6.1 (b) and (e) of the GDPR), for the following

Service Purposes:

a) purposes linked specifically to the execution and provision of requested services (GDPR Articles.6(b) and 9(a)), in particular for the management of actual or potential customers and suppliers, by entry in the company databases for the performance of regulatory and contract obligations, internal organisation of work, statistics and other matters in any case linked to the performance of the economic activity of the undersigned organisation, including the fulfilment of civil, fiscal, tax, accounting, remuneration, national insurance and social security requirements, etc., including the sending of circular letters and communications related to the contractual activities for the provision of the requested services;

b) purposes linked to legal obligations and orders issued by authorities lawfully entitled to do so (GDPR Articles 6.1 (c) and 9.1 (b, g, h)).

3. METHODS OF PROCESSING

The personal data in question may be processed using paper and computerised/telematic instruments, adopting safety measures to guarantee the confidentiality of the data subject and prevent unauthorised access by third parties or unauthorised persons. In any case your personal data will be processed according to law, based on the principles of lawfulness and fairness in order to protect your confidentiality.

4. NATURE OF DATA PROVIDING

The provision of your data is mandatory for all processing of a legal and contractual nature (points a) and b) of para. “purposes of the processing”). Any partial or total refusal to provide mandatory data will make it objectively impossible to establish or continue any relations with you; on the other hand, concerning optional data, your refusal will have no consequences other than the impossibility to manage appropriate information in the relationship between the parties.

5. TRANSMISSION AND DISSEMINATION OF THE DATA

(Only the indispensable) data will be transmitted to:

  • data processors, both inside the undersigned organisation and outside, appointed to perform specific tasks and operations (e.g. internal sales network and external agents, companies appointed to perform market research, commercial partners, consulting firms, other third parties);
  • persons appointed by the company to perform all or part of the obligations undertaken by the contract or related thereto, banking institutions generally, risk assessment centres and/or companies managing commercial information services, business associations and the like.

The data will not be disseminated unless the contrary is imposed by law.

The personal data processed will not in any way be disseminated to undetermined subjects.

6. DATA TRANSFER ABROAD

The data will be processed mainly in Italy and the EU, but it may also be processed in non-UE and non-EEA countries where deemed functional to the achievement of the purposes pursued in compliance with the guarantees assured to the data subjects.

7. RIGHTS OF THE DATA SUBJECT

You have the right to:

  • lodge a complaint with a supervisory authority (Art. 77 of GDPR 2016/679);
  • know which personal data are processed by the undersigned, its origin, purposes and methods of processing (art. 15 of GDPR 2016/679);
  • request the rectification of any data to the Controller (art. 16 of GDPR 2016/679);
  • request the erasure of any data to the Controller (right to be forgotten) (art. 17 of GDPR 2016/679);
  • request the restriction of processing (art. 18 of GDPR 2016/679);
  • submit a request to object to any processing performed as defined in Art. 21 of GDPR 2016/679.

If the processing is based on consent, the withdrawal of any consent given, considering that the withdrawal of consent does not prejudice the processing based on consent given prior to withdrawal.

8. DURATION OF THE PROCESSING

The duration of the processing will not exceed the purposes for which the data were collected.

However, where the data subject so deems the purpose of processing to be exhausted, for any reason, he or she must notify the Data Controller in writing at the address below.

9. DATA CONTROLLER

The Data Controller is PLAFONDPLAST SRL, strada Padana, 6, 43010 Roccabianca (PR), Italy

10. DATA PROTECTION OFFICER

The Data Protection Officer (DPO) has not been identified as the undersigned does not process data falling within the categories defined in Art. 37 of Regulation (EU) 2016/679.

11. DATA PROCESSOR

For information on the external Data Processor, write to: info@plafondplast.com