POLICY ON THE PROCESSING OF PERSONAL DATA – CLIENTS / VENDORS
pursuant to Article 13 of Regulation (EU) 2016/679
(Regulation on the protection of personal data)
Dear Client/Vendor, pursuant to Article 13 of Regulation (EU) 2016/679, hereinafter the “Regulation”, and with regard to personal data concerning you, in its capacity as Data Controller and following the contracts in force our Company wishes to provide you with the following information.
- Identification data of the Data Controller
The Data Controller is NYX s.r.l., having its place of business at Via Dell’Industria, 3 – 35020 Brugine (Padua, Italy). The contact details are as follows: Telephone no. (+39) 049 7962204 E-mail: email@example.com. It should be noted that, as the Data Controller is based within the European Union, a controller’s representative does not need to be appointed.
- Contact details of the data protection officer
Having verified the enforceability of the provisions laid down in Article 37 of the Regulation, the appointment of a data protection officer was excluded because the company does not fall within any case contemplated therein.
- Purpose of the data processing and legal base
Data are processed for the purpose of implementing the following activities:
fulfilment of statutory and/or contractual obligations, implementation of habits and customs relating to the company business: – accounting and administrative processes; – management of legal obligations and disputes; fulfilment of obligations in connection with the existing legislation on health and safety at work: – fulfilment of obligations in relation to the implementation of the company Management System; – sending of notifications concerning offers and promotions. The legal base of the processing consists in the following elements: contracts for the purchase/provision of goods or services, Italian Legislative Decree Dlgs 81/2008, as further amended and supplemented, concerning the existing legislation on health and safety at work, and regulations in connection with the enforcement of the Civil and Criminal Codes. The processing is implemented by means of operations or combinations of operations, including: collection, recording, organisation, storage, processing, modification, alignment, combination, selection, extraction, consultation, disclosure, blockage, deletion, and destruction. The processing is performed either with or without electronic media; it is implemented by the Controller’s organisation and its trusted companies, a list of which is available at the Controller’s premises, which are our direct collaborators and work in full autonomy as separate external controllers of the processing of personal data, and are bound to comply with the regulations on the protection of personal data, both on their own and under a contract stipulated with our company. Personal data are not subject to dissemination.
- Legitimate interests of the Data Controller
If the data are processed pursuant to Article 6, section 1(f), processing will take place exclusively to fulfil the legitimate interests pursued by the Controller.
- Recipients of personal data
Any personal data collected may be disclosed to: – all persons whose title to access such data is recognised by normative measures; – our co-workers, limited to their jobs; – all natural and/or legal persons, public and/or private, whenever data disclosure is necessary for or functional to the performance of our business and in the ways and for the purposes illustrated herein.
- Transfer of personal data to a third country
The Data Controller is not going to transfer personal data to any third country or to international organisations outside the European Union.
- Period for which personal data are stored
The parameter adopted is the data storage time limit for tax-related purposes currently in force (i.e. 10 years).
- Rights of the Data Subject
The Data Subject is entitled (Chapter III “Rights of the Data Subject”) to ask the Data Controller access to his/her personal data and the rectification or erasure of personal data, as well as the restriction of or objection to processing, and data portability. To exercise these rights, reference should be made to the above-mentioned contact details.
- Withdrawal of consent
The Data Subject is entitled to withdraw his/her consent, as expressed under Article 6, section 1(a) and Article 9, section 2(a).
- Right to lodge a complaint with a Supervisory Authority
The Data Subject is entitled to lodge a complaint to the Supervisory Authority at the following contacts: Personal Data Protection Authority – Piazza di Monte Citorio n. 121, 00186 ROME (Italy) Fax: (+39) 06 69677 3785 Reception: (+39) 06.696771 E-mail: firstname.lastname@example.org Certified e-mail: email@example.com . The references and procedures to exercise the right to complain are illustrated in the website of the Italian Privacy Protection Authority http://www.garanteprivacy.it.
- Disclosure of personal data
Disclosure and subsequent processing of personal data are necessary conditions for the conclusion of the contract entered into with our company. Failure to disclose data shall result in the contract not being enforceable.
- Automated decision-making process
Any personal data collected shall not be subject to automated decision-making processes, including profiling.