Information on the processing of personal data ex art. 13-14 EU Reg. 2016/679
Interested Parties: suppliers
TIESSE S.P.A. in its capacity as the Data Controller of your personal data, pursuant to and in accordance with EU Reg. 2016/679 hereinafter 'GDPR', hereby informs you that the aforementioned legislation provides for the protection of data subjects with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of your confidentiality and your rights.
Your personal data, and those of individuals working on behalf of your company as appointees will be processed in accordance with the legislative provisions of the aforementioned legislation and the confidentiality obligations provided therein.
Purposes and legal basis for processing: in particular, your data will be processed for the following purposes related to the implementation of fulfillments related to legislative or contractual obligations:
- Management of outstanding orders and contracts (b.g. execution of a contract)
- Mandatory legal obligations in the field of tax and accounting (b.g. legal obligation)
- Defensive investigation activities to ascertain, exercise or defend a right in court (b.g. legitimate interest of the Data Controller)
The processing of functional data for the fulfillment of these obligations is necessary for the proper management of the relationship and their provision is mandatory to implement the above-mentioned purposes. The Data Controller also informs that any failure to communicate, or incorrect communication, of any of the mandatory information, may cause the inability of the Data Controller to ensure the appropriateness of the processing itself.
Method of processing: your personal data may be processed in the following ways:
- processing by means of electronic calculators
- manual processing by means of paper archives
All processing is carried out in accordance with the methods set out in Articles 6, 32 of the GDPR and through the adoption of the appropriate security measures provided.
Communication: your data may be communicated exclusively to the public bodies and offices to which the tax data must be communicated (e.g. Agenzie delle Entrate,) as well as banks and credit institutions; in case of necessity for the performance of the services requested, to competent and duly appointed parties for the performance of the services necessary for the proper management of the relationship, such as consultants and service providers, with guaranteed protection of the rights of the data subject.
Your data will be processed only by personnel expressly authorized by the Data Controller.
Disclosure: Your personal data will not be disclosed in any way.
Retention Period: We would like to inform you that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to Article 5 of the GDPR, the retention period of your personal data is:
- accounting and tax data: 10 years in compliance with the obligations related to the preservation of accounting and tax records (art. 2220 Civil Code, which provides for the preservation of accounting records for 10 years; art. 22 of Presidential Decree September 29, 1973, no. 600 )
other data: 10 years from the time of the termination of the effectiveness of the contract or, in case of disputes, for the prescriptive term provided by the legislation for the protection of related rights
Rights of the Interested Party
1. The interested party has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, and their communication in an intelligible form.
2. The data subject has the right to obtain indication:
a. the origin of the personal data;
b. of the purposes and methods of processing;
c. the logic applied in case of processing carried out with the aid of electronic instruments;
d. of the identification details of the data controller, data processors and the representative designated pursuant to Article 5, paragraph 2;
e. of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees.
3. The interested party has the right to obtain:
a. the updating, rectification or, when interested, the integration of data;
b. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
c. certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate to the protected right;
d. the portability of the data.
4. The data subject has the right to object, in whole or in part:
a. for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of collection;
5. The data subject has the right to request the restriction of processing.
He/she may exercise his/her rights by sending an email to privacy@tiesse.com or by sending a written request to the contact details specified above.
In addition, the data subject in case he/she believes that the processing of his/her data is contrary to the legislation in force may lodge a complaint with the Supervisory Authority for the Protection of Personal Data pursuant to Article 77 of Regulation 2016/679 or file a report pursuant to Article 144 of Legislative Decree 101/2018.