(Suppliers Personal Data)
Rev. 01 giugno 2021
This information is provided pursuant to and for the purposes of art. 13 of the EU Regulation no. 2016/679 of 27 April 2016 (hereinafter also “GDPR”) relating to the protection of individuals with regard to the processing of personal data. In particular, TMB S.p.A., as Data Controller, wishes to inform you that, in implementation of the obligations deriving from the GDPR, it is required to provide some information regarding the methods and purposes of the processing of personal data, which it may come into possession of.
A. DATA CONTROLLER IDENTITY
The Data Controller is TMB S.p.A., in the person of the legal representative pro tempore, located in Monselice (PD), via Umbria 19, tax code and VAT 02506060280.
E-mail address: email@example.com
B. CATEGORIES AND DATA PROCESSING PURPOSES
CATEGORIES OF DATA
The Data Controller processes the data of natural person suppliers, or of natural persons who operate in the name and on behalf of legal person suppliers. The personal data processed are the common ones: name, surname, tax code, VAT number and other personal identification numbers, registered office, contact details and other elements of personal identification, data relating to economic, commercial, financial and insurance activities.
DATA PROCESSING PURPOSES:
The data listed above are processed for purposes related to the execution of the contract, including any pre-contractual phase. In particular:
a) Purchase of goods and services;
b) Supplier management;
c) Fulfillment and execution of the contract;
d) Tax and accounting obligations.
The Data provision is necessary for the attainment of the abovementioned purposes; therefore, their missed, partial, or inexact provision could have as consequence the objective impossibility for the Company to enter into or to regularly continue the contractual relationship.
C. LEGAL BASIS
The legal basis for the processing of the aforementioned personal data is:
- for the purposes indicate in lett. a), b), c) the execution of the contract;
- for the purposes referred to in lett. d), the legal obligation.
D. METHOD OF TREATMENT OF PERSONAL DATA
The processing is carried out through operations, carried out with or without the aid of electronic tools and consists of the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use of interconnection, blocking, communication, cancellation and destruction of data.
It is specified that personal data will be kept and controlled, also in relation to the knowledge acquired on the basis of technical progress, the nature of the data and the specific characteristics of the processing, through the adoption of suitable and preventive security measures, both of a physical nature and logical kind, in order to minimize the risk of destruction or loss of the data; unauthorized access; treatment not allowed or not in accordance with the purposes of the collection.
E. DATA RETENTION PERIOD
The data provided will be kept for the following terms:
- 10 years from the execution of the service for data relating to the purchase of goods and services and the fulfillment and execution of the contract;
- 10 years from the year of termination of the last contract for data relating to supplier management;
- 10 years from the year of accounting competence for data regarding tax and accounting obligations.
A longer period of retention might be eventually determined by requests made by the Public Administration or other judicial authority, governmental or regulatory, or arising from the participation of our company in legal proceedings involving the processing of personal data provided by You.
F. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data shall not be distributed or disclosed to third parties.
Your data may be communicated to well-defined subjects only by the Data Controller for the purposes indicated, in particular:
- to consultants, freelancers, even individually or in association;
- banks and credit institutions;
- a software house for the management of company software, appointed as data processor;
- public economic and non-economic and / or private entities for which the communication of data is mandatory or necessary for the execution of the contract and in any case in compliance with legal obligations.
The list of Data Processor is available at the following references: firstname.lastname@example.org
G. DATA SUBJECTS’ RIGHTS
The Controller has the right:
– access, rectification, cancellation, limitation and opposition to the processing of data;
– to obtain without hindrance from the data controller the data in a structured format of common use and readable by an automatic device to transmit them to another data controller;
– to revoke the consent to the processing, without prejudice to the lawfulness of the processing based on the consent acquired before the revocation;
We inform you that the deadline for the reply to the Controller is, for all the rights of one month from receipt of the request, extendable up to three months in particularly complex cases.
The exercise of the aforementioned rights can be exercised by written communication to be sent by e-mail to the address: email@example.com
H. RIGHT TO ISSUE A COMPLAINT
The Controller has also the right to lodge a complaint to the relevant Supervisory Authority pursuant to art. 77 GDPR (in particular, in the Member State in which he / she has habitual residence or place of work, or in the place where the alleged infringement occurred).
I. EXTRA-EU DATA TRANSFER
Personal data will not be transferred outside the European Union.