Supplier and external service provider privacy agreement
In compliance with article 13 of the EU General Data Protection Regulations 2016/679 (which we refer to in this document simply as Regulations), we adhere to certain rules for the collection and processing of personal data of suppliers and external service providers.
1. Data Controller
The Data Controller is Alfredo Salvatori S.r.l., address and VAT number as detailed above.
2. Types of personal data
The type of data we may collect may fall into the following categories:
a) Key personal details, (name, surname, date and place of birth);
b) Contact details (email address, telephone number, home address);
c) Information relating to the nature of your role or services and the company you work for;
d) Financial and bank details, ie your tax number, fiscal code, bank account number.
3. The purpose for collecting and processing your data
We collect and use your data for the following reasons:
a) In order to fulfil contractual obligations or for administrative and accounting purposes;
b) In order to comply with any obligations imposed by prevailing law, regulations or applicable Community legislation, or in order to carry out decisions made by relevant authorities.
4. The legal basis for collecting and processing your data
The legal basis for collecting and processing the details set out in paragraph 2a) of this document is covered under Article 6, paragraph 1b) of the Regulations (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”).
The legal basis for collecting and processing the details set out in paragraph 2b) of this document is covered under Article 6, paragraph 1c) of the Regulations (“processing is necessary to compliance with a legal obligation to which the data controller is subject”).
5. Providing details is optional
Providing personal details to comply with the reasons set out in paragraph 3a) above is not obligatory, however we need this information to draw up a supplier or consultancy contract. Therefore, if we do not have these details, it may mean we are unable to fulfil activities or actions provided for in the contract. When we receive personal details for the reasons outlined in paragraph 3a), it may be necessary to also use them for the reasons set out in paragraph 3b), to enable us to comply with various legal obligations we are subject to.
6. Parties with whom we may share your personal data
Personal details provided by you may be shared with other parties, in relation to Salvatori’s business activity and solely for the reasons mentioned above and only for any time period that is strictly necessary. These include:
a) Individuals or businesses who typically act as a data controller as laid out by article 28 of the Regulations. In other words: i) individuals, companies or professional firms who provide assistance and consultation to Salvatori in accounting, administrative, legal, tax and financial matters; ii) persons or companies who provide technical services; iii) credit institutions and insurance brokers or companies;
b) individuals, organisations and authorities with whom we are required to share personal data by law or the request of relevant authorities;
c) persons authorised by the Data Controller to carry out activities strictly related to the purposes referred to in Article 1 above, and that guarantee the safety and confidentiality of the information or are legally obliged to maintain confidentiality.
7. Data retention
We will retain your personal data in keeping with Article 32 of the Regulations and respecting the safety measures adopted by Salvatori to protect your details. It will only be shared with personnel strictly involved and authorised to access it.
Personal data collected for the purposes set out in paragraph 2a) will be retained only for as long as is strictly necessary to fulfil its purpose. In any case, since data is used in order to provide products or services, the Data Controller will hold and process the data for the period of time allowed by Italian law (art. 2946 of the Italian Civil Code and subsequent amendments).
Personal data collected for the purposes set out in paragraph 2b) will be retained for as long as required by applicable law or specific obligation.
8. Your rights
Articles 15-22 of the Regulations stipulate that at any time, you have the right to receive confirmation from the Data Controller as to whether we hold your personal data and for how long it will be retained. You also may request access to your personal data and information about how it is used, the categories of data concerned and the recipients or categories of recipient to whom it has been or will be disclosed. You have the right to request amendments to the data we hold or to cancel or limit how your details are processed, to withdraw your consent, make a complaint to a judicial authority and to ask to receive your data in a portable, structured, commonly-used and readable format by electronic means that can be forwarded to another data controller without impediment.
If you want to exercise any of your rights, you simply need to send an email to the address firstname.lastname@example.org outlining what you would like us to do.