Brief Information Notice for customers and suppliers pursuant to Article 13 of EU Regulation 2016/679
The Data Controller is EFORMA as defined above. For any information relating to the processing of personal data by EFORMA you may write to the following e-mail address: email@example.com.
1. Types of Personal Data processed:
The personal data (“Personal Data”) to be processed are as follows:
Name, contact details and other Personal Data
EFORMA shall process your Personal Data collected within the scope of the agreement and/or for the purpose of concluding the agreement, which may include, but is not limited to, your first name, last name, mobile telephone number, e-mail address and in general contact details as a contact person for business relations.
Data Collected from Public Sources
EFORMA will supplement and, if applicable, enrich the Personal Data provided by you in the course of concluding the Agreement with publicly available data from the portal of the Chamber of Commerce (e.g. www.registroimprese.it) or from the Camera di Commercio or in accordance with the Code of Conduct for the Processing of Personal Data in Connection with Business Information of 12.06.2019. More information is available at: https://www.informativaprivacyancic.it/.
2. Purposes of the processing
The processing that EFORMA intends to carry out has the following purposes:
- Management purposes for the execution of the existing contract between your company and EFORMA (“Performance of a contract”).
- The fulfillment of any legal, accounting and tax obligations (“Compliance”).
- The prevention or detection of any abuse against EFORMA or any fraudulent activity and thus enabling EFORMA to protect itself in court (“Abuse/Fraud”).
- In case of access to EFORMA's premises, the processing of certain Personal Data may also take place by means of the video surveillance system installed on the premises for security purposes of the company's assets and the persons on the premises. The filming of persons will only take place incidentally and on an occasional basis ("Security").
3. Legal Basis
The legal basis for the processing of your personal data for the purposes referred to in point 1. (Performance of a contract) is in accordance with Article 6(1)(b) of the Regulation. This is because the processing is necessary for the performance of the contract between your company and EFORMA. The provision of your personal data for these purposes is optional, however, failure to provide it would make it impossible to execute the contract.
The purpose referred to in point 2. (Compliance) represents legitimate processing of your personal data in accordance with Article 6(1)(c) of the Regulation. Once you have provided your personal data, the processing is indeed necessary to fulfill a legal obligation to which EFORMA is subject.
The legal basis for the processing of your personal data for the purposes referred to in point 3 (Abuse/Fraud) is the Data Controller’s legitimate interests as per Article 6(1)(f) of Regulation.
The legal basis for the processing of your personal data for the purposes referred to in point 4 (Security) is the legitimate interest of the Data Controller as per Article 6(1)(f) of Regulation.
Your personal data may be shared, for the above purposes, with the following “Recipients”:
- Parties that typically act as data processors, i.e., persons, companies (including Bank), or professional firms that provide assistance and advice to EFORMA in accounting, administrative, legal, tax, financial and debt collection matters
- hosting service provider, or more generally, provider with whom it is necessary to interact for the execution or conclusion of the Contract;
- Subjects, entities or authorities to whom it is obligatory to communicate your personal data by virtue of legal provisions or orders of the authorities;
- Third-party companies also in the event of extraordinary transactions (company mergers, demergers, acquisitions, etc.)
- Companies or professionals for the judicial or extrajudicial protection of EFORMA's rights;
- Parties delegated to perform technical maintenance activities (including maintenance of network equipment and electronic communication networks);
- Persons authorized by EFORMA to process your personal data as may be necessary to carry out activities strictly related to the execution of the contract, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees and/or external collaborators of EFORMA).
4. How we process your Personal Data
Your personal data will be processed in both automated and manual form. Pursuant to the provisions of the Regulations, the processing of personal data by EFORMA shall follow the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality.
Data shall always be processed in strict compliance with the principle of confidentiality, also in case of processing by third parties expressly appointed by EFORMA.
6. Transfer of Personal Data
Some of your personal data is shared with Recipients who may be outside the European Economic Area. The Data Controller ensures that transfers and processing take place in compliance with applicable law. Transfers are made through appropriate safeguards such as, adequacy decisions, Standard Contractual Clauses approved by the European Commission or other legal instruments. For more information, contact the Controller by writing to firstname.lastname@example.org.
7. Data retention period
Personal data processed for the purposes mentioned in point 1. (“Performance of a contract”) will be kept for the time strictly necessary to achieve its purposes. Since the processing is carried out for the execution of the contract, EFORMA will process your personal data for the time allowed by Italian legislation to protect its interests (Art. 2946 and the following of the Italian Civil Code).
Personal data processed for the purposes referred to in point 2. (“Compliance”) will be kept until the time provided for by the specific obligation or applicable law.
Personal data processed for the purposes referred to in point 3. (“Abuse/Fraud”) will be kept only for the time strictly necessary for the aforementioned purpose and, therefore, only until such time as EFORMA is obliged to store such data in order to protect itself in court or to disclose such data to the competent authorities.
Personal data processed for the purposes referred to in point 4 ("Security") will be retained by EFORMA for will be stored for 24 or 48 hours at weekends, and in any case only for the time strictly necessary for the above-mentioned purpose and subsequently deleted.
More information regarding the data retention period can be requested in writing to EFORMA to the following address: EFORMA SRL (hereinafter “EFORMA”), via dell’Elettronica n. 9, cap. 36016 Thiene (VI), by writing to email@example.com.
8. Refusal to provide Personal Data
Failure to provide data on the part of the data subject shall result in the impossibility of entering into the Contract, the execution of pre-contractual measures and the exact fulfilment of contractual obligations, as well as fulfilments (including legal ones) arising out of or in connection with the Contract and, more generally, the impossibility of carrying out the activities referred to in point 2.
9. Data subject rights
Pursuant to Articles 15 and the following of the Regulation, you have the right to request from EFORMA, at any time, to access, rectify or erase your personal data or to object to its processing. You also have the right to request the restriction of processing in the instances provided for in Article 18 of the Regulation, as well as to obtain a copy of it in a structured, commonly used and machine-readable format as provided for in Article 20 of the Regulation.
Requests should be addressed in writing to the following e-mail address: firstname.lastname@example.org or to EFORMA's physical address: EFORMA SRL (hereinafter “EFORMA”), via dell’Elettronica n. 9, cap. 36016 Thiene (VI).
You have the right to lodge a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali), in accordance with Article 77 of the Regulation, if you believe that the processing of your personal data is contrary to the legislation in force.
The Data Controller reserves the right to change or simply update this policy, in part or in full, including due to changes in applicable regulations. The Data Controller will inform you of such changes as soon as they are introduced. They will be binding as soon as they are made known to you. EFORMA therefore invites you to pay attention to all communications that will be made to the Policy, so that you are always up to date on the data processed and how EFORMA uses it.