Information to customers and suppliers on data protection
The processing of data relating to legal persons does not fall within the scope of the personal data protection rules set out in European Regulation 2016/679. For the purpose of clarity and transparency towards its Customers and Suppliers, San Marzano Vini S.p.A. provides this information also to legal entities, describing the methods and purposes of all the processing operations that the Company carries out or has the right to carry out on personal data. Therefore, the information relates specifically to the data of natural persons working for the Company’s customers and suppliers.
Pursuant to Legislative Decree no. 196 of 30 June 2003, as amended (the “Privacy Code”) and the EU Regulation 2016/679 (hereinafter, the “Privacy Regulation“), San Marzano Vini S.p.A. (hereinafter, the “Company“), with registered office in San Marzano di S.G. (TA), Via Monsignor Bello n. 9 – 74020, which can be contacted for the exercise of the rights allowed by the regulations in force at the address of the head office or by email firstname.lastname@example.org, the Data Controller of the personal data already communicated or which will be communicated in the future and at which the personal data are or will be collected, wishes to inform you that the data concerning you may be processed, in compliance with the above mentioned regulations, by the Company in relation to the pre-contractual and/or contractual relations with you or to those which may be entertained in the future.
2. Source of the personal data
Personal data, acquired or to be acquired in connection with contractual relations or in the pre-contractual phase, are collected directly from the person concerned. All personal data collected will be treated in accordance with current legislation and, in any case, with due confidentiality.
3. Nature of the collection
For the stipulation and execution of the contractual relationship, the collection of personal data is also obligatory, as it is necessary to fulfil legal and fiscal obligations; refusal to provide such personal data will make it impossible to establish relations with the Company. Its processing does not require the consent of the person concerned.
4. Purpose of processing and legal basis of processing
The collection or processing of personal data has the sole purpose of adequately fulfilling the obligations connected with the performance of the Company’s business activities and in particular for the following purposes:
- the performance of pre-contractual activities and the acquisition of preliminary information for the purpose of concluding a contract;
- management of the contractual relationship and of all administrative, operational, management and accounting activities related to the contract (order management, invoicing, checks on the reliability of customers and suppliers, after-sales service and support, etc.);
- management of disputes, breach of contract, warnings, settlements, arbitration, litigation, etc;
- the fulfilment of obligations laid down in laws, regulations, EU legislation and provisions issued by public authorities.
The processing is carried out by virtue of the fulfilment of pre-contractual and/or contractual and legal obligations related to the relationship you have established with the Company, pursuant to art. 6, paragraph 1, letter b) of the Privacy Regulation.
5. Nature of provision and consequences of refusal
The provision of personal data to the Company is compulsory only for personal data for which there is a legal or contractual obligation to do so, or for personal data necessary to acquire pre-contractual information activated at the request of the person concerned. In the event of a refusal to provide such ‘compulsory’ personal data, the contract may not be completed. Any refusal to provide personal data for which there is no obligation to provide such data, but which are strictly necessary for the performance of contractual relationships, will in principle have no consequences in relation to ongoing relationships, except for the possible impossibility of carrying out operations connected with such personal data or the impossibility of establishing new relationships. Any refusal to provide personal data relating to the performance of further activities that are not strictly functional to the execution of the contractual relationship may only prevent the performance of such further activities without any other consequences.
6. Method of processing
The processing of personal data shall be carried out in a lawful and correct manner and, in any case, in compliance with the aforementioned legislation, by means of instruments suitable to guarantee their security and confidentiality and may also be carried out by means of computerised instruments designed to store, manage and transmit the data.
The processing will be carried out, primarily, by the Company’s internal organisation, under the direction and control of the relevant corporate departments and for the purposes indicated above, also by other companies in the group or by third parties, as identified in point 9 below.
Personal data shall be stored in a form which permits identification of the data subject for no longer than is necessary for the purposes for which they are collected and processed.
7. Duration of the processing
The personal data subject to processing will be kept for the time strictly necessary with regard to the contractual relationship, as well as, subsequently, for the fulfilment of all legal obligations connected with or arising from the contract you have entered into with the Company.
8. Recipients of personal data
Without prejudice to communications made in fulfilment of an obligation imposed by law, regulation or EU legislation and intra-group communications, the communication, also by simple consultation or making available of personal data concerning you may be made to the following subjects:
- a. public bodies, supervisory bodies, authorities or institutions;
- b. companies belonging to the Group, associated with our Company, located in Italy;
- c. natural or legal persons who provide specific services, such as – by way of example but not limited to – data processing, logistics and postal services, customer satisfaction surveys, legal, administrative, tax and/or accounting consultancy, organisation of trade fairs and communication events, etc;
- d. commercial intermediaries, banks and credit institutions, financial intermediation companies, natural or legal persons in charge of credit recovery, auditing and/or certification of financial statements and quality systems, independent collaborators of the Company, agents and reporting agents, insurers and brokers, etc;
The persons referred to in points a), d) act as autonomous Data Controllers.
We assure you that, in any case, only personal data that are necessary and relevant in relation to the purposes of the processing for which they are intended, are transferred to the subjects mentioned, if not aggregated and anonymous personal data.
The list of such third parties will be constantly updated and accessible to you upon request to the Company. By virtue of the existence of links with them by computerised and telematic means or by regular mail, personal data may be made available abroad, possibly even outside EU countries in view of the existence of the relevant authorisation, or on the basis of standard contractual clauses.
Personal data will not be distributed in any event.
9. Rights of the data subject
This is without prejudice to your right to exercise your rights of access to your personal data as provided for by art. 15 et seq. of the Privacy Regulations regarding rectification, cancellation, limitation and opposition to processing, in the manner and within the limits established by art. 2-undecies of the Privacy Code and art. 12 of the Privacy Regulations.
If our Company does not provide you with a reply within the timeframe envisaged by the regulations or if the reply to the exercise of your rights is not suitable, you may lodge a complaint with the Guarantor for the protection of personal data, at the following coordinates: website www.gpdp.it or www.garanteprivacy.it, email email@example.com, fax (+39) 06.69677.3785, telephone operator (+39) 06.69677.1.