PRIMA s.r.l. (hereinafter, "the Company" or "the Data Controller"), as the Data Controller, wishes to inform you, pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 on the protection of personal data (hereinafter, "GDPR"), of the following.
The Data Controller will process the data transmitted by you in relation to your personnel responsible for the execution and management of contracts with the Company, including:
For individual suppliers, in addition to the above-mentioned data, data related to billing and payments (including VAT and Tax Code), bank data, registration in professional registers, and economic-financial data (e.g., balance sheet) may also be processed.
The processing of data of the Data Subjects is carried out by the Company in the course of its economic and commercial activities for purposes related to the possible selection, establishment, management, and execution of the contractual relationship (including the management of the pre-contractual relationship). In particular, the data will be processed to fulfill legal obligations (e.g., tax and accounting obligations, obligations arising from the discipline of contracts and hygiene and safety at work); for the opening of the supplier registry; administrative management of contracts, including payment and invoicing management; obligations aimed at the supply of goods or services, as well as the management of any disputes, the performance of internal controls (safety, productivity, quality of services, asset integrity), certification. The data of the Data Subjects may also be processed for periodic activities to assess compliance with the ethical and legal requirements established by the Company in its own Code of Ethics and within the framework of audits, including at your premises, related to quality, process, product, or sustainability.
For the purposes mentioned above, the legal basis for data processing is to be found in compliance with a legal obligation to which the Data Controller is subject (Article 6, paragraph 1, letter c), GDPR) and/or in the performance of a contract of which the data subject is a party or in the performance of pre-contractual measures taken at the request of the data subject (Article 6, paragraph 1, letter b), GDPR).
The provision of the data by the Data Subjects is necessary and, in its absence, it will not be possible to establish any commercial relationship, correctly perform pre-contractual and contractual obligations or, where a contractual relationship already exists, fulfill the obligations and commitments arising from it.
Personal data are subject to computer and paper processing in the ways and within the limits necessary to achieve the purposes outlined in point 2). Personal data will be processed internally by authorized personnel, under the authority of the Data Controller and instructed on the regulatory principles and security procedures (Article 32, paragraph 4, GDPR). All data processing operations are carried out to guarantee the integrity, confidentiality, and availability of personal data.
The data will be retained in compliance with applicable legislation on the protection of personal data for the entire period necessary to fulfill the aforementioned purposes. In particular, the data will be retained for the entire duration of the contractual relationship and also after its termination in compliance with civil and tax obligations (e.g., the civil obligation to retain invoices and company documentation for at least 10 years). The data acquired during the supplier selection process, if no subsequent contractual relationship with the Company arises, will be retained for a period of 5 years from their acquisition.
Without prejudice to communications made to comply with legal and contractual obligations, the data may be communicated to credit institutions, public bodies, and administrations where necessary, as well as to subjects legitimized by law to receive such information, Italian and foreign judicial authorities, and other public authorities, for purposes connected to the fulfillment of legal obligations or for the fulfillment of obligations arising from the contractual relationship, including the need for defense in legal proceedings. These subjects operate as independent data controllers.
Contact data may be communicated for occasional needs to additional suppliers of the Company, for example, if they need to collaborate with these subjects for the execution of contractual obligations. The Company also uses third parties to provide certain services that involve the processing of personal data, including, for example, tax or legal consultants, providers of substitute storage services, companies or freelance professionals in the field of business consulting or quality, process, and product audit services. These subjects operate as data processors (Article 28, GDPR), based on specific instructions and adequate in terms of processing methods and security measures indicated in appropriate contractual documentation. The complete and updated list of subjects who process personal data as data processors is available upon request from the Data Controller at the contacts indicated in point 8) of this information.
Personal data will not be subject to dissemination.
Personal data will be processed by the Data Controller within the territory of the European Union. In any case, the Data Controller, if necessary, has the right to move the servers also outside the EU, for example, in the case of using Cloud services. In this case, the Data Controller assures from now on that the transfer of data outside the EU will take place in compliance with applicable law, after entering into standard contractual clauses provided by the European Commission.
Data Subjects may exercise, in relation to the processing of the data described here, the rights provided by the GDPR (Articles 15-22), including:
To exercise these rights or to request further information regarding this information, the Data Subject may contact the Data Controller by sending an email to firstname.lastname@example.org
Pursuant to Article 77 of the GDPR, the data subject also has the right to lodge a complaint with the Guarantor for the Protection of Personal Data, following the procedures and indications published on the official website of the Authority (www.garanteprivacy.it).
The Data Controller is PRIMA s.r.l., with registered office in Via Manta, 6 - 12033 Moretta (CN), represented by its Legal Representative. Tax Code and VAT number: 02190470043. Phone: (+39) 0172 94205, e-mail: email@example.com
The Data Controller for Personal Data Processing invites its Clients and Suppliers to inform the Data Subjects (e.g., administrators, employees, and collaborators whose data the Company comes into possession of for the purpose of executing the contract) about the content of this Information.
The Personal Data Controller