Data processing information for Galvani S.r.l. suppliers
We inform you that pursuant to Art. 13 of EU Regulation 2016/679, (hereinafter “the Regulation”) your personal data (as referred to under Art. 4, paragraph 1) will be processed by Galvani S.r.l., with registered office at Via Monti Lessini, 8 – San Giovanni Lupatoto (VR) in the capacity of Data Controller (“the Controller”), for the following purposes:
- for pre-contractual, contractual and administrative-accounting procedures. The legal basis for the processing is the performance of the contract (Art. 6 (1) (b) of the Regulation).
- the performance of and compliance with obligations of law, regulations and Community rules. Legal basis for the processing: compliance with a legal obligation (Art. 6 (1) (c) of the Regulation).
- to enforce and/or defend the Controller’s legitimate interests before judicial authorities, to manage disputes, contractual default, warnings, transactions, credit recovery, credit protection and arbitration, and to check the Supplier’s reliability for the purpose of verifying supplier requisites in respect of Company policies; Legal basis for the processing: the Controller’s legitimate interests (Art. 6 (1) (f) of the Regulation)
The nature and manner in which the personal data are conferred.
The conferral of the personal data is obligatory to achieve the above-listed purposes; therefore, in the case of the non-conferral or partial or inexact conferral of the data, it could be objectively impossible for Galvani S.r.l. to establish or to regularly pursue the contractual agreement.
Data processing methods and data security.
Data processing includes any operation or series of operations performed, with or without the aid of automated processes, on personal data or series of personal data, such as to collect, register, organise, structure, conserve, adapt or modify, extract, consult, use, transmit or disclose the data or to render them available in any other manner, and their comparison, interconnection, limitation, cancellation and destruction.
The personal data will be processed mainly by automated systems but also in hard-copy format, with logics strictly linked to the aforementioned purposes. The Controller has adopted suitable security measures to protect the data against the risk of loss, abuse or alteration. Although it is not possible to guarantee that the transmission of the data via the Internet or websites is perfectly secure against intrusion, Galvani S.r.l. and its suppliers undertake to maintain the physical, electronic and procedural data security measures, in accordance with the legal requisites. In particular, it has adopted, where possible, the measures indicated under Art. 32 of the Regulation and it uses protection protocols for the transmission of the data known as HTTPS. It also conserves the Supplier’s data in servers on European territory. The servers are subjected to an advanced, daily back-up and disaster recovery procedures, with full firewall protection. A strict system has been adopted to limit access to the personal data solely to the aforesaid purposes. The transfer of the data takes place by means of encrypting protocols and access to the IT systems is permanently monitored to detect and prevent unauthorised access to the personal data.
The scope of the communication, disclosure and transfer of the personal data outside the EU.
The personal data will not be communicated to third parties except to the external services used to achieve the aforementioned purposes. The personal data will not be disclosed or transferred to non-EU countries.
Categories of subjects that may gain knowledge of the users’ personal data.
The personal data may become known to the Controller’s employees and collaborators who process the data under the Controller’s direct authority. Said subjects are appointed as Data Processing Managers or Data Processing Operators in accordance with Arts. 24-29 of the Regulation, or as System Administrators. They receive adequate operating instructions to this regard from the Controller, and the Data Processing Managers appointed by the Controller give adequate operating instructions to their employees and collaborators.
Said subjects are essentially included in the following categories: software suppliers and software assistance/maintenance personnel, business security advisors, and agents. The data may also be communicated to third parties that act as independent data controllers, such as: supervisory bodies and certification bodies and entities.
Duration of the data processing and of data conservation.
The data conferred are conserved for the time required to achieve the aforementioned purposes or for any other legal purpose linked to the same; more specifically, they will be conserved for the duration of the contract and, after termination of the same, for a maximum term of 10 years. In the case of legal dispute, the personal data will be conserved for the duration of the litigation, until expiry of the term for filing appeal. After the expiry of the above-indicated conservation times, the personal data will be destroyed or rendered anonymous, as far as compatible with the cancellation and back-up technical procedures.
The place of the processing and the Data Controller’s contact data.
The personal data are mainly processed at the Controller’s head office, at Via Monti Lessini, 8 – San Giovanni Lupatoto (VR) and/or where the Data Processing Managers are located. Further information can be obtained by contacting the Data Controller via e-mail at email@example.com
The person whose data is processed has specific rights (pursuant to Arts. 15 and following of the Regulation). More specifically: right of access (to obtain conformation of the existence or non-existence of his/her personal data and to obtain access to the same and specific information); the right to obtain the correction of incorrect data; the right to obtain cancellation of the data. Said rights can be exercised by contacting Galvani S.r.l. at the following address: firstname.lastname@example.org
Data Information Note Rev.: 29/10/2018