GENERAL INFORMATION

Clients/suppliers (concerned by data processing) and their representatives (hereinafter referred to as “data subjects” pursuant to Article 4 paragraph 1 of the GDPR) are hereby informed that the professional relationships established with the undersigned Controller may entail the processing of personal data, in compliance with the following general principles:

• all data are processed in a lawful, fair and transparent way for the data subject, in compliance with the general principles set forth by Article 5 of the GDPR;
• specific security measures are taken to prevent the loss, unlawful or unfair use of or unauthorised access to data;
• the Data Controller is the undersigned Company: Caseificio Gennari Sergio & Figli Srl, via Varra Superiore 14/A – 43044 Collecchio (PR); numero telefonico: 0521 805947; e-mail: info@caseificiogennari.it
• the Controller whom can be contacted in order to exercise all the rights provided for by articles 15-21 of the GDPR (right of access, rectification, erasure, limitation, portability, objection) as well as to withdraw a previously given consent or lodge a complaint with a data protection supervisory authority.

DATA UNDERGOING PROCESSING

The Controller processes personal identification data of the client/supplier (e.g. name, surname, company name, personal/tax data, address, telephone number, e-mail, bank and payment reference data) and of his/her representatives (name, surname and contact details) acquired and used during the provision of services by the Controller.

LEGAL BASIS AND PURPOSES OF THE PROCESSING

Data are processed:

• to establish contractual/professional relationships;
• to fulfil pre-contractual, contractual and tax obligations arising in relation to the existing relationships, as well as to manage the required notices connected with them;
• to fulfil legal obligations, or obligations set forth by a regulation, the EU legislation or by an order issued by the Authority;
• in order for the Controller to exercise a legitimate interest as well as a right (e.g.: right of defence of legal claims, protection of claims; ordinary internal operational, management and tax needs).

A non-provision of said data will prevent the establishment of the relationship with the Controller. In accordance with Article 6 paragraphs b,c,f, the above-mentioned purposes provide an appropriate legal basis for the lawfulness of the processing. Should the processing be carried out for different purposes, specific consent shall be required from the data subjects.

PROCESSING METHODS

Personal data are processed by means of the operations indicated in Article 4 no. 2) GDPR, more specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, denial, disclosure, erasure and destruction of data. Personal data are processed both by paper and by electronic and/or automatic means. The Controller shall process personal data for the amount of time required to fulfil the purposes for which they have been collected and the related legal obligations.

SCOPE OF THE PROCESSING

Data are processed by internal individuals, who are duly entitled and instructed to the processing in compliance with Article 29 of the GDPR. The scope of disclosure of personal data may also be requested, obtaining precise indications as to whether there are external individuals acting in the capacity of autonomous Processors or Controllers (consultants, specialists, bank institutions, carriers, etc.). Data are not disclosed or handed over to extra-EU countries. Should it be necessary, within the context of tender procedures or contracts or for the fulfilment of regulatory obligations (e.g.: joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.) acquiring from clients/suppliers their employees’ personal data, the parties hereby agree that the undersigned company shall be authorised to the processing of such data in the capacity of External Processor (Article 28 of the GDPR) or of authorised subject (Article 29 of the GDPR). Within such relationship, the undersigned company commits itself to processing such data in compliance with the compliance requirements provided for by the GDPR, ensuring that it will only disclose data to other subjects within the context of specific legal obligations.

RIGHTS OF DATA SUBJECT (GDPR articles 15-22)

At any time, the data subject can exercise the right to:

• ask for confirmation of the existence or not of personal data.
• obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period.
• obtain the correction and deletion of personal data.
• obtain the limitation of the processing.
• obtain data portability, ie receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data processor without hindrance.
• oppose the treatment at any time and also in the case of processing for direct marketing purposes.
• oppose an automated decision-making process relating to natural persons, including profiling.
• lodge a complaint with a supervisory authority.