Gestioni S.p.A.

PRIVACY INFORMATION FOR THE SUPPLIERS

IN ACCORDANCE WITH THE ART. 13 OF THE EUROPEAN REGULATION NO. 679/2016 - GDPR
Gestioni S.p.A. whose registered office is in Italy Albino (BG) Via Roma, 110, post code 24021 Cod.Fisc. 01653140168, VAT number 04334290162, ph. 035776111, e-mail address fassi@fassi.com, certified email address gestioni@legalmail.it, as process Controller, informs you that in accordance with the art. 13 of the european regulation NO. 679/2016 - GDPR your data will be processed according to the following procedures and for the following purposes:
  1. Categories of processed data and how data are processed
    2. The Controller processes the personal data of the natural persons through whom the Supplier has a legal relation with the Controller e.g. identification and personal data of employees, collaborators, trainers etc. (name, surname, address, country, place of residence, ph. number and/or mobile ph. number, fax number, fiscal code, VAT number, company name, personal e-mail, bank and payment references as for example IBAN, information related to the economic or commercial nature of the relationship, tax receipt, invoicing).
    The process of your personal data is carried out according to the operations indicated at the article 4 comma 1 n. 2) GDPR and precisely: collection, registration, structuring, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction.
    Your personal data are subject to both paper and electronic process.
  2. Purposes and legal basis of the process
    3. The personal data of the natural persons as per previous point are processed without prior express consent according to what is prescribed by the Art. 6 comma 1 letter b) of the GDPR for the following purposes:
    1. creation and performance of the contractual relationship between the supplier and the Controller including the management of the identification data and of the suppliers’ list;
    2. management of suppliers’ qualification;
    3. management of the orders;
    4. management of the contractual relationship;
    5. performance of the accounting duties, such as management of accounts and treasury, as well as of invoicing (for example invoice check and registration).
    The process of the data related to the natural persons acting on behalf of the Supplier/concerned party is based on the performance of the established contractual relationship and on the obligation imposed by a law regulation.
  3. Storage
    4. The personal data given for the above-mentioned purposes will be stored as long as the contract is in force and for the following 10 years after its end for accounting and fiscal reasons, in compliance with the current regulations. In case of a legal controversy, and throughout its duration, until an appeal action is possible.
    After the above-mentioned terms of storage, the data will be destroyed or anonymized.
  4. Data Transmission
    5. The data could be made accessible for the purposes mentioned at the Art. 2:
    to employees and collaborators of the Controller, appointed or, if required, authorized and/or in charge of the process and/or system administrators, or third-companies or other subjects (as for example, banks, professional firms, consultants, companies offering insurance services, third-suppliers of technical services, couriers, hosting providers, IT companies, communication agencies, legal/accounting/fiscal or insurance firms, companies in charge of payment collection and payments, of IT assets management, of correspondence delivery etc.) that perform outsourcing activities on behalf of the Controller and are appointed, if required, data processors.
    Moreover, the Controller can transmit your data to supervisory bodies and judicial authorities for the above-mentioned purposes, if this is required by the law.
    The data won’t be widespread.
  5. Data transfer
    6. The Controller processes the data applying the suitable security measures that prevent any non-authorized access, disclosure, modification or destruction. The process is carried out through computer and/or telematic tools, in a structured way and according to logics strictly connected to the indicated purposes.
    The management and the storage of the personal data will be on servers located in the European Union. The data won’t be transferred outside the European Union. It goes without saying that the Controller can move the servers in Italy and/or in the European Union and/or countries outside EU, if this is necessary. In any case, the Controller assures that the data transfer outside EU will take place in compliance with the applicable law regulations and, if necessary, agreements guaranteeing a suitable protection degree and/or applying the standard contract provisions foreseen by the European Commission.
  6. Nature of the data supply and consequence of the refusal
    7. The data supply for the purposes as per Art. 2 points 1-5 is compulsory. If the data are not available, we can’t grant you any service as per art. 2.
  7. Data subject’s rights
    8. In your position of data subjects, you have the rights as per Art. 15-22 GDPR and precisely the rights to:
    • receive the confirmation of the existence of non-existence of the personal data concerning your person;
    • receive the indication of the origin of the personal data, of the purposes and method of processing, of the applied logics in case the process is carried out using electronic tools, of the identification data of the Controller, of the processors and of the representative appointed according to Art. 3, comma 1 GDPR, of the subjects or subject categories to whom the personal data might be communicated or that can get to know them as representative of Processors or authorized people appointed in the territory of the country. The updated list of the processors and of the authorized subjects is available at the registered office of the Controller.
    You have also the right to get the data update, their correction or, if you are interested in it, the data integration, the cancellation, the anonymization or the blocking of the processed data when breaching the law, including those data, for which the storing is not required in relation to the purposes according to which the data were collected or afterwards processed, the confirmation that the operations here above have been brought to the attention, even for their contents, of those people, to whom the data were communicated or disclosed, except when this accomplishment turns out to be impossible or implies a disproportionate effort compared to the safeguarded right.
    Due to legitimate reason, you can oppose, totally or partially, the processing of the personal data related to your person, although they pertain the collection purpose, the processing of the personal data for the forward of advertisement or direct sales material or for market research or sales communications. Where applicable, you have also the right to rectify, the right to be forgotten, the right to limit the process, the right to data portability, the right to oppose.
    Except for any other administrative or judicial action, you have the right to complain to the Control Authority. You can therefore get in touch with the Data Protection Authority according to the indications available on the website www.garanteprivacy.it.
  8. How to exercise the rights
    9. If you wish to receive more information about the process of your personal data, that means to exercise the rights as per the previous point, you can send a message to the Controller. Before being able to supply to you, or to modify, any kind of information, it might be necessary to check your identity and to reply to some questions.
    The requests can be made by sending an e-mail, a certified e-mail or a registered letter with advice of receipt to the above-mentioned addresses or you can contact the DPO at the email address gdpr@fassi.com.
    The requests will be processed as soon as possible according to the request typology and in any case within 30 days, extendable for further 60 days for particularly complex cases.
  9. Controller, processor and authorised people
    10. The process controller is Gestioni S.p.A. whose registered office is in Italy Albino (BG) Via Roma, 110.
    The list of the external processors dealing with the data process and of the authorized subjects is available at Controller’s registered office.