Dear Customer/Supplier in compliance with art. 13 of the EU Regulation 2016/679 (hereinafter “Regulation”) and as for your personal data, our company, as controller, in compliance with the executing contracts, is willing to share the following information:
1. Identification of the controller
The controller is A.C.M. ENGINEERING S.R.L. whose registered office is in Emilia, 4 – 46030 Bigarello (MN) and operating premises as well. Contacts: Telephone (+39) 0376 / 294648 E-mail: firstname.lastname@example.org. As the controller applies within the entire European Union, no processor deserves being appointed.
2. Contacts of the representative
Following the control of the applicability of what forecast by art. 37 of the Regulation, no representative was appointed for the data protection, as the company does not comply with any of the forecast cases.
3. Purpose of the data processing and juridical scope
The data is simply processed for the following activities: - Compliance with the law and/or contracts, compliance with uses and customers, as for any company commercial activity - Accounting and administration processing; - Legal compliance and dispute management; Compliance with regulations in force in terms of safety, security and health on the workplace; - Compliance with the company internal management system enforcement. The processing juridical scope consists of: acquisition/sale contract of goods and services; Legislative decree 81/2008 and following changes, as for the regulations in force as for safety, security and health on the workplace and relating regulations as for the enforcement of the Italian Criminal and Civil code. The processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. It is carried out by the controller o by reliable companies appointed by the controller, whose list is available by the controller, as independent controllers, obliged to comply with the contract signed with the company as for the personal data protection. Personal data is not disclosed.
4. Legitimate interests of the controller
In case any processing is carried out in compliance with art. 6, paragraph 1, letter f, it only complies with the legitimate interests of the controller.
5. Recipients of personal data:
The p ersonal data collected is to be transferred to: - subjects entitled to access such data according to the regulations in force; - the company consultants for their activities; - natural or legal person, public authority, agency or another body, to which the personal data is disclosed necessarily or functionally to carry out the company activities and in the modes and according to the specified purposes.
6. Cross-border transfer
The owner is not transferring personal data to third countries or international organisation outside the European Union.
7. Retention of personal data
The time retention limit is imposed by the regulations in force for tax reasons (10 years).
8. Subjects rights
The subject (Paragraph III Subject’s rights) can ask the controller to access its personal data, for its adaptation or erasure as well as for restriction or opposition to its treatment and data portability. To exercise such rights, refer to the previously mentioned contacts.
9. Withdrawal of consent
The subject is entitled to withdraw its consent in compliance with art. 6 paragraph 1, letter a) and with art. 9, paragraph 2, letter a).
10. Complaint by the supervisory authority
The subject is entitled to put forward any complaint to the supervisory authority at the following addresses: Garante per la protezione dei dati personali - Piazza di Monte Citorio n. 121 00186 ROMA Fax: (+39) 06.69677.3785 Switchboard: (+39) 06.696771 E-mail: email@example.com Certified e-mail: firstname.lastname@example.org. References and modes to exercise such complaint rights are specified on the website of the Garante della Privacy http://www.garanteprivacy.it.
11. Personal data communication
The communication and following processing of personal data are required to conclude any agreement with the company. No communication, no contract enforcement.
12. Automated decision-making process
The personal data will not undergo any automated decision-making process, profiling included.