Information for Customers and Suppliers
pursuant to art. 13 of Regulation (EU) 2016/679
Dear Customer, Supplier,
In order to perform the contract, D.T.M. Ricambi S.r.l. will need to process certain of your personal data (e.g., name, surname, Tax Code, contact details, etc.).
Regulation (EU) 2016/679 (General Data Protection Regulation, known as the GDPR) provides for a number of obligations to protect individuals with regards to the processing of personal data.
In compliance with the Regulation, we hereby inform you that your data shall be processed by D.T.M. in its capacity as Data Controller, using hardcopy and computerized tools, only as strictly necessary for purposes connected with the performance of the contract. The data shall be processed only by duly authorised personnel, besides by a number of external individuals or entities (e.g., suppliers of IT services, our accountant), expressly designated as data processors or operating as autonomous data controllers; the data shall not be used for the sending of commercial communications, unless you give us your express consent, or for profiling purposes, or for making automated decisions affecting you.
You may exercise your rights provided for by the Regulation at any time, such as to request access to the data, their rectification if there are errors, their cancellation (e.g., if no longer necessary), limitation in the processing and portability of the data, to lodge a complaint with the Italian Data Protection Authority and to oppose processing in cases provided by law.
We invite you to carefully read this policy, a copy of which may be requested at any time.
This policy is provided in compliance with article 13 of the Regulation and the Transparency Guidelines of the European Group of Data Protection Authorities. These documents can also be requested via e-mail. Your privacy is a priority: if anything is not clear, we are at your disposal for any explanations.
D.T.M. Ricambi S.r.l.
1. DATA CONTROLLER AND CONTACT DETAILS
AThe Data Controller is D.T.M. RICAMBI - S.R.L., Tax Code and VAT no. 02243530371, accessible via the following contact details: Via della Cooperazione, 5, 40129 Bologna BO, Italy, Telephone: +39 051 6325404, Fax: +39 051 705987, Email: email@example.com, PEC: D.T.M.firstname.lastname@example.org.
The offices are open from Monday to Friday at the following times: morning 8:30 – 12:30, afternoon 14:00 – 18:00.
2. DATA PROTECTION OFFICER or DPO
During the normal course of business, D.T.M. does not carry out processing activities which, by their nature, field of application and/or purposes, require the regular and systematic monitoring of data subjects on a wide scale, nor the processing, on a wide scale, of particular categories of personal data as per art. 9 of the Regulation (so-called sensitive data) or data relating to criminal convictions or offenses as per art. 10 of the Regulation.
As a result, D.T.M. is not subject to the obligation to appoint a Data Protection Officer pursuant to and by the effects of art. 37 and following of the Regulation.
3. CATEGORIES OF DATA TO BE COLLECTED AND PROCESSED
D.T.M. shall collect, directly from you, only personal data necessary for the purposes pursued, as set out in detail subsequently, such as: personal details (name, surname, date and place of birth), contact details (fixed/mobile telephone number, fax number, e-mail address), invoicing data (tax code, VAT no., registered office address).
4. PURPOSES AND LEGAL BASIS OF THE TREATMENT
The data provided by you shall be processed for the purposes and in compliance with the regulations as indicated below.
|Categories of personal data||Purposes of the processing||Legal basis of the processing|
|Generic personal data (e.g., name, surname, place and date of birth, tax code, any VAT no., address, contact details)||(A) To fulfil contractual obligations||Processing is legitimised by the contract entered into between you and D.T.M.: the processing is, in fact, necessary for the performance of the contract to which you, as the data subject, are party (as provided for by art. 6, para. 1 letter b of the Regulation), as well as any performance of pre-contractual measures further to your request.|
|Generic personal data (e.g., name, surname, place and date of birth, tax code, any VAT no., address, contact details)||(B) To fulfil obligations provided for by law, by a regulation or by European Community legislation, connected with the performance of the contract (e.g., accounting and fiscal fulfilments, obligations imposed by the Regulation, such as the exercise of your rights as data subject, etc.)||The legal basis of the processing is legal obligation: the processing is, in fact, necessary for fulfilling the legal obligations to which D.T.M. is subject (as provided for by art. 6, para. 1 letter c of the Regulation).|
|Contact details (e-mail, telephone, fax)||(D) The sending of commercial communications (e.g., updates regarding D.T.M.’s products and services, initiatives in favour of the Clientele, events, etc.)||The legal basis is your explicit consent (as provided for by art. 6, para. 1, letter a of the Regulation).|
5. PROCESSING METHODS
Processing can be carried out through computerised, electronic, telematic and/or manual and hardcopy instruments and is limited to operations strictly necessary for the purposes set out above.
More information on the processing of personal data by D.T.M. is obtainable in the processing registers, available at the Company’s registered office.
6. RECIPIENTS OF PERSONAL DATA
If required for the performance of the contract, the data which is subject to processing can be processed by D.T.M.’s expressly authorised employees and external consultants; they can also be processed by the following individuals, entities and services to which D.T.M. refers:
- professionals and enterprises that collaborate with D.T.M. in relation to the contract (e.g., accountant, data processing company);
- banks in relation to payments made by cash cards, credit cards or cheques;
- suppliers of IT services and server management;
- suppliers of software (e.g., management software);
- suppliers of connectivity and telephony services;
- suppliers of communication services;
- suppliers of cloud and hosting services;
- suppliers of electronic mail and certified electronic mail services
- individuals, entities or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions, regulations or orders of authorities, also further to inspections or audits (by way of example and not in exhaustive terms: Revenue Office, Local Health Authorities, Data Protection Authority, social services and welfare bodies, the police forces and judicial bodies);
- individuals and entities that can access your data by virtue of provisions of law or secondary or European Community legislation.
The names of recipients are available to you against simple request, also via e-mail.
7. TRANSFER OF DATA TO A THIRD-COUNTRY OR TO AN INTERNATIONAL ORGANISATION
Your data will be processed in Italy and in the European Union. Your data may be transferred to the Republic of San Marino, where the Passepartout management software servers are situated, in full compliance with current legislation. D.T.M. has entered into a contract with the supplier for data processing supplemented by standard data protection clauses (as per art. 46, paragraph 2 letter c of the GDPR) adopted by the EU Commission, which provide you with adequate guarantees.
8. DATA RETENTION PERIOD
D.T.M. shall retain your personal data for the time necessary in relation to the above-described purposes, as indicated in the table below.
|Categories of personal data||Purposes of the processing||Retention period|
|Generic personal data (e.g., name, surname, place and date of birth, tax code, contact details)||(A) To fulfil contractual obligations||For the duration of the contract and for the 10 following years (ordinary statute of limitations, as per art. 2946 Italian Civil Code). The data may be retained for a longer period further to your express request.
During the period of the contract, in all events, D.T.M. shall arrange annually to return to you or to destroy all the documents containing personal data the retention of which is no longer necessary.
|Generic personal data (e.g., name, surname, place and date of birth, tax code, any VAT no., address, contact details)||(B) To fulfil obligations provided for by law, by a regulation or by European Community legislation, connected with the performance of the contract (e.g., accounting and fiscal fulfilments, obligations imposed by the Regulation, such as the exercise of your rights as data subject, etc.)||For the term prescribed by the specific obligation or legal provision or applicable measure (e.g., keeping of invoices and accounting records)|
|Contact details (e-mail, telephone, fax)||(D) The sending of commercial communications (e.g., updates regarding D.T.M.’s products and services, initiatives in favour of the Clientele, events, etc.)||Until the revocation of your explicit consent.|
9. YOUR RIGHTS AS DATA SUBJECT
In your position as Data Subject, you are attributed all the rights provided for by the Regulation, as set out below.
|Right of Access (art. 15)||You have the right to obtain from D.T.M. access to your data and request specific information (e.g., purposes of the processing, categories of data, recipients, retention period, information regarding your rights, etc.).|
|Right of Rectification (art. 16)||You have the right to obtain from D.T.M. the rectification of inexact data and/or the integration of incomplete data.|
|Right of Erasure (so-called “Right to be forgotten”) (art. 17)||You have the right to obtain from D.T.M. the erasure of data in specific cases (e.g., if the data are no longer necessary, if you decide to revoke your consent, etc.).|
|Right of Limitation (art. 18)||You have the right to obtain from D.T.M. that the processing is limited in specific cases (e.g., if you contest the exactness of the personal data or if you oppose the processing, etc.).|
|Right that D.T.M. notify a rectification or erasure to the recipients (art. 19)||D.T.M. undertakes to inform the recipients of any rectifications or erasures of data so that they can take action on the data in their possession and continue to process them in the correct way.|
|Right to the Portability of the data (art. 20)||You have the right to obtain your data from D.T.M. - in a structured format, of common use and legible by automatic devices – to transfer them to another Data Controller, or to obtain their direct transmission to another Data Controller on the part of D.T.M.|
|Right to revoke consent||You also have the right to revoke at any time your consent to the processing of data; revocation takes effect as soon as D.T.M. is informed. Said revocation, as provided for by the Regulation, does not affect the legitimacy of the processing based on the consent previously given.|
|Right to lodge a complaint||If you consider that the processing of your personal data carried out by D.T.M. is in breach of the provisions of the Regulation, you have the right to lodge a complaint to the Italian Data Protection Authority, the contact details of which are accessible at the link http://www.garanteprivacy.it/web/guest/home/footer/contatti as provided for by art. 77 of the Regulation, or to take legal action in the appropriate court in compliance with art. 79 of the Regulation.|
It is important, moreover, that you are fully aware of your right of opposition, as regulated by art. 21 of the Regulation:
|Right of opposition||The Regulation (art. 21) recognises you the right to oppose to the processing of your data in specific cases, for example for reasons connected with your particular situation, as well as to any processing for profiling or marketing purposes.|
In all the cases described, the exercise of your rights is brought to the attention of those to whom your data have been communicated, except in cases of exemption as provided for by the Regulation. For any clarification you can consult the Data Protection Authority Guide: http://www.garanteprivacy.it/regolamentoue/diritti-degli-interessati.
In certain situations (erasure, limitation, opposition), the exercise of your rights may no longer make it possible, in whole or in part, to perform the contract with you. All the rights described are exercised by making a request to D.T.M. without formalities (also via e-mail to the address email@example.com), also through a representative. Your request will receive a suitable reply in good time.
10. HOW TO REVOKE YOUR CONSENT
In the event the legal basis of the processing is your consent, as data subject you have the right at all times to revoke the consent previously given, in the same way as you expressed it and, in any case, by e-mail, sending the revocation to the following address: firstname.lastname@example.org.
The e-mail will have effective force when received and upon its receipt will permit the interruption of any processing, and communication will be made to every recipient in order for them to take suitable action.
It should be noted that any revocation of consent does not affect the legitimacy of the processing based on the consent expressed before revocation.
11. OBLIGATION AND REQUIREMENT TO COMMUNICATE THE DATA
The provision of your personal data for the purposes indicated above, in paragraph 4, letters A) and B), is optional but necessary for performing the contract and fulfilling the legal obligations attributed to D.T.M.
Failed or partial provision of data could imply the failed or inexact performance of the contract.
The provision of your personal data for the purposes as per letter C) is optional and any failed provision shall not prevent or have any repercussions on the performance of the contract.
12. PROFILING AND AUTOMATED DECISION-MAKING PROCESSES
Your personal data processed by D.T.M. shall not be used for profiling purposes or for activating decision-making processes based on automated processing activities.