Dear Supplier/Customer,
With this document (“Information Notice”) the Data Controller, as defined below, wishes to communicate the purposes and methods of processing personal data and the rights that THE Regulation (EU) 2016/679, relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data (“GDPR”), grants to Natural Persons whose personal data IS subjectED to the processing carried out.
This information notice is addressed to natural persons, such as owners, administrators, managers, employees, general contacts of customers and suppliers, whose personal data the Data Controller must process in order to stipulate, follow up on service or supply contracts, qualified as both customers and suppliers.
Natural Persons also include Legal Persons where Natural Person and a Legal Person coincide, for example, self-employed professionals or sole proprietorships.
The Data Controller is Gallorini Alloys S.r.l., with its registered office at Via di Pescaiola n.5/7, Civitella in Val di Chiana – Badia al Pino (AR) 52041, represented by the legal representative CARLO GALLORINI – President of the Board of Directors – VAT and Tax Code 01925470518.
2.1. Nature of the processed data
For the purposes indicated in this Information Notice, identifying and contact data (name, surname, address, phone number, email, and other contacts as identification number) of natural persons (such as legal representatives, administrators, managers, employees, collaborators, contacts) with whom we will interact for the management of the contractual relationship will be processed, as well as all other personal data necessary for the correct performance of the contractual relationship and to comply with the legal obligations required by the accounting and tax regulations.
2.2. Source of personal data
Your personal data processed by the Data Controller are those provided directly by you, through direct contact or collected through business cards, company presentations and following a phone or email contact.
The processing to which your personal data will be subjected is aimed exclusively at:
For all and only the processing of your personal data envisaged by this Information Notice, the legal basis of the processing is constituted:
The provision of personal data is a necessary requirement for the establishment of the contract. The failure to provide data will, therefore, make it impossible for the Data Controller to conclude and execute the supply contract or to commission the work.
The processing of your personal data will take place in compliance with the provisions of the GDPR, through paper, IT, and telematic tools, with logic strictly related to the indicated purposes and, in any case, with methods suitable to guarantee their security and confidentiality in accordance with the provisions of Article 32 of the GDPR.
The Data Controller uses your personal data only for the time necessary for the management and execution of the current contract, as well as for the fulfillment of the legal obligations deriving from it. The criteria applied by Gallorini Alloys S.r.l. for the retention of Personal Data are:
The data are processed within the structure of the Data Controller by the subjects (employees) authorized and appointed to process the data under its responsibility for the purposes mentioned above. The data may be communicated to external subjects (outsourcers) with whom specific agreements, conventions, or proper mandates exist with the Data Controller unless they assume the role of autonomous data controller according to the current legislation. The categories of recipients are as follows:
The subjects belonging to the above categories operate, in some cases, in total autonomy as distinct Data Controllers, in other cases, as Data Processors appointed by the Data Controller in compliance with Article 28 of the GDPR. The complete and updated list of subjects to whom your personal data may be communicated can be requested at the Data Controller’s registered office.
Your personal data are not in any way disclosed or transferred to third parties outside the European Union and are not subject to dissemination.
In relation to the processing described in this Information Notice, as a data subject you may, under the conditions provided by the GDPR, exercise the rights enshrined in Articles 15 to 21 of the GDPR and, in particular, the following rights:
To lodge a complaint with the Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM).
The above rights may be exercised by contacting the Data Controller through:
The subjects belonging to the above categories operate, in some cases, in total autonomy as distinct Data Controllers, in other cases, as Data Processors appointed by the Data Controller in compliance with Article 28 of the GDPR. The complete and updated list of subjects to whom your personal data may be communicated can be requested at the Data Controller’s registered office.
A response will be provided without undue delay and, in any case, no later than one month from receipt of the request.
at Via di Pescaiola n.5/7 52041 Civitella in Val di Chiana – Badia al Pino (AR).
A response will be provided without undue delay and, in any case, no later than one month from receipt of the request.