INFORMATION FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO AND FOR THE EFFECTS OF ART. 13 GDPR 679/2016
In compliance with the provisions of the GDPR 679/2016 we are to inform you / you, as “interested”, on the purpose of the collection and on the methods of processing personal data relating to your / your company / person, acquired by us directly from you / You, to allow us to carry out our business adequately and according to the current regulatory provisions.
We therefore provide you with the correct information on the processing of personal data, as specifically indicated below.
1. IDENTITY AND CONTACT DETAILS OF THE HOLDER
The Data Controller is Sabi Work S.r.l. , with headquarters in Padua, via Ospedale Civile, n. 33, P. Iva 01165500297, mail: firstname.lastname@example.org, pec: email@example.com.
2. PURPOSE OF THE TREATMENT
Without prejudice to the fulfillment of the obligations established by laws, regulations and community regulations, the data collected will be processed by us for the performance of the following activities:
- acquisition of contractual information and fulfillment of obligations deriving from one or more contracts;
- administrative and accounting management of customers and suppliers, in particular:
- customer/supplier administration;
- management of the contractual relationship;
- order management;
- receipts and payments;
- debt collection;
3. LEGAL BASIS OF THE TREATMENT
The legal basis of the processing is constituted by the fulfillment of contractual obligations.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The personal data collected may be communicated by us exclusively to the third parties indicated below:
- accounting, tax, legal consultant;
- debt collection company, only where necessary;
- public bodies, judicial, financial and other institutions, if required by laws, regulations, community directives;
- IT technical consultant
Personal data may also be known by personnel expressly appointed by the Data Controller who will be able to provide for data management operations, in relation to the purposes indicated above.
The specific identification data of the aforementioned third parties may be known by you at any time through the exercise of the right of access recognized to you and without prejudice to any legal limitations in this sense.
5. INTENTION OF THE CONTROLLER TO TRANSFER THE PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION
It is not the intention of the Data Controller to transfer the data collected to a third country or to an international organization.
6. PERIOD OF CONSERVATION OF THE PERSONAL DATA COLLECTED
The data collected will be stored as follows.
- Data necessary for the execution of the contractual relationship: for the entire duration of the contractual relationship.
- Accounting records, invoices and correspondence: ten years, as established by law.
- Data necessary for the credit recovery activity: up to the completion of this activity.
- Data necessary for the management of any dispute: up to the definition of the dispute itself.
Any longer retention periods remain unaffected, in the event that they derive from legal, accounting and/or tax obligations.
Once the storage period, as described above, has elapsed, the data you have provided will be completely eliminated.
7. RIGHTS OF THE INTERESTED PARTY
The GDPR 679/2016 recognizes some rights to the interested party:
- right of access to collected and processed data – art. 15;
- right to obtain rectification of data – art. 16;
- right to obtain the cancellation of data and right to be forgotten – art. 17;
- right to obtain the limitation of treatment – art. 18;
- right to data portability to another holder – art. 20;
- right to object to processing – art. 21;
- right not to be subjected to automated processing – art. 22;
- right to withdraw the consent at any time, without prejudice to the lawfulness of the treatment based on the consent given before the revocation – art. 7;
- right to lodge a complaint with the Supervisory Authority – art. 77;
- right to lodge a judicial appeal against the supervisory authority (art. 78) and against the Data Controller or Data Processor (art. 79).
To exercise the rights referred to in points a) to h), it is necessary to contact the Data Controller.
8. NATURE OF THE PROVISION
The provision of personal data by the interested party, although not mandatory, is necessary for the achievement of the purposes indicated above. Failure to provide data renders the legal relationship at the basis of the treatment unexecutable.
The interested party is responsible for promptly notifying the Data Controller of any changes concerning the personal data provided.
9. AUTOMATED DECISION MAKING PROCESSES INCLUDING PROFILING
The data provided will not be processed through automated decision-making processes, including profiling.
10. METHODS OF TREATMENT
The data provided will be processed by us in accordance with the provisions of the GDPR 679/2016 and according to the following methods:
- access to data and archives allowed only to persons in charge of/authorized to process;
- data and area protection through appropriate measures and which are systematically monitored;
- data collection for direct contact with the interested party;
- registration and processing both by computer media and through files and paper media;
- organization of archives mainly in computerized form, but also on paper;
- checks and modifications of data following any request from the customer/supplier.
11. COMPLAINT TO THE SUPERVISORY AUTHORITY
The interested party has the right to lodge a complaint with the Supervisory Authority in the event that he believes that the processing that concerns him violates the GDPR 679/2016.
The reference Authority is the Guarantor for the protection of personal data