INFORMATION FOR CUSTOMERS AND SUPPLIERS
IN ACCORDANCE WITH ARTICLES 13-14, GDPR EU/2016/679
The European Regulation EU/2016/679 (hereinafter the “Regulation“) establishes rules concerning the protection of natural persons with regard to the processing of personal data, as well as rules regarding the free movement of such data.
In compliance with the transparency principle outlined in Article 5 of the Regulation, SAIP SRL, as the Data Controller, provides you with the information required by Articles 13 and 14 of the Regulation.
Identity and Contact Information of the Data Controller
The Data Controller is:
Dr. Vincenzo Imparato, reachable via the following email address: hr@saip.it
Purposes of Processing
The processing of your personal data will be guided by the principles of fairness, lawfulness, and transparency, protecting your privacy and rights, and in accordance with the privacy policy of the Organization/Company. The Organization/Company also commits to processing your data in accordance with the principle of “minimization,” which means acquiring and processing data only to the extent necessary for the following purposes:
- Contractual and Pre-contractual Obligations
- Post-Sales Assistance Activities
- Tax Compliance Management
- Legal Compliance Obligations
- Communications and Updates on services and products, only following officialized relationships, to pursue the legitimate interest of the Data Controller and seek mutual benefit and customer satisfaction (e.g., technological updates, performance improvements, new product versions, customer service enhancements, etc.).
The provision of your personal data for the purposes described is necessary and is covered by existing criteria of lawfulness of processing, and therefore, your consent to the processing is not required. Refusing to provide the necessary data will make it impossible to provide services and products and, consequently, to enter into contracts.
Methods of Processing
The processing of your personal data will be carried out using both paper-based and computer tools, in compliance with data protection regulations and, in particular, the appropriate technical and organizational measures outlined in Article 32.1 of the Regulation. These measures ensure the data’s integrity, confidentiality, and availability, with the observance of every precautionary measure to guarantee these aspects.
No automated processing is applied.
Recipients to Whom Your Data May Be Disclosed
Your personal data may be disclosed, closely related to the aforementioned purposes, to the following individuals or categories of individuals:
- Banks
- Judicial authorities
- Consultants and self-employed professionals, even in an associated form, duly appointed in accordance with Article 28 of the GDPR
- Companies providing logistics services
- Private companies managing credit information systems
- Public entities
Your personal data may be accessed, due to the services provided and in close relation to the aforementioned purposes, by the following individuals or categories of individuals:
- Providers of electronic communication and IT infrastructure maintenance services
- Outsourced system administrators
We also inform you that the communication of your data to the categories of individuals listed is necessary for the proper management of contractual obligations and legal obligations related to contracted activities.
With regard to these categories of recipients, the Data Controller commits to entrust only those who provide adequate guarantees for data protection and will appoint them as Data Processors in accordance with Article 28 of the Regulation. The list of Data Processors is available at the Organization/Company and can be viewed upon request to the Data Controller.
Your data will also be processed, exclusively for the purposes mentioned above, by employees and/or collaborators of the Organization/Company, specifically authorized and instructed by the Data Controller in accordance with Article 29 of the Regulation.
Your personal data will not be subject to disclosure.
Transfer of Personal Data to Non-EU Countries
Your personal data will not be transferred to countries outside the European Union or to international organizations.
Retention Period for Your Data
DATA CATEGORIES | PERIOD OF RETENTION |
Data related to the request and purchase of services and products (contract details, terms, conditions, duration, etc.) | Throughout the entire duration of the contractual relationship and an additional 10 years from the last registration (Article 2220 of the Civil Code). |
Personal data (name, surname, gender, place and date of birth, residence, domicile) | |
Data related to solvency, reliability, and payment punctuality | |
Data related to the sales contract (contract value, object, terms, conditions, etc.) | |
Contact information (phone number, email, etc.) | |
Banking details |
Rights Granted to the Data Subject
At any time, you may exercise, against the Data Controller, your rights as provided for in Articles 15-22 of the Regulation. In particular, at any time, you have the right to request:
- access to your personal data;
- rectification in case of inaccuracies in your data;
- erasure;
- restriction of processing.
You also have:
- the right to object to the processing if it is carried out for the legitimate interest of the Data Controller, and if you believe that your fundamental rights and freedoms are violated;
- the right to withdraw your consent at any time for the purposes for which it is necessary;
- the right to data portability, which means the right to request and receive your personal data in a structured, commonly used, and machine-readable format.
You have the right to lodge complaints with the supervisory authority, the Italian Data Protection Authority (Garante della Protezione dei Dati Personali), located at Piazza Venezia 11, IT-00187, Rome (eMail: protocollo@gpdp.it, PEC*: protocollo@pec.gpdp.it, phone +39 06.696771).