Notice for Customers and Suppliers

PRIVACY NOTICE FOR CUSTOMERS/SUPPLIERS

Mod.CLI/FORN/COLL.-PRI

Ed. 01/2024

Pursuant to and for the purposes of Articles 13 and 14 of European Regulation 2016/679 (hereinafter GDPR) on the protection of personal data, the company Bernazzoli srl, as Data Controller (hereinafter referred to as the “Controller”) informs you that the data you provide, or otherwise acquired, will be processed in compliance with the aforementioned regulation.

Personal data processing will be carried out lawfully, fairly, and transparently with respect to the data subject.

By processing of personal data, we mean any operation or set of operations, carried out even without the aid of electronic tools, concerning collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, erasure, and destruction of data, even if not recorded in a database.

 DATA CONTROLLER: The data controller is the undersigned company  Bernazzoli srl, with registered office in  Parma, Via Cremonese No. 95/A, VAT no.: 00860370345, email: bernazzoli@bernazzoli.com, certified email: bernazzoli@cert.rsnet.it, tel: +39 0521/647155.

CATEGORY OF DATA PROCESSED

The Data Controller informs you that the following types of data will be processed: 

  • in the case of a natural person, personal identification data (name, surname, place and date of birth, tax code, phone no., e-mail address, VAT no., bank details).

  • in the case of a legal entity, company data and/or the data of its owners or their contacts (name, surname, place and date of birth, tax code no., phone no., e-mail address, VAT no., bank details).

 PURPOSE OF PROCESSING AND LEGAL BASIS

A. ESTABLISHMENT AND PERFORMANCE OF THE SUPPLY/SERVICE CONTRACT,which includes, by way of example but not limited to: pre-contractual activities, contract execution for the fulfillment thereof, payments, management and organization of the supply of goods and services. The processing of the collected data is justified by the supply of goods or services contract to which you are a party (art. 6, letter b GDPR).

Recipients of the data: the data collected in relation to the stated purpose may be disclosed to public bodies and to service companies or other private entities that play a role in the management of such activities, to persons in charge/authorized by the Controller, to data processors appointed pursuant to art. 28 of EU Reg. 2016/679, to IT consultants/system administrators, to any independent controllers, and to any joint controllers. 

The updated list of data processors and persons authorized to process data is kept at the Controller’s office and you may access it at any time by making a specific request to be sent to the addresses listed below.

Duration of Processing: the data collected in relation to the aforementioned purpose will be retained until the termination, for any reason, of the assignment and until the expiry of the limitation periods for the exercise of the Controller’s rights, within the limits provided for by the relevant civil and tax rules. 

Failure to provide data: the provision of the data necessary to pursue the above-mentioned purpose is a contractual obligation that the data subject is required to fulfill. Your failure to provide such data will make it impossible to complete the assignment.

B. COMPLIANCE WITH LEGAL OBLIGATIONS,which consists of administrative and accounting obligations, tax obligations, and litigation management.

 The processing of the collected data is justified by compliance with legal obligations incumbent on the Controller (art. 6, letter c GDPR).

Recipients of the data: the data collected in relation to the stated purpose may be disclosed to public bodies and to service companies or other private entities that play a role in the management of such activities, to persons in charge/authorized by the Controller, to data processors appointed pursuant to art. 28 of EU Reg. 2016/679, to IT consultants/system administrators, to any independent controllers, and to any joint controllers. 

The updated list of data processors and persons authorized to process data is kept at the Controller’s office and you may access it at any time by making a specific request to be sent to the addresses listed below.

Duration of processing: the data collected in relation to the aforementioned purpose will be retained for the period provided for by the legislation that requires the processing and until the expiry of the limitation periods for the exercise of the Controller’s rights, for the longer term relating to the limitation period of the relevant rights, within the limits provided for by the relevant civil and tax rules.

Failure to provide data: with regard to personal data relating to compliance with a legal obligation, failure to provide the personal data prevents the contractual relationship from being completed. 

Methods of processing: the processing of data for the purposes set out above takes place by electronic, IT, or paper-based means in compliance with the confidentiality and security rules provided for by the aforementioned regulations and by other regulations consequential thereto. They are also processed, on behalf of the Controller, by professionals and/or companies appointed to carry out technical, development, management, and administrative-accounting activities.

Transfer of data abroad: The data collected in relation to the aforementioned purposes are not transferred to countries outside the EU.  The Controller, however, reserves the right to use cloud services; in that case, the service providers will be selected from those that provide adequate guarantees, as provided for by art. 46 of EU Regulation 2016/679.

Automated decision-making processes: the data collected in relation to the aforementioned purpose are not subject to automated decision-making processes (including profiling).

Data subject rights: under EU Reg. 2016/679 the data subject has the right to

  • access personal data to learn (“reactive transparency”) the purposes of the processing, the categories of personal data collected, the recipients of the data communication, in particular if they are recipients in third countries or international organizations, and the expected data retention period (art. 15);

  • obtain rectification (art. 16);

  • the right to obtain the erasure of personal data, where they are no longer necessary in relation to the purposes for which they were collected and where there are no further legal retention requirements (art. 17 GDPR); 

  • request restriction of processing (art. 18);

  • request data portability (art. 20);

  • the right to object to processing on grounds relating to your particular situation (art. 21 GDPR). In that case, we will refrain from further processing your data unless we demonstrate the existence of compelling legitimate grounds for processing (e.g., for the defense of your rights in legal proceedings).

  • not to be subject to automated decision-making, including profiling (art. 22).

Finally, the data subject shall have the right to lodge a complaint with the Supervisory Authority pursuant to art. 13 para. 2 letter d) of the aforementioned regulation as well as pursuant to art. 77 of the regulation.

How to exercise your rights: the data subject may at any time exercise their rights in accordance with art. 12 of EU Regulation 2016/679, by sending a:

– registered letter with return receipt to: Bernazzoli srl, with registered office in Parma, Via Cremonese No. 95/A, or by sending a certified email to the following address: bernazzoli@cert.rsnet.it, or an email to the following address:  bernazzoli@bernazzoli.com

Let's stay in touch

Follow our official channels, or send a contact request

Follow our official channels, or send a contact request

Facebook

Facebook

Instagram

Instagram

LinkedIn

LinkedIn

Web Design by MAMASEO