Information to the Suppliers
INFORMATION TO THE SUPPLIERS ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH ARTICLES 13 AND 14 OF (EU) REGULATION 2016/679 (“GDPR”)
Below, IRIDEOS S.p.a. provides information concerning the processing of personal data (the “Data”) collected via the filling in of contact or credit forms on the IRIDEOS websites and portals or in paper form, containing information useful to establish contractual relationship with the suppliers of our Company.
The data controller is IRIDEOS S.p.a., with registered office in Milan, Vial Bodio, 37. You can reach us at email@example.com for matters concerning the protection of your Data.
THE DATA WE PROCESS
We process your Data, including the personal data of the legal representatives, employees and collaborators involved to establish a contractual relationship with our Company such as, for example, agreements for the supply of goods and services, procurement contracts, outsourcing agreements and similar. They include mainly:
- personal data, tax code, VAT number, address of residence and/or domicile, also by means of the collection of valid identity documents;
- access logs of supplier personnel performing system administrator role;
- phone numbesr and e-mail addresses;
- bank and/or payment data (i.e. IBAN and SWIFT code);
- data relating to the degree of solvency and punctuality of payments, also acquired via the information systems of authorised companies that provide services for the management of credit risk and the prevention of fraud;
- data concerning the reputation and any judicial data of the Supplier, its administration and employees;
- “DURC”, declaration of professional competence, anti-mafia certifications in compliance with current regulations;
- call recording in customer service handling
- Curriculum vitae to verify the possession of the professional requirements and memberships in professional associations, if any.
PURPOSES OF PROCESSING
THIRD-PARTY SUBJECTS WE CAN COMMUNICATE DATA TO
In order to execute the supply contract, comply with legal obligations and pursue our legitimate interests, we have the faculty to communicate the personal data collected to the following subject categories:
- companies and/or individuals managing our information systems for the performance of our economic activities;
- companies and/or individuals providing technical and organizational services;
- companies and/or individuals providing data entry, storage and Data management services;
- companies and/or individuals performing control, revision and certification functions of the activities carried out by our Company;
- companies and/or individuals who are assignees of the debt and debt collection companies/institutions;
- companies and/or individuals performing consulting activities for our Company;
- lega and/or individual assignees and debt collection institutes/agencies;
- our parent companies, subsidiaries and associated companies;
- judicial and independent authorities, on the basis of orders issued pursuant to the current legislation.
With the exception of the competent judicial and independent authorities, the above-mentioned subjects shall process the personal data acquired as data controllers or processors on our behalf.
HOW WE PROCESS DATA
Your Data are collected, processed and stored in a lawful manner and for the purposes indicated above, manually and using electronic and/or automated means so as to guarantee their security and confidentiality.
WHERE WE PROCESS DATA
Your Data are stored in archives located in countries within the European Union.
If necessary to pursue the purposes illustrated above, they may be transferred abroad to countries and/or organizations outside the European Union that guarantee a level of personal data protection considered suitable by the European Commission or based on other suitable guarantees such as, for example, the standard contractual clauses adopted by the European Commission or, where envisaged, with your consent.
DATA PROCESSING DURATION
Your Data will be retained in a form that enables your identification for a period of time that does not exceed that necessary for the purpose for which they were collected. Afterwards, they will be deleted or made anonymous, without prejudice to their retention to comply with the obligations that apply after the contract is terminated and to comply with the orders issued by judicial authorities and/or regulatory and supervisory bodies.
The specific time limits for the retention of the main Data processing operations is listed below:
In accordance with the GDPR, you have the right to:
- access your Data to obtain information concerning their existence, processing purposes, the recipients or recipient categories your Data are or will be communicated to, Data retention limit;
- ask and obtain the modification and/or adjustment of any Data you consider inaccurate and/or incomplete;
- ask and obtain the cancellation and/or restricted processing of your Data if the data or information are not necessary for the execution of the contract, the pursuit of a legitimate interest for our Company and/or the compliance with legal obligations;
- oppose at any moment the processing of your Data, including profiling, in accordance with art. 21 of the GDPR;
- ask and obtain your Data – in a structured and commonly used format readable by automatic devices – for their portability to another controller.
You may exercise said rights either directly or through a representative by sending a standard e-mail to firstname.lastname@example.org.
We will comply with requests within the terms set out in art. 12, paragraph 3 of the GDPR.
Pursuant to the regulations in force, you may lodge a complaint concerning the processing of your Data to the Authority for the protection of personal data as well as bring proceedings before a court in line with articles 78 and 79 of the GDPR.
DATA PROTECTION OFFICER
We have duly appointed a Data Protection Officer, domiciled at our registered office, who can be contacted at email@example.com.
Last update: June 2023