INFORMATION FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION 679/2016
The EU Regulation 679/2016 (hereinafter, for brevity, "GDPR") aims to ensure that the processing of personal data is carried out in respect of the fundamental rights and freedoms and the dignity of the person concerned with particular reference to confidentiality and personal identity and the right to data protection.
The GDPR defines "processing" as any "operation or set of operations, carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction."
Pursuant to and for the purposes of the GDPR, Bebit S.r.l., based in 10152 Turin, Cortile del Maglio, Via Andreis 18/16/M, C.F. and P.IVA 11215720019 (hereinafter, for brevity, “Data Controller” or “Company”), informs you that it will process the data of employees and collaborators of your Company, with whom it comes into contact during the execution of the existing business relationship between the parties (“Data”), for the purposes set out below.
1. PURPOSE AND LEGAL BASIS OF THE PROCESSING:
(a) for the performance of a contract to which the customer is a party or processing pre-contractual requests of the customer, pursuant to Article 6.1(b) of the GDPR;
b) for the performance of activities required by applicable legislation, including tax, environmental, anti-money laundering, banking and public security legislation, pursuant to Art. 6.1(c) of the GDPR;
2. NATURE OF THE DATA COLLECTING AND CONSEQUENCES OF A POSSIBLE REFUSAL
The provision of Data for the purposes referred to in the preceding paragraph is mandatory, as it is strictly functional for the Data Controller to perform its contractual obligations towards the customer. Any refusal to do so, therefore, would jeopardize the proper fulfillment of such obligations.
3. METHODS OF DATA PROCESSING AND CATEGORIES OF SUBJECTS TO WHOM THE DATA MAY BE COMMUNICATED
The Data will be processed by manual, computerized and telematic tools, with logic strictly related to the purposes outlined above and, in any case, by persons authorized to perform such tasks, suitably aware of the constraints imposed by the GDPR, with security measures to ensure the confidentiality of personal data and to avoid undue access to third parties or unauthorized personnel.
In particular, the Data may be communicated, within the limits strictly necessary for the purposes pursued, to companies that may be entrusted with specific processing activities, to firms of accountants and consultants in charge of bookkeeping, to banks, to third parties or associations with which the Data Controller collaborates, which will operate, respectively, as data processors pursuant to art. 28 GDPR or as autonomous data controllers. These subjects come into possession only of personal data necessary for the performance of their functions and may use them only in order to perform such services on behalf of the Data Controller or to comply with legal requirements. The Data may also be communicated to the police, to judicial authorities, and to subjects who can access them by virtue of legal provisions or secondary or community regulations.
The Data Controller undertakes to process the Data in compliance with the provisions of the GDPR, as well as with the national regulations in force regarding privacy, and to process the data in a lawful and correct manner, collecting and recording the same for specific, explicit and legitimate purposes, taking care to verify that the same are pertinent, complete and not excessive with respect to the purposes for which they are collected or subsequently processed.
4. DURATION OF PROCESSING
The Data will be processed and stored, even with automated tools, for the time strictly necessary to achieve the purposes for which they were collected, after which they will only be kept in compliance with the relevant legal obligations and/or for defensive purposes.
5. RIGHTS OF THE DATA SUBJECTS
Pursuant to art. 15 et seq. of the GDPR, each data subject has the right, at any time and free of charge, to request information regarding the existence of the processing of Data, the period of storage of the same, to obtain a copy, to rectify, integrate or update and/or delete them.
The data subject has the right to obtain the limitation of the processing of the Data, to oppose to the processing and to receive a copy of it on a format of common use and readable by automatic device.
In order to exercise the above rights, data subjects may send a request to firstname.lastname@example.org.
If the data subject considers that his rights under the Law have been violated by the Data Controller and/or a third party, he has the right to lodge a complaint with the Italian Data Protection Authority and/or another competent supervisory authority.