INFORMATION FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION 679/2016
The EU Regulation 679/2016 (hereinafter, for brevity, "GDPR") aims to ensure that the processing of personal data is carried out with respect for the fundamental rights and freedoms and the dignity of the data subject with particular reference to confidentiality and personal identity and the right to data protection. The GDPR understands "processing" to mean any "operation or set of operations, carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction." Pursuant to and for the purposes of the GDPR, Bebit S.r.L., with registered office in Via Andreis 18/16/M, Cortile del Maglio, 10152 Turin, Tax Code and VAT 11215720019 (hereinafter, for brevity, “Data Controller”), informs you that it will process the data of employees, legal representatives and collaborators of your company, with whom it comes into contact during the execution of the business relationship between the parties (“Data”), for the purposes set out below.
1. PURPOSE AND LEGAL BASIS OF PROCESSING: (a) for the performance of its contractual obligations, pursuant to Art. 6.1, lett. b) of the GDPR;
b) for the performance of its legal obligations, pursuant to Art. 6.1, lett. c) of the GDPR.
2. NATURE OF THE DATA COLLECTING AND CONSEQUENCES OF A POSSIBLE REFUSAL
The provision of Data for the purposes referred to in the preceding paragraph is mandatory, as it is strictly functional for the Data Controller to implement its contractual obligations towards the company for which the data subject works. Any refusal to do so, therefore, would jeopardize the correct fulfilment of such obligations.
3. METHODS OF DATA PROCESSING AND CATEGORIES OF SUBJECTS TO WHOM THE DATA MAY BE COMMUNICATED
The Data will be processed by manual, computerized and telematic tools, with logic strictly related to the purposes outlined above and, in any case, by persons authorized to perform such tasks, suitably aware of the constraints imposed by the GDPR, with security measures to ensure the confidentiality of personal data and to avoid undue access to third parties or unauthorized personnel.
The Data may be communicated, to the extent strictly necessary for the purposes pursued, to companies that may be entrusted with specific processing activities, to firms of accountants and consultants in charge of bookkeeping, to banks, to third parties or associations with which the Data Controller collaborates, who will operate, respectively, as data processors pursuant to art. 28 GDPR or as autonomous data controllers. These subjects come into possession only of personal data necessary for the performance of their functions and may use them only in order to perform such services on behalf of the Data Controller or to comply with legal requirements. The Data may also be communicated to the police, to judicial authorities, and to subjects who can access them by virtue of legal provisions or secondary or community regulations. The Data Controller undertakes to process the Data in compliance with the provisions of the GDPR, as well as with the national regulations in force regarding privacy, and to process the Data in a lawful and correct manner, collecting and recording the same for specific, explicit and legitimate purposes, taking care to verify that the same are pertinent, complete and not excessive with respect to the purposes for which they are collected or subsequently processed.
4. DURATION OF PROCESSING AND STORAGE OF DATA
The Data will be processed and stored, even with automated tools, for the time strictly necessary to achieve the purposes for which they were collected, as provided for in the register of data processing; after that they will be kept only in compliance with the relevant legal obligations and/or for defensive purposes.
5. RIGHTS OF THE DATA SUBJECT
According to art. 15 et seq. of the GDPR, each data subject has the right, at any time and free of charge, to request information regarding the existence of the Data processing, the period of storage of the same, to obtain a copy, to rectify, integrate or update them and/or cancel them.
The data subject has the right to obtain the limitation of the processing of the Data and to receive a copy of it in a common and machine-readable format.
To exercise these rights, Users may send a written request to Bebit, at firstname.lastname@example.org.
If the data subject believes that his rights had been violated by the Data Controller and / or a third party, he has the right to complain to the Italian Data Protection Authority and / or other competent supervisory authority.