• Facebook Black Round
  • Instagram Black Round
  • Pinterest - Black Circle

© 2019 Vueffe s.r.l. all right reserved  -  Legal InfoPrivacy and Cookies Policy

logo POR MARCHE FESR.png

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF SUPPLIER
Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)


Object
Information on the processing of personal data pursuant to articles 13 and 14 of Regulation (EU) 2016/679 regarding the Management of Individual Company Suppliers.


Premise
The Regulation (EU) 2016/679 ("General Data Protection Regulation", hereinafter GDPR) provides the protection of individuals with reference to the processing of personal data. According to this legislation, the processing of personal data relating to a subject, to be specifically defined as "interested", is based on principles of correctness, lawfulness and transparency, as well as protection of the privacy and rights of the data subject.
This is to inform you, in compliance with the aforementioned rule, that in relation to the relationship you have with our structure, a Supplier relationship, our organization is in possession of some data relating to you, which have been acquired, also verbally, directly or through third parties that carry out operations that concern you or that, to satisfy your request, acquire and provide us with information.
Pursuant to the GDPR, given that this information relates to you, it must qualify as "personal data", and must therefore benefit from the protection provided by these provisions. Specifically, according to the aforementioned legislation, you are the interested party who benefits from the rights placed to protect your personal data.
Pursuant to the articles 13 and 14 GDPR our structure, as owner, will process the personal data you provide in compliance with the law, with the utmost care, implementing effective management procedures and processes to ensure the protection of your personal data. For this aim, the writer, using material and management procedures to safeguard the data collected, undertakes to protect the information communicated, in way to avoid unauthorized access or disclosure, as well as to maintain data accuracy and also to guarantee use appropriate of the these ones.
In compliance with this premise, the following information is provided:


Personal data collected
The writer, as owner, uses your personal data to operate at his best, in the performance of his business.
The following data may be requested, even partially, from:
• personal data, fiscal code, VAT number, name, registered office, residence and domicile and contact details;
• data relating to the contractual relationship describing the type of contract, as well as information relating to its execution and necessary for the fulfillment of the contract;
• accounting type data relating to the economic relationship, the amounts due and payments, their periodic performance, the summary of the accounting status of the relationship;
• data to make the relationship with our structure more defined and our collaboration and operational efficiency more effective;
• data relating to: your employees and / or collaborators, information on their position or on your company.


Storage times for your data
The data collected will be stored for the duration of the relationship or collaboration with our organization and for 10 years from the date of termination of the relationship. If, during the contractual relationship, data not related to the administrative and accounting obligations connected to it are processed, these data will be kept for the time necessary to achieve the purpose for which they were collected and then deleted. The storage times for such data will be communicated to you when these data are collected with specific information.


Mandatory or optional nature of providing data and consequences of a possible refusal
The essential data for the performance of the contractual relationship must be given to the writer, as well as the data necessary to fulfill obligations provided by laws, regulations, community regulations, or by provisions of Authorities legitimated by law and by supervisory and control  authorities.
The non-essential data for the performance of the contractual relationship must be qualified and considered as supplementary information and their provision, if requested, is optional. Your refusal to provide such data, however, will result in lower efficiency of our structure in the conduct of relations with third parties.
In the case sensitive data are essential or whose treatment presents specific risks for the performance of the relationship or for the fulfillment of specific services as well as legal obligations, the conferment of such data will be obligatory and since their treatment is allowed only prior written consent of the interested party (pursuant to articles 9 and 10 of the GDPR), you must also consent to their processing.

Treatment methods
Pursuant to and for the purposes of art. 13 and 14 of the GDPR, we wish to inform you that the personal data you communicate will be recorded, processed and stored in our archives, both paper and electronic, in compliance with the appropriate technical and organizational measures pursuant to art. 32 of the GDPR. The processing of your personal data may consist of any operation or set of operations among those indicated in the art. 4, paragraph 1, point 2 of the GDPR.
The processing of personal data will take place through the use of appropriate tools and procedures to guarantee security and confidentiality and can be carried out, directly and / or through delegated third parties, either manually through paper supports, or through the use of IT  or electronic tools. The data, for the purposes of the correct management of the relationship and the fulfillment of legal obligations, may be included in the internal documentation of the Data Controller and, if necessary, also in the records and registers required by law. The people in charge by VUEFFE for the treatment phases has been trained and instructed, and will adhere to organizational and behavioral measures that comply with the principles of the GDPR.


Activities possibly outsourced
The information you provide will be processed only in Italy. In case your data have to be processed in a non-EU country due to a contractual relationship, the rights granted to you by EU legislation will be guaranteed and you will be given timely notice.
Purposes of the processing of personal data
The main purpose of processing your personal data that the writer intends to carry out is to allow a regular set up and / or evolution, as well as a correct administration of the relationship specified in the introduction.
In particular, the purposes of the processing are as follows:
Administrative and accounting and in particular:
• Fulfillment of tax or accounting obligations;
• Management of suppliers (identification of suitable suppliers, administration of suppliers, administration of contracts, orders, shipments and invoices; efficiency control);
• Management of disputes (contractual defaults; warnings; transactions; debt collection; arbitration; legal disputes);
• Internal control services (security, productivity, quality of services, asset integrity);
Personal data will be processed to fulfill legal obligations, as well as to fulfill administrative, insurance and tax obligations required by current legislation and also to fulfill accounting and commercial purposes, or to be able to regularly fulfill contractual and legal obligations arising from the legal relationship existing with the interested party.
Furthermore, the data provided may also be used to contact the interested party in the context of market research regarding products or services or in the context of offers or commercial campaigns.
The interested party may in any case freely choose not to give his consent for these purposes and also to indicate the methods by which to be contacted or with which to receive commercial information.
Your data may be communicated by the writer:
• to subjects that can access the data according to the provision of the law, regulation or community legislation, within the limits set by these rules;
• to subjects who need to access your data for purposes auxiliary to the relationship between you and us, within the limits strictly necessary to carry out the auxiliary tasks (credit institutions and forwarding agents are mentioned as an exemple);
• to our consultants and / or professionals, limited to carry out their duties in our or their organization, subject to our appointment as a manager who imposes the duty of confidentiality and security.
In any case, your data will not be communicated except to operators for the execution of acts regarding the fulfillment of the relationships that should arise with the interested parties to whom the data refer.
Diffusion - The writer will not disclose your data indiscriminately, or in other words, he will not disclose it to undetermined subjects, also through making it available or consulting.
Confidence and confidentiality - The writer considers the trust shown by the parties who have consented the processing of their personal data to be valuable and therefore undertakes not to sell or rent personal information to others.

Rights pursuant to Articles 15 et seq. GDPR
Pursuant to art. 15 GDPR you have the right to obtain confirmation of the existence or not of a processing of personal data concerning you, even if not yet registered. The exercise of the rights is subject to verification of the identity of the interested party, by delivery of the identity document, which will not be kept by the writer, but only consulted for the purpose of verifying the legitimacy of the request.
You have the right to access personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
d) when possible, the period of storage of personal data provided or, if this is not possible, the criteria used to determine this period;
e) if the data is not collected from the interested party, all available information on their origin;
f) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the interested party
If the data is transferred to a third country or to an international organization you have the right to be informed of the existence of adequate guarantees pursuant to art. 46 of the GDPR.
You have the right to ask the data controller for the correction or cancellation, even partial, of personal data or the limitation of the processing of personal data concerning you or to object, in whole or in part, to their processing.
To exercise these rights, you can contact our "Data Controller" at info@lilimill.it or by calling 0735.735109 or by sending a letter to the Vueffe Privacy Office srl, via Valtesino 313 - 63066 Grottammare (AP). The Owner will answer you within 30 days of receiving your formal request.
We remind you that in the event of a violation of your personal data, you can file a complaint with the competent authority: "Guarantor for the protection of personal data".


Data controller
The data controller is the writer: Vueffe srl, via Valtesino 313 - 63066 Grottammare (AP); Tel: 0735.735109; email: info@lilimill.it

 

Data processors
The external companies with which a contractual relationship has been established have the role of Data Processors and which, in order to fulfill these agreements, need to receive your personal data, such as, by way of example and not limited to, Commercial Consultants, Law Offices, Trade Unions, etc.
To know the data processors if they were appointed and to know the people who will be appointed in the future for this function, any interested party may send a request letter to the Data Controller of personal data, at the above address.
It is intended to point out that the Managers indicated above do not deal with fulfilling the requests to exercise the rights of the interested parties pursuant to articles 15 and ss. of the GDPR. This activity is carried out exclusively by the writer as Data Controller.

Treatments without the need for the data subject's consent
It should be noted that the writer, even in the absence of your consent, will be entitled to process your personal data if this is necessary for:
• fulfill an obligation provided by law, regulation or community legislation;
• carry out obligations deriving from a contract to which you are a party or to fulfill, before the conclusion of the contract, specific requests.

 

Furthermore, your express consent is not required when the processing:
a) regards data coming from public registers, lists, deeds or documents available to anyone, without prejudice to the limits and methods that the laws, regulations or legislation establish for the knowledge and publicity of data or data relating to the performance of activities economic, treated in compliance with current legislation on business and industrial secrecy;
b) it is necessary for the protection of the life or physical safety of a third party (in this case, the holder is obliged to bring the subject concerned to the attention of the treatment of personal data through the information even after the treatment itself, but without delay In this case, therefore, consent is expressed following the presentation of the information);
c) with the exclusion of disclosure, it is necessary for the purposes of carrying out defensive investigations pursuant to the law of 7 December 2000, n. 397, or, in any case, to assert or defend a right in judicial proceedings, provided that the data are processed exclusively for these purposes and for the period strictly necessary for their pursuit, in compliance with the current legislation on business and industrial secrecy;
d) with the exclusion of dissemination, it is necessary, in the cases identified by the Guarantor on the basis of the principles sanctioned by the law, to pursue a legitimate interest of the data controller or third party recipient of the data, also in reference to the activity of banking groups and companies subsidiaries or associated companies, if the fundamental rights and freedoms, the dignity or a legitimate interest of the interested party do not prevail.