Subject: Customer and supplier data protection policy pursuant to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data

The processing of personal data concerning legal persons does not fall within the scope of the personal data protection afforded by the Regulation. In order to ensure clarity and transparency for our customers and suppliers, Dallan S.p.A. extends this data protection policy also to legal persons, with a description of the methods and purpose of processing personal data the company adopts or may adopt.

Preamble

Pursuant to art. 13 of Regulation (EU) 2016/679, Dallan Spa (hereinafter “the Company”), registered office in Via per Salvatronda no. 50, 31033 Castelfranco Veneto (TV), Italy, which can be contacted for exercising any rights provided for under the laws in force at the address of the registered office or by email at privacy@dallan.com, as Controller of the personal data already provided or to be provided in the future and where the personal data are or will be collected, hereby informs you that the Company will process any data concerning you in accordance with the laws mentioned above for all business relations undertaken with you or any undertaken in the future.

1)Source of Personal Data

The personal data, which have been acquired or will be acquired through business relations, are collected directly from the data subject. All personal data collected are processed in accordance with the laws in force and, in any case, with due confidentiality.

2)Nature of Collection

In order to establish and execute a business relationship, the collection of personal data is also mandatory for compliance with legal obligations; any refusal to provide such personal data will render it impossible to establish a relationship with the Company. Such processing does not require consent from the data subject.

3)Purpose of Processing and Legal Basis for Processing

The sole purpose of collecting or processing personal data is to fulfil all obligations undertaken to carry out the business of the Company, and in particular to:

  • Execute pre-contractual activities and acquire preliminary information to stipulate contracts;
  • Carry on the business relationship and all activities related to administration, operations, management and accounting concerning contracts (order management, invoicing, supplier quality control);
  • Handle any litigation, breach of contract, legal notices, transactions, arbitration, legal disputes;
  • Comply with legal obligations, regulations, EU rules and provisions issued by the authorities.

Personal data are processed by virtue of compliance with the contractual/pre-contractual and legal obligations arising from the relationship you have undertaken with the Company.

5)Nature of Data Provision and Consequences of any Refusal

Providing personal data to the Company is required only for personal data that is mandatory for legal or contractual compliance, or for personal data that are necessary to acquire pre-contractual information on request of the data subject. In the event of refusal to provide any such “required” personal data, the contract might not be implemented in full. In the event of any refusal to provide personal data that is not required but closely related to the execution of contractual relations, in general this will have no impact on the relationship underway, except for the fact that it may become impossible to carry out operations related to such personal data or to establish new contractual relations. Any refusal to provide personal data related to conducting additional activities, not closely related to the execution of contractual relations, may only prevent conducting such additional activities without further consequence.

6)Processing Method

All personal data are processed in a lawful and legitimate manner and, in any case, in accordance with the laws mentioned above, using equipment suitable to guarantee data security and confidentiality. Personal data can also be processed using IT devices to save, manage and transmit such data.

In general, processing is conducted by the company’s internal organisation under the direction and control of the company departments responsible and for the purposes mentioned above, also by companies in the group and third parties, as set out under point 8 below.

Personal data are kept in a format that enables identification of the data subject for an amount of time not exceeding what is necessary for the purpose for which the data were collected and processed.

7)Duration of Processing

Processed personal data are held for only the amount of time necessary to carry on the contractual relationship and, subsequently, to comply with all legal obligations related to or arising from the contract you entered into with the Company.

8)Intended Recipients of Personal Data

Without prejudice to disclosures made to comply with a legal obligation, regulation or EU rules and intercompany policy, the disclosure, also by simple consultation or reporting of personal data related to you, can be made to the following subjects:

  • Public bodies, supervisory boards, authorities or institutions;
  • Companies belonging to Gruppo Dallan Spa, subsidiaries or associate companies located in Italy or abroad;
  • Natural persons or legal persons who provide specific services: data processing, logistics and postal services, customer satisfaction surveys, consultation in legal, administrative, taxation and/or accounting matters, organisation of trade fairs and marketing events;
  • Commercial intermediaries, banks and credit institutions, financial brokerage firms, natural or legal persons appointed to recover debt, conduct audits and/or certify financial statements and quality assurance systems, self-employed associates, agents and business procurers, insurance agents and brokers;
  • Natural and/or legal persons who require references/data for the purpose of participating in public tenders, or when executing contracts for their customers on behalf of Dallan Spa.

The subjects mentioned under points a), d), e) operate as independent Data Controllers.

In any case, we assure you that the subjects mentioned above convey, if not aggregated and anonymous personal data, exclusively the personal data necessary and pertinent to the purpose in question.

The list of these third parties is constantly updated and available to you on request. Due to the existence of connections with them by electronic or computerised means or by correspondence, the personal data can be made available abroad, also to countries not in the E.U., in consideration of the existence of relative authorisation, or pursuant to standard contractual clauses.

In any case, personal data will not be disseminated.

9)Data Subject Rights

You continue to be entitled to have access to the personal data as provided for under art. 15 of Regulation (E.U.) 2016/679 and the rights provided for under articles 16, 17, 18, 21 of Regulation (E.U.) 2016/679 on the rectification, erasure, restriction of processing and the exercise of the right to object, as provided for under art. 12 of Regulation (E.U.) 2016/679. For a guide to the rights provided for under Regulation (E.U.) 2016/679, see http://www.garanteprivacy.it/diritti-degli-interessati

10)Right to Lodge a Complaint with Supervisory Authority Pursuant to art. 77 Regulation (E.U.)

Should our company not provide you with a response within the time required by law or if you do not consider the response to be adequate, you can lodge a complaint with the Data Protection Supervisor.

Contact details below:

Data Protection Supervisor

Piazza di Monte Citorio no. 121 – 00186 Rome

www.gpdp.it – www.garanteprivacy.it

E-mail: Fax: (+39) 06.69677.3785 Phone: (+39) 06.69677.1

Contáctenos para más información!

Le contestaremos lo más antes posible