Transparency and disclosure

Supplier information

INFORMATION ON THE PROCESSING OF PERSONAL DATA SUPPLIERS

Sampaolo Stampi s.r.l. wishes to inform you about the processing of your personal data.

This information is made in accordance with the principles of transparency and fairness and in respect of your rights, pursuant to EU Regulation 2016/679 on the protection of personal data.

DATA CONTROLLER

The data controller is Sampaolo Stampi s.r.l., via Peschiera, 7/a, Montelupone (MC), based on in the European Union, who can be contacted at the following addresses: telephone number 0733 226811, email sampaolo@sampaolo.it.

SOURCE OF DATA

The data are acquired directly from you, given on the occasion of the establishment of relations or on the occasion of the sending of reciprocal requests.

The data are acquired directly from you, given on the occasion of:

  • mutual sending of requests and information, also formulated via web or by email, and their respective management and execution, regarding the services, goods and activities proposed by us
  • entering into contracts, offers, agreements for the purchase of goods, services or services
  • requesting, establishing or continuing other relationships that require the use or integration of your personal data

Some personal data may be collected by other entities, including:

  • computer data, including e-mail address or log access to web platforms used for the management of services
  • information from lists maintained by public and institutional, insurance, bilateral or equivalent bodies or under the control of the public authority on the basis of specific national legislation

CATEGORIES OF PERSONAL DATA

The processing concerns personal data, including personal data, surname, business name, address, email, telephone, tax code and/ or other data specified in the different purposes of the processing.

Personal data which can be qualified as “particular” are not normally processed, that is to say those data which reveal racial or ethnic origin, political opinions, religious or philosophical convictions, or trade union membership, Genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.

As a general rule, personal data relating to criminal convictions and offences are not processed.

If there is a specific need to collect and process data of a particular type or relating to criminal convictions and offences, we will inform you about it, supplementing this information and obtaining the related consent, where this is a condition for the initiation or continuation of the processing itself.

PURPOSE AND LEGAL BASIS OF PROCESSING

PURCHASE AND USE OF PRODUCTS AND SERVICES, AND RELATED CONTRACTUAL RELATIONSHIPS

We process your identifying data for purposes related to and/or connected with the purchase and use of goods and/or services, the performance of the relevant contractual relationships, pre-contractual and/or similar agreements, namely:

  • to draw up and conclude contracts and/or similar agreements
  • to fulfil the pre-contractual, contractual, tax obligations and related ancillary services connected with such obligations arising from our relationship with you
  • manage the payments of the goods and/or services purchased, their payment details (including bank details or credit card identifiers or other means of payment), any additional financial charges, related contractual obligations, legal, accounting, tax and administrative.

Your data may also be processed for purposes related to the legal obligations to which our organization may be subject, namely:

  • to comply with the general obligations provided for by law, regulations, community legislation or orders issued by Authorities and other competent institutions
  • to respond to requests from the competent administrative or judicial authority and, more generally, public entities in compliance with legal formalities

Your consent is not required for the aforementioned purposes, as the processing is necessary to comply with legal obligations (art. 6, para. c) of the GDPR) and arising from a contract or to fulfill, before the conclusion of the contract, your specific requests (Art. 6, para. b) of the GDPR), which constitute the legal basis for processing.

LEGITIMATE INTEREST OF THE DATA CONTROLLER

Your personal data may be processed, without the need for your consent, for purposes related to the pursuit of our legitimate interests, including protection against fraud, risk assessment and related security measures, the transfer of data within our organization, statistical purposes, compliance with obligations related to computer security, including the adoption of procedures for the detection and notification of personal data breaches (data breach), as well as the processing necessary to ensure the exercise of the right of opposition.

For these purposes the data will be processed according to principles of equity, proportionality, necessity and minimization, preferring as much as possible the aggregated or anonymous form.

METHODS OF PROCESSING

The processing is carried out by means of procedures and tools, including information technology, suitable to guarantee confidentiality, the integrity and availability of data in the ways and to the extent necessary to pursue the above-mentioned purposes and in compliance with the technical and organizational security measures adopted by our organization.

Your personal data is processed only by authorized and trained personnel, who are allowed to access your personal data to the extent that it is necessary for the performance of processing activities.

Data that are surplus or irrelevant to the purposes of processing will be deleted or not used except for the possible retention, in accordance with law, of the document containing them.

DURATION OF PROCESSING

PURCHASE AND USE OF PRODUCTS AND SERVICES, AND RELATED CONTRACTUAL RELATIONSHIPS

The data will be processed for the entire duration of the contractual relationship and/ or similar agreements and also subsequently, for the fulfillment of legal obligations and administrative purposes, in accordance with current regulations, such as the time limits for keeping accounts, the time limits prescribed by the definition of the relationship and in any case the time limit from which the rights arising therefrom may be exercised, the additional time limits resulting from any litigation if this results in an extension of those time limits.

In any case, Sampaolo Stampi s.r.l., to protect its own interests, may process your personal data until the time allowed by law, pursuant to art 2947 c.c.

CYBERSECURITY

The computer data, including logs of access to web services and/ or their IP addresses, may be stored in relation to the alleged risk and/ or detected and the harmful consequences that result, except for measures taken to anonymize data or to limit their processing.

The data will be stored from the detection of the event of danger or data breach (data breach), for the time necessary to notify the Authority of the breach of detected data and to take the relevant measures of restoration and security.

OBLIGATION OR OPTION TO PROVIDE DATA

For data that we are obliged to know, necessary in order to fulfill the contractual obligations, agreements between the parties, as well as required by laws, regulations and Community legislation, or by the provisions issued by Authorities authorized by law and by supervisory and control bodies, failure to provide them will make it impossible to establish or continue the relationship, insofar as such data are necessary for the execution of the same.

For data that we are not obliged to know, such as additional information or contact details, the provision of the same is optional, and their failure to indicate will not allow the performance or personalization of some services, such as sending commercial communications.

RECIPIENTS OF DATA

KNOWLEDGE AREA WITHIN THE ORGANIZATION

Your data may be known to the following categories of subjects, internal to our organization: administrative and secretarial offices, accounting and invoicing officers, sales agents of products and services, Employees and collaborators. All subjects who access your data are appropriately authorized, instructed and bound to confidentiality obligations.

EXTERNAL COMMUNICATION OF DATA

Your data will not be disclosed (for example by publication on the web), unless we expressly request it and you give your explicit consent.

Your data may be communicated to:

  • public or private entities that may access it under the law, regulations or Community legislation, within the limits provided by these rules
  • a soggetti nostri consulenti, nei limiti necessari per svolgere il loro incarico presso la nostra Organization, subject to designation imposing confidentiality and security duties
  • to subjects who process data for purposes auxiliary to the relationship with us, or who perform or provide specific services strictly functional to the execution of that relationship (for example, pouch, printing and shipping services, electronic communications service providers or web services)
  • to companies, entities or associations, parent companies, subsidiaries, associates or jointly controlled companies, as well as between consortia, networks of undertakings and groups and temporary associations of undertakings and their members
  • insurance companies and debt collection companies
  • commercial information or advertising promotion management companies;
  • The communication of your personal data is limited to the data necessary for the achievement of the specific purposes for which they are intended. 

TRANSFER OF PERSONAL DATA OUTSIDE THE EU

Your personal data will not be transferred to third parties outside the European Union.

YOUR RIGHTS

At any time you may exercise the rights that are granted to you, pursuant to art. 15 to 22 of EU Regulation 2016/679, namely:

  1. request confirmation of the existence or otherwise of personal data processed;
  2. obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be communicated, the retention period for the data or the criteria used to determine it;
  3. update or correct personal data so that it is always accurate;
  4. delete personal data when they are no longer necessary for the purposes of processing, if the legal conditions exist and the processing is not justified by another legitimate reason;
  5. restrict the processing of personal data, where the conditions are met, including inaccuracy, opposition to processing, unlawful processing.
  6. to obtain the portability of the data, if the processing takes place on the basis of a contract and with automated means, that is to receive them in a structured format, commonly used and readable by an automatic device, also in order to pass them on to another data controller;
  7. oppose the processing at any time and also in the case of processing for direct marketing purposes or carried out through automated decision-making processes, including profiling.
  8. revoke consent, if given for specific processing activities. The withdrawal of consent does not affect the lawfulness of the processing based on consent carried out before the withdrawal;
  9. the right to lodge a complaint with a Supervisory Authority: without prejudice to any other administrative or judicial action, the complaint may be submitted to the Supervisory Authority for the protection of personal data. Or, where the conditions are met, including your different residence or the different Member State in which the infringement took place, to the supervisory authorities established in another EU country.

To exercise these rights, you can contact the Data Controller, Sampaolo Stampi s.r.l., whose contact details are indicated at the beginning of this information, without delay.

If Sampaolo Stampi s.r.l. intends to start processing data for purposes other than those described in this information, it will inform you before proceeding and obtain your consent, if necessary.

UPDATES

Sampaolo Stampi s.r.l. updates the policies and internal practices adopted in the protection of personal data whenever necessary and in case of regulatory and organizational changes that have relevance to the processing of personal data.

Any updates to this information will be made available promptly and by appropriate means.

Last updated: 02/11/2020