Dear Supplier,
In compliance with the obligations laid down in Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and in Italian Legislative Decree no. 196 of 30 June 2003 (Personal Data Protection Code), we hereby wish to inform you that, as Data Controller, M.I. DUE SRL, based in Besana Brianza (Monza Brianza), Via Ronchi 8, VAT and Tax ID no. 00727110967, tel. +39 0362/994357, email tecnico@misas.it will process personal data concerning shareholders, employees and consultants of your company that were provided or disclosed to us by your by other subjects in the course of the supply relationship with our structure.
The data you freely provide or that is otherwise collected will be processed in compliance with the privacy laws in force, based on the principles of fairness, lawfulness and transparency and carried out in compliance with the principles of relevance, completeness and limitation to what is necessary.
The data will be collected and recorded solely for the purposes under point 1) and will be stored for those purposes for no more than 20 years from the date of their collection.
Therefore, according to the provisions of Article 13 of Regulation (EU) 2016/679 (GDPR) and of Italian Legislative Decree 196/03, you are hereby advised that:
1) The data you provide will be processed for the following purposes:
- For the regular performance of the following corporate activities and purposes
- For requirements connected with the stipulation of contracts and assignments, their execution, subsequent changes and any obligation expected to discharge them.
- For operational, organisational, management, taxation, financial, insurance and accounting needs relating to the contractual and/or pre-contractual relationship established.
- To comply with all the obligations required by statutory and regulatory requirements (Italian and EU legislation)
- To control entrances, for corporate security and for video-surveillance.
- To monitor the way products/services are supplied, the trend of relations with suppliers and the analysis and management of risks associated with the contractual relationship.
- Data will be processed in a non-automated, partially automated and fully automated manner. The processing may consist of the following operations: collection, recording, organisation and storage, consultation and use, adaptation, alteration, selection, retrieval, alignment, combination, transmission and disclosure.
Data will be processed both on paper and with the help of electronic, computer and telecommunications instruments suitable for guaranteeing the security and confidentiality of the data in compliance with the provisions of Article 32 of Regulation (EU) 2016/679 (GDPR) and Article 31 of Italian Legislative Decree 196/03 with regard to “Security Requirements” and of Article 33 of Italian Legislative Decree 196/03 with regard to “Minimum Data Security Measures”.
In carrying out the processing operations, all technical, IT, organisational, logistical and procedural security measures will always be adopted, as provided for in Annex B of Italian Legislative Decree 196/03, to guarantee the minimum level of data protection required by law. The aforesaid processing methods will ensure that only the subjects specified in points 4) and 5) have access to the data.
- The conferment and processing of data is:
- mandatory and does not require your consent for purposes relating to obligations under statutory and regulatory requirements (Italian and EU legislation)
- necessary and does not require your consent for personal data that are essential for the proper establishment, management and continuation of the commercial and/or contractual relationship
- necessary and does not require your consent in order to protect the vital interests of a natural person
- necessary and does not require your consent for the performance of tasks carried out in the public interest or in the exercise of official authority vested in us
- necessary and does not require your consent for the purposes of the legitimate interests pursued by the company or by third parties
Any refusal, however legitimate, to provide all or part of the above data, could compromise the proper conduct of the relationship with our structure and in particular, for personal data defined as mandatory and necessary, may make it impossible for us to carry out the normal conduct of business operations and the timely provision of products and/or services required.
4) The entities or categories of persons to whom personal data may be disclosed are:
- Legal Representative of the Data Controller
- Data Processors: Consultants and Consulting Firms, Self-employed Professionals, Technical and Engineering Firms, Agents and Agencies, Banks and Insurance Companies, Debt Collection Agencies, Auditors and Auditing Firms, Accountants, Law Offices, Transport and Logistics Companies, Subcontractors
- Data Representatives: company employees
- Administrators of the IT system
Personal data may also be disclosed if they are in aggregate and anonymous form and for statistical purposes.
- Personal data under the category of ‘sensitive data’ will not be processed.
- Personal data may also be disclosed to Public Bodies, Police Forces or other Public and Private Entities, but only for the purpose of complying with statutory and regulatory requirements (Italian and EU legislation).
The data in question will be disclosed only to those entities provided for in this privacy notice and data revealing the health status of the data subject will not be disclosed under any circumstances.
- The processed data may be processed and transferred, for the purposes referred to in point 1) and in the manner referred to in point 2), also to entities referred to in points 4) and 5) located in countries belonging to the European Union.
- In any case, you may at any time ask the Legal Representative of the Data Controller for a copy of your personal data, information about where your personal data are processed and an up-to-date list with identifiers of all the Data Processors and System Administrators authorised to process your data.
- At any time, you may freely withdraw the consent you gave, without expense and detriment to the lawfulness of processing based on consent before its withdrawal, and you may exercise your rights as Data Subject with the Data Controller according to the provisions of Regulation (EU) 2016/679 and of Italian Legislative Decree 196/03: Access, Rectification, Erasure, Restriction, Objection and Complaint with the Italian Data Protection Supervisor (Garante).
Besana Brianza, 25 May 2018
The legal representative of M.I. DUE S.R.L.
Carlo Andrea Casiraghi