Please note that the relationships established with Digital Technologies S.r.l. (Data Controller) may involve the processing of personal data, in compliance with the following general principles:
- all data regarding the interested party are legally, correctly and transparently processed, in compliance with the general principles provided for by Article 5 of the General Data Protection Regulation;
- specific security measures are observed to prevent the loss, illicit or incorrect use of data and unauthorized access;
- The Data Controller is Digital Technologies S.r.l. having, registered office: Street San Vittore 14, 20123, Milano (MI) (Email: email@example.com)
DATA UNDERGOING PROCESSING
The Data Controller processes personal identification data of the customer/supplier (for example, first and last name, company name, address, telephone number, e-mail address, social security number, bank and payment details) and their operational contact person (first and last name and contact details). These data are acquired and used in the provision of services offered by the Data Controller.
PURPOSE AND LEGAL BASIS OF PROCESSING
The data is processed for:
- close contractual / professional relationships;
- fulfill the pre-contractual, contractual and fiscal obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
- fulfill the obligations required by the law, by regulations, by the legislation of European Community or by an order of the National Data Protection Authority
- state a legitimate interest as well as a specific right of the Data Controller (for example: the right of counsel and planning a defence in case of a lawsuit, the protection of their creditor position, the ordinary internal managerial, operational and accounting demands).
Failure to provide the aforementioned data will prevent from establishing a professional relationship with the Data Controller. The purposes mentioned above represent, in accordance with Article 6, paragraphs b, c, f, appropriate legal bases for the lawfulness of processing. In case of data processing for different purposes other than the ones previously stated, a written consent letter will be required.
The processing of personal data is carried out through the different operations indicated in the Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, filing, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are processed both on paper and electronically and/or automatically. The Data Controller will process personal data in compliance with related legal obligations and for the time necessary to fulfill the purposes for which they were collected
AREA OF APPLICATION
The data is processed by internally authorized and instructed individuals in accordance with Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects who operate as Manager or independent Data Controller (i.e. consultants, technicians, banks, carriers, etc.). Personal data may be subject to inter-company transmission between companies of the same group. Data are not subject to circulation or transfer to non-EU countries. Should it be necessary to acquire personal data of employees from customers/suppliers in the context of tenders/contracts or in the performance of legal obligations (e.g.: joint liability, anti-corruption norms, anti-mafia norms, anti-money laundering norms, etc.), the parties agree that the undersigned company will be entitled to act as an External Manager (Art.28 GDPR) or Authorized Subject (Art.29 GDPR). As part of this relationship, the undersigned company is compelled to process data in compliance with GDPR requirements, ensuring that any data transfer to additional subjects will be carried out exclusively in the context of specific legal obligations.
RIGHTS OF THE INTERESTED PARTY
Digital Technologies S.r.l. guarantees that the rights provided by Article 12 of the GDPR can be exercised in any moment. Specifically, the right to:
- know if the Data Controller stores and/or processes personal data and to access them in full, and obtain a copy (art. 15 Right of access),
- the correction of inaccurate personal data or to the integration of incomplete personal data (Art. 16 Right of correction);
- the cancellation of personal data stored by the Data Controller if one of the reasons provided for by the GDPR subsists (Right of Cancellation, 17);
- ask the Owner to limit processing only to some personal data, if one of the reasons provided for by the Regulation subsists ( 18 Right of limitation of treatment);
- request and receive all personal data processed by the owner, in a structured, commonly used and readable by an automatic device format, or request transmission to another Owner without impediment (Article 20, Right of Portability);
- wholly or partially refuse to process data for the advertising and market research purposes (art. 21 Opposition right)
- wholly or partially refuse to automatically or semi-automatically process data for profiling purposes.
These rights can be exercised any time by notifying the Data Controller.