Privacy Policy on the Processing of Personal Data

Artt. 13-14 of the Regulation (EU) 2016/679

Data Subjects: Suppliers

In compliance with the Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”), TECHNACY S.R.L., as Data Controller of your personal data, informs you herewith that the above-mentioned regulation provides for the protection of data subjects as to the processing of their personal data and that such processing shall be carried out according to the principles of lawfulness, fairness, transparency and protection of your privacy and rights.

To achieve its purposes for the management of the relation with you, TECHNACY S.R.L. needs to acquire some personal data, such as name and surname, company’s data, telephone number or mobile number, e-mail address, tax code, etc.

Your personal data shall be processed in accordance with the the provisions of the above-mentioned regulation and the confidentiality obligations set forth therein.

Purpose and legal basis for the processing

In particular,  your data shall be processed for the following purposes connected with the fulfillment of legal or contractual obligations:

a. Fiscal and accounting obligations required by law; legal basis: legal obligation;

b. Supplier management; legal basis: contractual obligation;
c. Supplier invoicing history; legal basis: legal obligation;
d. Obligations required by the laws in force; legal basis: legal obligation.

Consequences of failure to provide the required data 

The processing of data is required for the specified purposes. The failure to provide any mandatory data or the provision of incorrect data might make it impossible for the Data Controller to ensure the relation with you.

Data processing method

The processing is carried out using manual and/or IT and telematic systems so as to ensure the security, integrity and confidentiality of data in compliance with the physical and logical organisational measures provided for by current regulations in order to minimize the risks of destruction, loss or unauthorised access, change or disclosure of data, pursuant to article 5 and 32 of the GDPR.

Recipients

In order to carry out certain activities, or support the functioning and organization of the activity, some data may be communicated or disclosed to the following categories of recipients:

Third parties: disclosure to natural or legal persons, public authorities, entities or institutions other than the data subject, the Data Controller, the Data Processor and authorised persons responsible for data processing, including:

- Banks for the management of collections and payments;
- Companies  managing traditional or computerised postal services (if necessary for the specified purposes);
- Consultants and freelancers, including in associated form, providing legal and other services as independent data controllers;
- Entities/subjects legally allowed to access your data by virtue of a legal obligation.

Data Processors: the natural or legal person, or public authority, entity or institution that processes personal data on behalf of the Data Controller:

- Companies and other entities as well as consultants and freelancers entrusted with the fulfilment of mandatory fiscal, administrative, accounting, legal advice and other obligations;
- Providers of IT,  web or other services required to achieve the purposes necessary for managing the relation with you.

Recipients inside the company: your data shall only be processed by personnel expressly authorised thereto by the Data Controller and subject to a confidentiality obligation, and in particular by:

- Administrative staff.

Disclosure

 Your personal data shall not be disclosed in any way.

Transfer of personal data to third countries 

The Data Controller shall not transfer any personal data to any non-EU country. Should any transfer of data be necessary, the data subject shall be informed thereof in advance and appropriate safeguards shall be adopted for the transfer of data to the relevant recipients, which, as the case may be, might consist in the check of the existence of any adequacy decisions by the Commission with regard to the country of destination, the signing of standard contractual clauses or, in the event of the USA, the check of the accession to current international agreements. In the absence of such safeguards (in relation to art. 49 of the GDPR), it shall be checked whether any contract or any pre-contractual measures in favour of the data subject do exist or if the data subject has given his/her consent to the transfer of data.

Retention period

In compliance with the principles of lawfulness, purpose limitation and data minimisation pursuant to art. 5 of the GDPR, your personal data shall be kept for no longer than it is necessary for the purposes for which the personal data are collected and processed. If a contract has been signed, the retention period may expire upon expiry or termination of the contract. If applicable, personal data may be kept for an additional period in order to manage any disputes. The legal basis for such retention is the contractual obligation and the legitimate interest of the Data Controller.

With the same modalities and guarantees of data protection, personal data may be kept for the period required to fulfil the obligations set forth by the laws in force, for example for at least 10 years according to fiscal regulations.

Data Controller

According to the regulations in force, the Data Controller shall be TECHNACY S.R.L., with registered office and operational headquarters in Via Molveno, 5, 48015 Cervia (RA), Italy, Tax Code and VAT registration number 0239992039, represented by its legal representative pro tempore.

For further information on the data provided, you may send an email to info@technacy.it. Additional information on the privacy policies adopted by our company is available on our website www.technacy.

The Data Protection Officer (DPO) can be contacted at the following email address dpo@technacy.it.

Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 - Rights of the Data Subject

1.  The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her do exist, even if not yet                     registered, and to be provided such data in an intelligible form.

2. The data subject shall have the right to obtain information about:

a. the origin of the personal data;
b. the purposes and methods of processing;
c. the logic applied in the event of processing using electronic systems;
d. the identification data of Data Controller, Data Processors and designated representative pursuant to art. 5, par. 2;
e. the entities or categories of entities to which the personal data may be disclosed or which may acquire such data as designated representative        on the country’s territory, Data Processors or entities in charge of data processing.

3. The data subject shall have the right to obtain:

a. the updating or rectification  of data as well as to have incomplete personal data completed, if they wishes;
b. the erasure or anonymisation of the data as well as the blocking of the data processed in violation of the law, including those that do not need          to be kept in relation to the purposes for which data have been collected and then processed;
c. the confirmation that the subjects to which the data have been communicated or disclosed have been informed of the operations under letter a)      and b), including their content, unless this proves impossible or would involve a disproportionate effort with respect to the protected right;
d. data portability.

4. The data subject shall have  the right to object, in whole or in part:

a. to the processing of personal data concerning him or her for legitimate grounds, even though such data are relevant for the purpose for which        they are collected;
b. to the processing of personal data concerning them for the purposes of sending advertising materials or for direct marketing, market                        researches or commercial communications.

Right to lodge complaint

If applicable, the data subject shall also have the right to lodge a complaint with the Italian supervisory authority called “Garante per la protezione dei dati personali” according to the established procedures. For further information and to exercise your rights according to the EU Regulation, please apply to the Data Controller.

Supplier Policy Rev. 1/2023