Information concerning the processing of Suppliers’ personal data

(pursuant to Chapter III, sections 2 and 3 of the European Data Protection Regulation)

Dear Supplier,

the European General Data Protection Regulation (“GDPR”) establishes that any processing of personal data must be grounded on a suitable legal basis, and mandates the respect of the fundamental freedoms and dignity of the Data Subject, with particular reference to privacy, personal identity and the right to protection of said data.

In compliance with the european Regulation and the confidentiality obligations that form the basis of our Company’s activities, we wish to inform you that your personal data, both prior to the start of our contractual relationship and during the same (jointly referred to as the “Personal Data”) will be the object of a treatment (the “Processing”) following principles of lawfulness, correctness, purpose, adequacy, relevance, accuracy, transparency and accountability.

We remind you that our processing of said personal data is necessary for the execution of the contract between us and the Data Subject, for the fulfillment of legal and regulatory obligations, in pursuance of the legitimate interests of the Owner, and will always take place in the respect of the interests and fundamental rights of the Data Subject.

We specifically wish to inform you of the following:

a) Purpose and Methodology of the Processing

The collection and processing of Data referring to the Data Subject are carried out for the purpose of enabling our Company to conduct the following activities:

  • Supplier selection and qualification
  • Supply chain management
  • Contractual relationship management
  • Administrative tasks
  • Fulfillment of tax and accounting obligations
  • Dispute management
  • Program management (planning, monitoring and service/product quality assurance)

Data processing for the above mentioned purposes will take place through the use of computer and manual methods, based on logic criteria that are compatible and functional to the purposes for which the Data are collected, in compliance with the rules of confidentiality and security provided for by law and internal regulations. In particular, the data will be processed for comparison, classification and calculation purposes, and for the production of lists and databases. We do not anticipate the use of the Data for automated profiling purposes.

The personal data of the Data Subject are, or were, provided to the Company by the Data Subject, as specified in Chapter III, Section 2, art. 13.
The Data may also be collected from third parties, in which case it will be our responsibility to promptly inform the Data Subject about the data processing methodology, pursuant to Chapter III, Section 2, art. 14.

b) Nature of the data contribution

With regard to the purposes under section a) above, we wish to inform you that the processing and communication of your personal data by fabbricadigitale does not need your consent, being a required step for the execution of contractual and legal obligations.
While the Data Subject will always have the right to request the interruption of the Processing, this would result in the impossibility for fabbricadigitale to continue the contractual relationship and related activities, with the consequences and potential damage that this might entail for the Data Subject.

c) Scope of data communication and dissemination

The data will be processed by fabbricadigitale’s formally appointed staff.
Some of the Data may be processed on behalf of the Owner by third companies, entities or professionals entrusted with the performance of specific data processing services, strictly limited to the execution of the contractual relationship, or of activities complementary to ours. Such entities or professionals may be:

  • banks and/or credit institutions;
  • professionals, external debt collection companies and financial auditors;
  • suppliers of technological services to fabbricadigitale s.r.l.;
  • affiliated companies and/or subsidiaries.

In the execution of legal and/or contractual obligations between the parties, the data may also be disclosed to other third parties including, for example:

  • Public entities
  • Judicial authorities
  • Controlling institutes
  • Certification organizations

The data will not be subject to disclosure and will not be transferred abroad (outside of the European Union).

d) Data retention period

fabbricadigitale S.r.l. will retain the Data for a period corresponding to the duration of the contractual relationship or otherwise adequate for the purposes of the Processing and compliance with accounting, tax and regulatory obligations.

e) Rights of the Data Subject

Chapter III, section 2, art. 15, section 3, art. 16, 17, 18, 19, 20, section 4, art. 21, Chapter IV, section 2, art. 34 of the Regulations establishes a number of rights of the Data Subject, that we invite you to carefully consider. Among these, we wish to remind you of the rights of:

  • access to the Data:
    • notification that the processing of his/her personal data is underway;
    • communication of the transfer of data to a Third Country or to an international organization;
    • obtainment of a copy of the personal data being processed (provided that no rights and freedom of others are infringed);
  • rectification;
  • cancellation (oblivion);
  • treatment limitation;
  • notification in case of rectification or cancellation of personal data or treatment limitation;
  • data portability;
  • opposition.

The Data Subject also has the right to be notified without undue delay in the event of a personal data breach.

f) Owner and Processing Manager

Owner f the Processing: fabbricadigitale S.r.l.
Data Processing Coordinators: General Manager, HR Director
Please address requests for any further information to: