Privacy notice for Suppliers pursuant to artt. 13 ss. EU Reg. 2016/679 (“GDPR”) | ||
| ||
This Privacy notice explains how the personal data of Data Subjects in their role of suppliers are acquired, processed, stored and cancelled by Pettenon Cosmetics S.p.A. SB. | ||
The Data Controller is Pettenon Cosmetics S.p.A. SB (the “Data Controller”), with registered office in San Martino di Lupari (PD), Via del Palù, 7d VAT no. 04937500280, that can be contacted at the following addresses:
| ||
Pettenon Cosmetics S.p.A. SB has appointed a Data Protection Officer (“DPO”). This function can be contacted at dpo@pettenon.it. | ||
For the pursuit of the purposes indicated, Pettenon Cosmetics S.p.A. SB will process the following categories of personal data:
| ||
The main source of personal data is the Data Subject. Other sources include:
| ||
Processing of the personal data described above and marked with an asterisk (*) is mandatory: therefore, not submitting such data will cause the impossibility to perform the processing for the Purposes stated below. The processing of any other personal data is optional: in the absence thereof, the Data Controller may not be able to perform all or part of the processing activities. | ||
Purposes | Legal Basis | Data Retention |
(1) Carry out operations connected to the acquisition of information prior to the conclusion of the contract | 6 (1) (b), for the performance of pre-contractual activities | Up to the eventual approval or formalization of the agreement, and in any case no longer than 12 months, unless further retention is required by regulation |
(2) Manage relations with the supplier, including accounting management, orders, invoicing | 6 (1) (b), for the performance of contractual activities | Until the termination of the relationship and thereafter for the period determined by tax or other regulation |
(3) Carry out operations imposed by legal obligations inherent to the contract, including the archiving of documents | 6 (1) (c), for the performance of a legal obligation to which the Data Controller is subject | Until the termination of the relationship and thereafter for the period determined by Italian and European regulations, including tax regulations |
(4) Carry out administrative, accounting, contractual and financial analyses and audits | 6 (1) (f), for the pursuit of the legitimate interest of the Data Controller in monitoring the quality of services received | Until the termination of the relationship and thereafter for the period determined by Italian and European regulations, including tax regulations |
(5) Manage the preliminary qualification of the supplier, also in accordance with ISO standards and/or other voluntary regulations | 6 (1) (f), for the pursuit of the legitimate interest of the Data Controller for qualification of the supplier | Throughout the duration of the relationship and thereafter if required by the ISO or other regulations applicable |
(6) Carry out market research and/or valuation interviews at telephone and e-mail addresses, including electronically with the aid of automated tools | 6 (1) (f), for the pursuit of the legitimate interest of the Data Controller to invite the supplier, and then 6 (1) (a), based on Data Subject’s consent | For to the invitation, in case of opposition; for market research and/ or interview data, up to the withdrawal of consent or request for deletion of the data, except in case of anonymization |
(7) Share with other AGF88 Group companies the data of the Data Subject as a validated supplier | 6 (1) (f), for the pursuit of the legitimate interest of the Data Controller in having qualified suppliers | Throughout the duration of the contract, subject to the exercise of the rights attributed by law to the Data Subject |
Within the limits of the obligations, tasks and purposes indicated above, personal data will be processed exclusively by staff (employees and/ or collaborators) of the Controller, as well as by third parties appointed Responsible pursuant to art. 28 GDPR. The list of Data Processors can be requested from Pettenon Cosmetics S.p.A. SB at the references above. | ||
Personal data may be disclosed only with the express consent of the Data Subject. Pettenon Cosmetics S.p.A. SB may also disclose personal data to third parties (autonomous data controllers), even without the consent of the Data Subject, in order to comply with legal obligations, including: public and private entities, also following inspections or audits; entities that can access the data by virtue of law. | ||
In connection with the technological tools used by Pettenon Cosmetics S.p.A. SB and/or its Processors, personal data may be transferred outside the European Economic Area (‘EEA’): in such cases, Pettenon Cosmetics S.p.A. SB warrants that the transfer will only take place to countries (i) considered adequate by the European Commission, (ii) that have concluded Standard Contractual Clauses or (iii) that have entered into other mechanisms of eligibility for non-EEA transfers. You may always contact Pettenon Cosmetics S.p.A. SB at the contact details listed above for more information about the non-EEA transfer of your personal data. | ||
At any stage of the processing, the Data Subject may exercise the rights provided for by the GDPR, and in particular the right to:
The exercise of the aforementioned rights can take place by sending a request to the Data Controller's contacts above or by contacting the DPO. | ||