SUPPLIERS' INFORMATION IN ACCORDANCE WITH REGULATION (EU) 2016/679, hereinafter also GDPR

1. General information: The undersigned Company (Pettenon Cosmetics S.p.A S.B.) hereinafter also referred to simply as the "Company", hereby communicates information on the processing of your data/data of the company/firm represented by you, which will be in the possession of the Company (e.g. master data-address, tax code, VAT number, data inherent to accounting, data necessary for supplier management, contract execution and fulfillment of legal obligations, data related to payments, data necessary to defend or enforce a right of the Company).
2. Purpose and legal basis: The data may be processed by the Company:

A) for contractual and pre-contractual purposes (e.g. administrative accounting fulfillment); the legal basis for processing is the necessity for the execution of the contract and the necessity for the execution of pre-contractual measures;

B) to comply with legal obligations, regulations and EU regulations; the legal basis for processing is the fulfillment of legal obligations;

C) to assert or defend a right of the Company and thus for a legitimate interest of the Company consisting in enabling the defense and actions for its own protection; the legal basis for the processing is the pursuit of legitimate interests. In considering such legitimate interests, it has been analyzed that the same do not compromise or interfere with the interests or fundamental rights and freedoms of the data subject (legitimate interest has been assessed based on a Triple Test available by contacting the Company);

D) for supplier validation and evaluation (including in accordance with ISOs) and thus for a legitimate interest consisting in relying on suppliers that give certain guarantees; the legal basis for the processing is the pursuit of legitimate interests. In considering such legitimate interests, it has been analyzed that the same do not compromise or interfere with the interests or fundamental rights and freedoms of the data subject (legitimate interest has been assessed based on a Triple Test available by contacting the Company);

E) in order to share with the other AGF88 Group Companies your data as a validated supplier (as per the Group's evaluation procedure) and this so that the Companies themselves can (if necessary) evaluate your candidacy as a validated supplier. All therefore for legitimate interests consisting of having qualified suppliers in all AGF88 Group companies; the legal basis for the processing is the pursuit of legitimate interests. In considering such legitimate interests, it has been analyzed that the same do not compromise or interfere with the interests or fundamental rights and freedoms of the data subject (legitimate interest has been assessed based on a Triple Test available by contacting the Company).

3. Is it Obligatory to Provide Personal Data? The provision of the requested data is necessary for the purposes of point 2 letter A, B, C and, therefore, any refusal to provide them in whole or in part may result in the impossibility for the Company to execute the contract or continue the relationship.
4. The provision of data for the purposes of point 2 lett. D and E is optional, but failure to provide it in whole or in part may result in the impossibility for the Company to consider you as a supplier and formalize an agreement with you.
5. Categories of Recipients of your Personal Data: The data may be communicated, where necessary and only if indispensable, for the purposes referred to in point 2 letter A to banks, professionals (e.g. lawyers), judicial authorities and police and supervisory bodies, public bodies, poste-courriers (communicating the data necessary to send any communications); for the purposes referred to in point 2 letter B and C to professionals (e.g., attorneys), judicial authorities and police and supervisory bodies, public entities, post-carriers (communicating the data necessary to send any communications); for the purposes of point 2 lett. D to Certification Bodies; For the purposes of point 2 lett. E to other AGF88 Group Companies. The data may also be disclosed to the subjects specifically delegated by the Company to process the data (administrative/legal technical/IT employees, including those external to the Company, members of corporate bodies, quality/certification consultants, IT consultants, legal consultants, tax consultants, interns, collaborators of the data processors) and data processors (companies/studies/professionals performing auxiliary activities to that of the Company such as consulting companies, IT outsourcing companies, tax management companies) always appointed by the Company and whose list can be found by contacting the Data Controller.  
6. Data retention: Data may be retained and processed by the Company for as long as is necessary for the pursuit of the purposes contained in this privacy policy. The period of data retention is as follows:
7. - for pre-contractual purposes until the eventual approval or formalization of the contract or agreement unless further retention is required by Italian and European regulations;
8. - for contractual purposes until the termination of the relationship and also after the termination for the period determined by Italian and European regulations, including tax regulations;;

- for legal obligations, regulations and EU regulations, data may be retained for the periods imposed by these regulatory sources;

- for the purposes of point 2 letter D for the duration of the relationship and thereafter if required by ISO or Italian and European regulations;

- for the purposes referred to in point 2 letter E, the data may be kept until the Company revokes its accredited supplier status unless the Company exercises the rights indicated in point 7 of this privacy policy;

- in any case, all data may be retained for a period necessary to assert or defend a right of the Company, according to Italian civil and criminal regulations and then for a maximum of 10 years from the termination of the relationship, except for litigation or disputes that make a further retention period necessary and subject to further retention if required by local regulations applicable to the data subjects.

9. Data Controller and Data Protection Officer: The Data Controller is Pettenon Cosmetics S.p.A. SB with registered office in Via del Palù, 7d, 35018 San Martino di Lupari PD, Tel. +39 049 99888 FAX +39 049 9988809, privacy@pettenon.it.  

There is a Data Protection Officer of the Company, contactable at the Company’s headquarters in Via del Palù, 7/d, 35018 - San Martino di Lupari (PD), as well as at dpo@pettenon.it

10. Rights: We inform you that the GDPR stipulates that you may request from the Company (at the contact details given in Section 6) access to and rectification of your personal data, deletion of your data or restriction of the processing that concerns you, data portability; you may also have the option, again by contacting the Company, to object to the processing of your data and to exercise the other rights contained in Chapter 3 Section 1 of the GDPR.
11. Compliants: Where you believe that data processing is taking place in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Italian Supervisory Authority (whose references can be found at www.garanteprivacy.it), as provided for in Article 77 of the GDPR, or to take appropriate legal action (Article 79 of the GDPR).  In addition, he or she may also turn to the Control Authority of the state where he or she normally resides or works. A list of the Supervisory Authority can be found at the link www.garanteprivacy.it/home/footer/link).
12. Data of collaborators/employees: It is recalled that if the data subject to whom this notice is addressed has to communicate to the Company for reasons inherent in the performance of the contract, of the names and contact details of their collaborators, the data subject must inform the collaborator of the information contained in this privacy policy and of the fact that they will communicate the data to the Company, which may process the data for reasons inherent in the performance of the contract, obtaining their consent to the communication and processing where necessary.
13. Processing method: The data may be processed by the Company in paper, manual, computer and telematic mode (thus storing and processing the data on both paper and computer). The data will be stored and processed by the Company, taking all necessary measures for their protection, in accordance with all current regulations (and therefore also in compliance with the principles of correctness lawfulness and transparency and protection of confidentiality and rights) and with logics strictly related to the purposes indicated in this information. On the data will be carried out only the operations necessary for the pursuit of the purposes indicated in this statement. The data will be stored, as far as the Company is concerned, at the offices of the Company and at the data processors appointed by the Company (as well as at the third parties indicated in this statement to whom the data are communicated and who process them as autonomous data controllers). The data will also be organized in databases - databases including computerized databases.

 

Information updated to 26/06/2023. Previous versions of the information can be found by contacting the Company at the addresses referred to in point 6.