Skip to main content

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA CUSTOMERS / SUPPLIERS

 

We wish to inform you that, pursuant to Article 13 of EU Regulation 2016/679 (General Data Protection Regulation – hereinafter "GDPR 2016/679"), containing provisions for the protection of individuals with regard to the processing of personal data, the personal data you provide will be processed by our Company.

The processing of personal data will take place in compliance with the aforementioned regulations, in particular, according to the principles of lawfulness, fairness, transparency and protection of your privacy and your rights, with particular reference to integrity, confidentiality, personal identity and the right to protection of personal data.

1.     Data Controller

Data Controller: A.G.I. S.r.l.

Registered office: via Giovanni Bagaini, 15 – 21100, Varese

E-mail address to contact the Data Controller: This email address is being protected from spambots. You need JavaScript enabled to view it.

2.     Types of data collected

The provision of personal data is necessary for the stipulation of contracts, for their modifications and any other relationship with the Company. The personal data collected includes:

a)     personal and contact details of the customer or his legal representative / company contact person;

b)     personal and contact data of company suppliers or self-employed collaborators;

c)     data necessary for tax/civil obligations (such as tax code, bank details).

3.     Purposes of the processing for which the data are intended

The personal data you provide will be used for the following purposes:

a)     comply with legal obligations, regulations, community legislation, civil and tax rules;

b)     to carry out the services requested, to fulfil any contractual obligations and to allow effective management of the relationship with the other party also in order to respond to requests for information, assistance, suggestions and/or needs reported by you;

4.     Nature of the provision and legal basis of the processing

The provision of personal data is necessary to protect a legitimate interest of the Data Controller or of third parties, ensuring a balance between that interest and the fundamental rights and freedoms of the data subject.

Any refusal to provide them will make it impossible to proceed with the employment relationship or the obstacle / impediment to the continuation of the ongoing relationships.

5.     Processing methods

The processing will be carried out in automated and/or manual form, with methods and tools that comply with the security measures referred to in art. 32 of the GDPR 2016/679, by specially appointed subjects, in compliance with the provisions of art. 29 of the European Regulation. Security measures will be used to guarantee the confidentiality of the data subject to whom such data refer and to avoid undue access by third parties and/or unauthorized personnel.

The Data Controller shall adopt appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.

6.     Data retention

We would like to point out that, in compliance with the principles of lawfulness, purpose limitation and data minimisation (pursuant to Article 5 of  the GDPR 2016/679), the retention period of your personal data is established in a period of time not exceeding the achievement of the purposes for which they are collected and processed (normally established in 10 years),  in any case, respecting the times prescribed by law.

At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this term, the rights of access, cancellation, rectification as well as the right to data portability can no longer be exercised.

7.     Scope of communication

The data collected will not be disseminated, but in relation to the purposes mentioned above, they may be communicated to the following categories of recipients:

-      public entities to which the data must be communicated by law (social security and welfare institutions, financial offices, etc.);

-      to our consultants, within the limits necessary to carry out their professional assignment on behalf of the undersigned company (e.g. Accountant).

8.     Transfer of data to non-EU countries

The Data Controller does not systematically transfer personal data to non-EU countries; however, it reserves the right to use cloud services and in this case the service providers will be selected from those who provide adequate guarantees, as provided for by Article 46 of the GDPR 2016/679.

9.     Rights of the data subject

At any time, you may exercise the right to the Data Controller, pursuant to Articles 15-22 of the GDPR 2016/679, to:

·       ask for confirmation of the existence or otherwise of personal data referring to you;

·       get:

-      information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, where possible, the retention period;

-      rectification and erasure of data and obtain the restriction of processing;

-      data portability, i.e. receiving them from a Data Controller, in a structured, commonly used and machine-readable format, and transmitting them to another Data Controller without hindrance;

·       oppose:

-      to processing at any time and also in the case of processing for direct marketing purposes;

-      automated decision-making related to individuals, including profiling;

·       lodge a complaint with the Supervisory Authority (Privacy Guarantor).

10.  Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

 

Updated to February 2025.