INFORMATION ON DATA PROCESSING

ART. 13 OF REGULATION (EU) 2016/679

 

Data Subjects: Suppliers

Dear Supplier,

NF TRASPORTI S.r.l., as the Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679 hereinafter ‘GDPR’, hereby informs you that the aforementioned legislation provides for the protection of data subjects regarding the processing of personal data and that this processing will be based on principles of fairness, lawfulness, transparency, and the protection of your privacy and your rights.

To achieve its purposes related to the management of the relationship, NF TRASPORTI S.r.l. needs to acquire personal data, such as, for example, your first and last name, company demographic data, phone or mobile number, email address, tax code, etc.

Your personal data will be processed in accordance with the legislative provisions of the aforementioned regulation and the confidentiality obligations therein. 

Purpose of processing and legal basis: In particular, your data will be processed for the following purposes related to the implementation of legal or contractual obligations:

  • Mandatory legal compliance in the fiscal and accounting field; legal basis: legal obligation;
  • Supplier management; legal basis: contractual obligation;
  • Supplier invoicing history; legal basis: legal obligation;
  • Obligations under current laws; legal basis: legal obligation;

Consequences of failure to provide: The processing of data is necessary for the indicated purposes. The possible non-communication or incorrect communication of one of the mandatory information may cause the impossibility for the Data Controller to ensure the relationship.

Processing methods: The processing is carried out using manual and/or computerized and telematic tools, in such a way as to ensure the security, integrity, and confidentiality of the data in compliance with the organizational, physical, and logical measures provided for by current regulations, to minimize the risks of destruction or loss, unauthorized access, modification, and unauthorized disclosure in accordance with the procedures set out in Arts. 6, 32 of the GDPR.

Recipients: To carry out certain activities, or to provide support for the operation and organization of the activity, some data may be brought to the attention of or communicated to recipients. These entities are distinguished into:

Third parties: (communication to: natural or legal persons, public authorities, service or other bodies that are not the data subject, the data controller, the data processor, and authorized persons responsible for processing) including:

  • Banking institutions for managing collections and payments;
  • Companies that manage traditional or computerized postal services (if necessary for the indicated purposes);
  • Consultants and freelancers, even in associated form, in legal matters, etc., as independent controllers;
  • Subjects/Entities for legal obligation, whose faculty to access your data is recognized by law obligations;

Data Processors: (the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller)

  • Companies and other subjects, consultants, and freelancers to whom mandates have been given for the management of compulsory fiscal, administrative, accounting compliance, legal consultancy, etc.;
  • Any IT service providers, web, or other services necessary to achieve the purposes required for managing the relationship.

Within the company structure: Your data will be processed only by personnel expressly authorized by the Data Controller, ensuring the adoption of a confidentiality agreement and, in particular, by the following categories of employees:

  • Administration;

Data transfer to third countries: The data controller does not transfer personal data to non-EU countries. If necessary, data subjects will be informed in advance, and guarantees for the transfer to recipients will be adopted, which depending on the case may be: verification of the existence of adequacy decisions for the recipient country by the Commission, signing of standard contractual clauses, verification of the adoption of any additional measures in implementation of recommendation 01/2020 EDPB. In derogation of these guarantees, for data processing (in reference to Art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the data subject or consent to the transfer is verified.

Disclosure: Your personal data will not be disclosed in any way.

Retention period: Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to Art. 5 of the GDPR, the retention period of your personal data is established for a period not exceeding the achievement of the purposes for which they are collected and processed. If a contract is signed, this retention period may end with the termination or withdrawal of the contract; the same data may be retained, where applicable, for an additional period for the management of any disputes, the legal basis for such retention being the contractual obligation and the legitimate interest of the data controller. With the same methods and data protection guarantees, they may be retained for a period respecting the obligations prescribed by current laws, for example, based on tax regulations, for at least 10 years.

Data Controller: The Data Controller of the data, pursuant to the regulations, is NF TRASPORTI Srl, with legal and operational headquarters at Via Emilia, 4010
47020 – Longiano (FC) – IT, VAT: 04257640401 in the person of its legal representative pro tempore.

By sending an email to the following address info@nftrasporti.com you can request more information regarding the data provided.

 

EU Regulation 2016/679: Arts. 15, 16, 17, 18, 19, 20, 21, 22, 23 – Data Subject’s Rights

 

  1. The data subject has the right to obtain confirmation of whether or not personal data concerning him exists, even if not yet registered, and their communication in an intelligible form.
  2. The data subject has the right to obtain the indication:
    1. of the origin of personal data;
    2. of the purposes and methods of processing;
    3. of the logic applied in case of processing carried out with the help of electronic tools;
    4. of the identification details of the data controller, data processors, and the representative designated pursuant to Article 5, paragraph 2;
    5. of the entities or categories of entities to whom personal data may be communicated or who may become aware of them as designated representative in the State, data processors, or persons in charge.
  3. The data subject has the right to obtain:
    1. the updating, rectification, or, when interested, integration of data;
    2. the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including those whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
    3. the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right;
    4. data portability.
  4. The data subject has the right to object, in whole or in part:
    1. for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
    2. to the processing of personal data concerning him for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.
    3. Data subjects, if the conditions are met, also have the right to lodge a complaint with the Supervisory Authority according to the procedures provided. For any further information, and to assert the rights granted to you by the European Regulation, you can contact the data controller.