Supplier Information
Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
Pursuant to Article 13 of the General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), we are providing you with certain information regarding the processing of your personal data provided in the context of your relationship with Italtower S.r.l.
Data controller
The Data Controller is Italtower S.r.l., with its registered office at Via A. Meucci 5/11, Piove di Sacco (PD), tax code, VAT number and Padua Companies Register number: 04725890281 (hereinafter referred to as the “Data Controller” or “Company”).
Purpose
To manage the implementation of pre-contractual measures, as well as to manage the performance and fulfilment of the contractual obligations entered into by both parties.
Legal basis for processing
(Article 6(1)(b) of the GDPR)
Performance of a contract
Purpose
Administrative, accounting and tax obligations; debt recovery.
Legal basis for processing
(Article 6(1)(b) of the GDPR) Performance of a contract
(Article 6(1)(c) of the GDPR)
Processing necessary for compliance with a legal obligation to which the Controller is subject
(Article 6(1)(f) of the GDPR)
Processing necessary for the purposes of the Data Controller’s legitimate interests relating to the organisational, administrative, financial and accounting management of its organisation
Purpose
Manage the archiving and retention of data, information, communications (including electronic communications) and documents relating to the relationship with the Company.
Legal basis for processing
(Article 6(1)(c) of the GDPR)
Processing necessary for compliance with a legal obligation to which the controller is subject
Recipients of personal data
In order to achieve the purposes set out above, your personal data may be disclosed to:
-
employees and/or contractors of the Data Controller, who have been duly appointed as authorised persons and instructed on how to process such data;
-
other companies within the group to which the Data Controller belongs, for the performance of specific services and/or functions;
-
third parties other than the Data Controller, such as:
Third parties or categories
IT companies
Purpose
Management, maintenance and updating of the systems and software used by the Data Controller
Purpose
Providers of networks, electronic communications services, and IT and telecommunications services relating to the archiving, storage and management of data
Legal basis for processing
Hosting, housing, cloud, SaaS and other remote IT services essential for the provision of the Data Controller’s activities; archiving and retention services for electronic documents in accordance with the law
Purpose
Consultants, professionals, law firms, arbitrators, insurance companies, surveyors, brokers
Legal basis for processing
Legal, out-of-court and insurance matters relating to claims
Organisational, administrative, financial and accounting management
Purpose
Banks or financial institutions, companies and organisations of any kind engaged in banking, credit, leasing, factoring or financial activities – including brokerage – and related, complementary or similar activities
Legal basis for processing
Organisational, administrative and financial management
Purpose
Public administrations and public bodies in general
Legal basis for processing
Handling of requests from supervisory bodies
Managing procedures for accessing grants, subsidies and/or awards provided for under current national and European legislation
Purpose
Law enforcement agencies and judicial authorities
Legal basis for processing
Handling of investigations by the investigating authorities in the event of accidents
The processing of data by certain third parties may involve the transfer of data to countries outside the EU.
In such cases, we will ensure that the data is properly and adequately protected, in accordance with the GDPR.
The third parties to whom your personal data may be disclosed act in the following capacities:
-
data controllers, i.e. entities that determine the purposes and means of processing personal data;
-
data processors, i.e. entities that process personal data on behalf of the data controller;
An up-to-date list and details of the individuals identified as data controllers or data processors are available from the Company.
Retention period for personal data
Below, we set out the retention period for your personal data or, where this is not possible, the criteria used to determine that period.
Personal data and documents
Retention period or criteria for determining it
Personal details and documents relating to your employment with the company
For the period necessary to fulfil the purposes of the processing and, thereafter, within the limits permitted by law, for administrative, accounting and tax purposes, as well as to assert or protect the Data Controller’s rights, where necessary
Rights of the data subject
We would like to inform you that the GDPR provides for certain rights regarding your personal data and its processing, which you may exercise by contacting the Data Controller.
Law
Right of access to data
(Article 15)
Description
You may request: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period; e) the existence of the data subject’s right to request from the controller the rectification or erasure of personal data or the restriction of processing of personal data concerning him or her, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the data have not been collected from the data subject, any available information as to their origin; h) the existence of automated decision-making, including profiling as referred to in Article 22(1) and (4), and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request a copy of the personal data being processed
Law
Right to rectification
(Article 16)
Description
You have the right to request the rectification of any inaccurate personal data concerning you and to have any incomplete personal data completed
Law
Right to be forgotten
(Article 17)
Description
You have the right to request that the Data Controller erases your personal data if it is no longer necessary for the purposes for which it was collected or otherwise processed
Law
Right to restriction of processing
(Article 18)
Description
You have the right to obtain from the Data Controller the restriction of processing where you have contested the accuracy of the personal data (for the period necessary for the Data Controller to verify the accuracy of such personal data) or where the processing is unlawful, but you oppose the erasure of the personal data and request instead that its use be restricted, or where you require the data for the establishment, exercise or defence of a legal claim, whilst the Data Controller no longer requires them.
Law
Right to data portability
(Article 20)
Description
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller if the processing: (i) is based on consent, (ii) on a contract, and (iii) is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, and such transmission does not infringe the rights of a third party.
Law
Right to object
(Art. 21)
Description
You have the right at any time to object, in whole or in part, to the processing of your personal data where such processing is carried out to pursue a legitimate interest of the Data Controller or where it is carried out for direct marketing purposes. In such cases, your personal data will no longer be processed for those purposes.
You may exercise these rights by sending an email to info@italtower.com and/or by using the forms published on the website and available from the Data Controller.
If you believe that the processing of your personal data is in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Supervisory Authority (Article 77 of the GDPR).
The exercise of the aforementioned rights is subject to the limits, rules and procedures set out in the GDPR, which the data subject must be aware of and comply with. Furthermore, in accordance with Article 12(3), the Data Controller shall provide the data subject with information regarding the action taken without undue delay and, in any event, no later than one month from receipt of the request. This period may be extended by two months, if necessary, taking into account the complexity and number of requests.
The Data Controller shall inform the data subject of such an extension, and of the reasons for the delay, within one month of receiving the request.