Information for customers and suppliers, including potential ones and other contacts for business communications

articles 13-14 of the EU Regulation 2016/679

The disclosure is a general obligation that must be fulfilled before or at the latest when starting the direct collection of personal data. In the case of personal data not collected directly from the interested party, the information must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or to the interested party).

Sources and categories of personal data

Pursuant to the General Regulation for the Protection of Personal Data of Individuals (GDPR - Reg. (EU) 2016/679), the undersigned organization, data controller, informs of the following: The personal data held by the undersigned organization are collected directly from the interested parties and directly and freely provided by them and from third parties (eg on the internet, from public registers, etc.).

This information concerns personal data, contact details, addresses, telephone numbers, postal and email addresses. The interested parties are to be understood as identified and identifiable third parties having cause with the writer or with a contractual counterpart, even potential, such as eg. customers, suppliers, partners, public administrations, associations, etc. with which there are relationships of interest and / or working with the writer.

Purpose and legal basis of the processing

Personal data are processed for communication between the undersigned organization, including its staff, and the interested party within the normal activity carried out for the following purposes (for each of which the legal basis is indicated in brackets by reference to the articles of the GDPR):

a) purposes strictly connected to the performance and implementation of the requested services (GDPR articles 6 (b) and 9 (a)), in particular for the management of customers and suppliers, including potential ones, carried out by inserting them in databases company for the purpose of evasion of regulatory and contractual obligations, of internal work organization, statistics and others in any case connected to the performance of the economic activity of the undersigned organization, eg. the obligations related to civil, fiscal, fiscal, accounting, remuneration, social security, insurance, etc., including the sending of circulars and notices related to the activity of the contract for the provision of the requested services;

b) purposes related to obligations established by law, as well as by provisions issued by authorities legitimated by the law (GDPR articles 6 (c) and 9 (b, g, h)).

Consequences of refusal to provide data

The provision of data collected from the interested party is optional but essential for the purpose of processing them for the purposes in letters a) and b). In the event that the interested parties do not communicate their essential data, it will not be possible to exchange communications between the staff of the writer and the interested party. For all non-essential data, the provision is optional.

In the absence of consent or incomplete or incorrect provision of certain data, including sensitive data, the required formalities could be so incomplete as to cause prejudice either in terms of sanctions or loss of benefits, or due to the impossibility of guaranteeing the adequacy of the treatment the same to the obligations for which it is carried out, and to the possible mismatch of the results of the treatment itself with the obligations imposed by the law to which it is addressed, intending to exempt the undersigned organization from any and all responsibility for any penalties or afflictive measures.

Methods of data processing

Data processing means their collection, registration, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place on paper and using manual, IT and telematic tools, including automated ones, designed to store and manage the data, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality; personal data will therefore be processed in compliance with the methods indicated in art. 5 EU Reg. 2016/679, which provides, among other things, that the data be processed lawfully and fairly, collected and recorded for specific, explicit and legitimate, exact, and if necessary updated, relevant purposes. complete and not excessive in relation to the purposes of the processing, in compliance with the fundamental rights and freedoms, as well as the dignity of the interested party with particular reference to confidentiality and personal identity, through protection and security measures. The undersigned organization has prepared and will further improve the data access and storage security system.

An automated decision-making process (e.g. profiling) is not carried out.

Transfer outside the EU

The processing will take place mainly in Italy and the EU, but could also take place in non-EU and non-EEA countries if deemed functional to the efficient fulfillment of the purposes pursued in compliance with the guarantees in favor of the interested parties.

Retention period

Personal data will be kept, in general, as long as the purposes of the processing persist: they will be kept for the entire duration of the contractual relationship and, after its conclusion, until the end of the legal limitation as long as the relationship is not renewed again.

Category of recipients

The data (only the indispensable ones) are communicated

• to persons in charge of the processing, both internal to the organization of the writer and external, who carry out specific tasks and operations (internal commercial network or agents, companies in charge of market surveys, any commercial partners, third parties appointed by the company to fulfill all or part of the obligations assumed under the contract or related to these, banking institutions and credit companies in general, risk centers and / or companies that manage commercial information services, business associations and the like.

• in the cases and to the subjects provided for by law

Rights of the interested party

The data will not be disseminated unless otherwise provided by law.

Furthermore, without the prior general consent of the interested party for communications to third parties, it will be possible to carry out only the services that do not provide for such communications. In case of need, specific and timely consents will be requested and the subjects who receive the data will use them as independent data controllers.

At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided for in relation to the data controller, pursuant to articles. from 15 to 22 of the GDPR (listed below); propose a complaint to the Guarantor (; if the treatment is based on consent, revoke this consent given, taking into account that the revocation of the consent does not affect the lawfulness of the treatment based on the consent before the revocation.

The data controller is Spaziottantotto srl, in the person of its pro tempore legal representative.

Contact details

The headquarters are in Via Montebello 2 / d - 10124 - Turin.

The contact details are: telephone and fax 011-8127089; e-mail

The complete list of data processors is available on request.

Attached you can consult the Extract from EU Reg. No. 679_2016 concerning information for customers and suppliers, including potential ones and other contacts for business communications.