Policy for Customers and Suppliers
Policy for Customers and Suppliers in compliance with art.13 of European Regulation 2016/679
Dear Customer / Supplier,
The company D.R.M. Srl, having its registered office in Poggio Rusco (MN) Via Piva 2, controller of your personal data processing, in compliance with art.13 of European Regulation UE 2016/679, hereby informs You about the personal data provided by You for the performance of a contractual relationship and / or pre-contractual purposes such as drafting or requiring a quotation.
Personal data processed
Within this scope, D.R.M. Srl can process data:
- Of the Legal Representative;
- Of Your employees/contact persons;
The personal data that can be processed by D.R.M. Srl are:
- Identity and contact details (name, address, date and place of birth, Tax identification number and VAT number, physical and telematic address, landline and mobile phone number);
- Data related to your business and professional activity;
- Bank data;
- Accounting and fiscal data;
- IT data such as e-mail addresses or IP address.
Processing purposes and legal basis
The above mentioned personal data will be processed for the following purposes:
- For the management of the contractual relationship and the consequent regulatory requirements.
- For the communication to third parties and/or recipients (such as public agencies, banks, tax and accounting consultants, legal consultants, IT technicians) for the activities connected to and necessary for the relationship;
- For marketing of products/services of a similar nature to the subject of the sale.
The legal bases of the Personal data processing for the purposes under point a-b are provided by art. 6 par. 1 lett. B), c) of the Regulation because the processing is necessary for the performance of contractual and pre-contractual activities and for the fulfillment of legal requirements.
The provision of personal data for these purposes is deemed necessary since not providing your data related to the contractual relationship prevents its correct enforcement and implementation by the Controller.
The processing executed for marketing purposes under point c) is based on the pursuit of a legitimate interest by the Controller (art. 6 par. 1 lett. f) besides what stated in Whereas 47) about cultivating and maintaining the relationships with consolidated customers informing them on news about D.R.M. products and services. The provision of your Personal Data for these purposes is absolutely optional and it does not compromise the fruition of the contractual services and the data subject can at any time oppose the mailing of commercial information by D.R.M.
For all the other purposes, the data are processed in hard copy and electronically.
Data transfer to third countries
No transfer of your data to countries outside the EU is planned.
Data storage period
The data will be stored for no longer than is necessary for the purposes for which the personal data are processed and, in any case, for the time dictated by specific law requirements (in particular for what concerns the civil law about the storage of Book entries).
Once completed all the purposes that legitimate the storage of Your personal data, the Controller will cancel them or render them anonymous.
Controller and authorized persons
The data will be processed by the following operators who, as explicitly appointed by the undersigned as authorized to the processing, can access them:
- General Manager of the company
- Sales and administrative departments employees;
Moreover, the data will be made available to the IT societies in charge of the hardware, software and web maintenance and services, the tax and accounting consultant, the forwarder and the privacy consultant, having the role of processors.
The data can be disclosed to:
- Public agencies of reference;
- Legal consultants;
- Certifying authorities;
The disclosure of the data to these bodies is necessary for the closure and implementation of the contract between the parties and to pursuit the controller’s legitimate interest to properly comply with the commitments deriving from binding regulations and voluntary norms, thus the data subject has the legal obligation to provide his/her data, because without these data the Controller could not comply with the requirements of the contractual relationship.
No data is subject to dissemination.
Rights of the data subject
The data subject has the right to ask the Controller to access, review or erase the data, to limit the processing, besides the right to data portability, or to oppose the data processing to the conditions established by art. 15, 16, 17, 18, 20, 21 of the European Regulation 2016/679.
Moreover, the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Finally, the data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the European Regulation.
For any further information and in any case for forwarding your request, please contact the Controller at the following e-mail address: email@example.com
Customers/ suppliers policy Rev. 0 dated 25/05/2018