IN ACCORDANCE WITH ART. 13 reg. EU 679/16
(EUROPEAN REGULATION ON THE PROTECTION OF PERSONAL DATA)
This information is provided pursuant to art. 13 of GDPR 679/16 to the clients who are natural persons and to the natural persons who operate on behalf of legal persons as suppliers.
1) IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER: the data controller is MARCORA SPA, with registered office in Inveruno (Italy), via Lazzaretto 5/7 (P.IVA 11984990157, fiscal code 00855310157) in the person of its President Dr. Monica Marcora.
2) PURPOSE AND LEGAL BASIS OF THE PROCESSING: the purpose of the processing is the operation and running of the supply contracts (evaluation of supplier trustworthiness, offer evaluation, order management, billing, payments) in the fulfilment of obligations under administrative, civil, tax, accounting law and in the litigation management.
3) RECIPIENTS OF PERSONAL DATA: the data collected are not disseminated but may be transmitted to third parties specifically identified to fulfil contractual obligations, law or regulations like banks, credit institutions, mail delivery companies, law firms, insurance companies, accounting/tax firms, system administrator, self-employed or casual workers. The staff of MARCORA SPA is entitled to access to personal data on the basis of specific authorization and within the limits of its own competencies.
4) DATA PROCESSING: the data collected are processed by means of paper and means of electronics. In this regard, all possible measures have been taken, necessary and appropriate to ensure the security, the confidentiality and the integrity of data collected against events of loss, destruction, or unauthorized access.
5) TRANSFER OF DATA: the data collected are not transferred to third countries. MARCORA SPA reserves the use of cloud services whose suppliers will be selected according to the security guarantees provided in compliance with art. 46 of GDPR 679/16.
6) DATA RETENTION: the data will be processed for the time strictly necessary to achieve the purposes described in point 2). Once the purposes have been achieved and the requirements prescribed by law or contract fulfilled, the data will be stored and kept for the time required by the civil and tax regulations in force (10 years at most).
7) RIGHTS OF THE DATA SUBJECT: the data subject may exercise the rights provided by GDPR as follows: art. 15 right of access; art. 16 right of rectification; art. 17 right to erasure; art. 18 right to restriction of processing; art. 20 right to data portability; art. 21 right to object; art. 22 right to object to automated individual decision-making GDPR 679/16, including profiling. The data subject may exercise these rights by making a request to the data controller through the e-mail address firstname.lastname@example.org or to the address indicated in point 1).
8) REFUSAL/WITHDRAWAL OF CONSENT: the data subject at any time may refuse or withdraw his consent to the personal data processing by writing to the e-mail address email@example.com or to the address indicated in point 1). Refusal or withdrawal of consent to the personal data processing however make it impossible for the data controller to execute any relationship with the data subject or his requests whatsoever.
9) COMPLAINTS: The data subject has the right to submit a complaint to the supervisory authority of the country of residence.
10) AUTOMATED DECISION-MAKING: No automated decision-making is expected, carried out and managed in any way.