Supplier/ Customer Privacy Policy
Data processing policy pursuant to Articles 13-14 GDPR 2016/679 and Italian Legislative Decree No. 101 of 10 August 2018
1. Data controller
The Data Controller is Dalter Alimentari S.p.A., Via Val d’Enza 134, Sant’Ilario d’Enza (RE), 42049 – Italy, VAT No. 00509530358, Telephone +39 0522 901101, Fax +39 0522 673690, email: privacy@dalter.it and certified email: privacy@pecdalter.it
2. Purposing of the processing
Personal data is processed for purposes connected with the establishment and performance of business and contract relations with the Company, specifically with regard to:
a. the fulfilment of contractual obligations;
b. compliance with civil, tax and accounting laws and fulfilment of obligations arising from EU regulations and provisions;
c. financial, credit control and debt collection;
d. obtaining pre-contractual information, directly and/or through appointed agencies;
e. sending direct marketing e-mails for the purpose of selling or advertising products or services similar to those habitually purchased by the Data Subject (for customers).
The data processed shall relate to the company to which the Data Subject belongs (company name, address of registered offices, address of operational headquarters, VAT number, tax identification code, telephone number, fax number, general company e-mail address, etc), but also to the Data Subject as an individual (name and surname, direct telephone number, company mobile phone number, personal e-mail address, etc). This Privacy Policy is necessary for the processing of the latter.
3. Methods of data processing
The personal data in question may be processed using hard copy, IT and online tools, and by implementing security measures designed to ensure the confidentiality of the Data Subject and to prevent undue access to said data by third parties or unauthorised personnel. In any event, personal data shall be processed pursuant to the law and in accordance with principles of lawfulness and fairness in such a way as to protect the confidentiality of the Data Subject.
4. Nature of data provision
The provision of data is mandatory for all legal and contractual obligations. Any partial or total refusal to provide the mandatory data shall make it impossible to establish or further pursue business relations. The legal basis for letter e) point 2 above is legitimate interest.
5. Disclosure of data
Solely for reasons relating to the aforementioned purposes, any personal data pertaining to the processing in question may be disclosed by the Data Controller to employees of the Controller and data processors pursuant to Article 28 as well as to independent data controllers.
6. Circulation of data
Under no circumstances shall personal data be made known to unspecified parties.
7. Transfer of personal data to a third country
Personal data collected in connection with the aforementioned purpose shall not be transferred to countries outside the EU. However, the Data Controller reserves the right to use cloud services, in which case the service providers shall be selected from among those who submit adequate guarantees pursuant to Article 46 GDPR 2016/679.
8. Rights of the data subject
Data Subjects have the right to:
a. file a complaint with a supervisory authority (Articles 13-14 GDPR 2016/679);
b. know which personal data is being processed, its origin, and the purpose and method of the processing (Article 15 GDPR 2016/679);
c. submit a request for rectification to the Data Controller (Article 16 GDPR 2016/679);
d. submit a request for deletion (right to be forgotten) of data managed by the Data Controller (Article 17 GDPR 2016/679);
e. submit a request for restriction of data processing (Article 18 GDPR 2016/679);
f. object in cases where data processing falls under the terms set out in Article 21 GDPR 2016/679.
9. Duration of data processing
The data collected in connection with the aforementioned purpose shall be retained for the amount of time specified in the legislation requiring the processing thereof. Alternatively, it shall be stored for the longer period, i.e. up to the lapse of the relevant rights, without prejudice to special requirements for further data retention in connection with any legal obligations that may arise.
10. Data protection officer
A Data Protection Officer (DPO) has not been designated, as the data processed does not fall into the categories defined under Article 37 GDPR 2016/679.
11. Data processor
For information regarding external Data Processors, please contact the Data Controller