Tel. +39 049 936 7645 info@chiggiatospa.com

privacy policy supplier

Articles 13-14, EU Regulation April 27, 2016 No. 679 “General Data Protection Regulation” SUP

Rev. 00

Dear Supplier,

This privacy policy on personal data processing (“Privacy Policy”) will allow you to clearly and fully understand how your personal data (Data) are processed.

1. WHO IS THE DATA CONTROLLER?

The data controller is CHIGGIATO S.p.A., with its legal headquarters at 35017 Piombino Dese (PD), Via Primo Targato n. 4 (Tax ID and VAT no. 03289390282). For information about data processing, you can write to the following e-mail address: privacy@chiggiatospa.com.

2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?

The following personal data may be processed:

  • Personal and contact information (telephone and email);
  • Fiscal, administrative, accounting, and commercial data;
  • Other administrative or commercial data.

3. FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA AND WHAT IS THE LEGAL BASIS?

a) Contractual relationships. The data requested are necessary to conclude and execute the contract of which you are a party. Legal basis: the condition that legitimizes the processing is the execution of the contract of which you are a party.

b) Legal obligations. Some data, such as billing data, are necessary to fulfill legal obligations, including accounting and administrative management, and to meet communication requirements to Public Administrations or other Public Bodies. Legal basis: the necessity to comply with legal obligations to which the data controller is subject and/or contractual obligations of which you are a party.

c) Disputes. Some data may be processed for the activation of extrajudicial or judicial procedures for the defense of the rights and interests of the Controller. Legal basis: the legitimate interest of the Controller in exercising or defending a right.

4. NATURE OF DATA PROVISION

The provision of information requested for the purposes under point 3 letters a) and b) is necessary. Failure to provide the requested information would prevent the execution of the contract and/or compliance with current regulations.

5. HOW LONG DO WE STORE DATA?

Data will be stored for a limited time period, varying according to the type of activity that involves processing your personal data. Once this period has expired, your data will be permanently deleted or irreversibly anonymized.

Your personal data are stored in compliance with the terms and criteria specified below:

Data will be stored for the period necessary to pursue the above purposes and in any case not beyond the terms provided by specific legal obligations.

6. WHO MIGHT YOUR PERSONAL DATA BE DISCLOSED TO?

Your personal data will be processed by duly trained personnel, operating under the authority and responsibility of the Controller. Some of the information may be communicated, exclusively for the purposes specified above, to the following subjects:

  • Credit institutes, financial companies, and banks;
  • Legal or consulting firms to which the Company has given a specific mandate;
  • Companies assisting and maintaining IT systems or suppliers of IT storage systems;
  • Other subjects or Companies performing activities instrumental to the above purposes on behalf of the Controller.

A detailed list of all recipients is available upon request to the Data Controller.

7. YOUR RIGHTS

European data protection law (“GDPR”) provides a series of rights that can be exercised to maintain control of your data. To exercise your rights, you can write to privacy@chiggiatospa.com. We are obliged to respond within 30 days of receiving the request, and we will try to be as quick as possible.

Right of access: the right to obtain information about the processing of personal data, gain access to them, and copy them even via common electronic means. We commit to providing a report of the data we possess, such as personal and contact data, or the requests received via contact forms or email.

Right to rectification: the right to get data updated, supplemented, or corrected. If you believe that the data are in some way incorrect or outdated, we will do our best to resolve the issue.

Right to data portability: you can request the portability of data processed on the basis of contract execution or your consent, even directly to other data controllers.

Right to erasure: the right to request the deletion of stored data. In some cases, direct deletion can be requested, and we will take care to proceed as quickly as possible. However, not all data can be deleted upon request, as they may be necessary to fulfill legal obligations or because they are still in use.

Right to restriction and opposition: the right to request the limitation of processing or to oppose, in whole or in part, the processing of personal data. In case of a request for limitation of processing, we are obliged to suspend, for a determined time, any operation on the data.

If you believe that one or more processing activities carried out by us may violate the regulations, or you feel that your rights have not been protected, you can file a complaint with the Control Authority of the place where you usually reside or where the alleged violation occurred. In Italy, you can contact the Authority for the Protection of Personal Data.

Privacy policy