INFORMATION ON THE PROCESSING OF PERSONAL DATA
Information pursuant to and for the purposes of art. 13 of Regulation (EU) 2016/679 of 27 April 2016, "on the protection of natural persons with regard to the processing of personal data, as well as on the free circulation of such data and which repeals Directive 95/46/EC (General Data Protection Regulation)".
Customers/suppliers (interested parties to the processing) and their contacts (hereinafter "interested parties", ex. Art.4, c.1 of the GDPR)) are informed that the professional relationships established with the undersigned Data Controller may involve the processing of personal data, in compliance with the following general principles:
• all data are processed lawfully, correctly and transparently towards the interested party, in compliance with the general principles set out in Art. 5 of the GDPR;
• specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
DATA CONTROLLER
The data controller is
CAD-PROJECT S.R.L.
VIA DELL'INDUSTRIA, 24
40050 - ARGELATO (BO)
Tax code/VAT number: 01532821202
Tel. +39 051 897056
e-mail info@cad-project.it
to whom you can contact to exercise all the rights provided for by art. 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), as well as revoke a previously granted consent or lodge a complaint with the Supervisory Authority for the protection of personal data.
PURPOSE OF THE PROCESSING
The Data Controller processes personal identification data of the customer/supplier (for example, name, surname, company name, personal/fiscal data, address, telephone, e-mail, bank and payment details) and of its operational contacts (name, surname and contact details) acquired and used in the context of the provision of the services provided by the Data Controller.
The data are processed to:
• conclude contractual/professional relationships;
• fulfill the pre-contractual, contractual and fiscal obligations arising from the existing relationships, as well as manage the necessary communications connected to them;
• fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority
• exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; ordinary internal needs of an operational, management and accounting nature).
Failure to provide the aforementioned data will make it impossible to establish the relationship with the Data Controller. The aforementioned purposes represent, pursuant to Art.6, paragraphs b,c,f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out processing for different purposes, specific consent will be requested from the interested parties.
METHODS OF PROCESSING
In relation to the aforementioned purposes, the processing of personal data takes place using computer and manual tools (e.g. use of paper documentation and support), in a lawful manner and in accordance with the correctness for the fulfillment of the purposes indicated above.
The data concerning you will be protected with suitable security measures that guarantee their confidentiality, integrity, accuracy, availability and updating.
For the special personal data referred to in art. 9 of the Regulation, the processing will take place in compliance with the measures prescribed by the Privacy Guarantor.
SCOPE OF PROCESSING
The data are processed by internal subjects regularly authorized and trained pursuant to Art.29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects who operate as independent Data Processors or Data Controllers (consultants, technicians, banks, transporters, etc.).
The data are not subject to dissemination or transfer to non-EU countries. If it becomes necessary, in the context of tenders/contracts or in the fulfillment of regulatory obligations (e.g. joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.) to acquire personal data of their employees from customers/suppliers, it is agreed between the parties that the undersigned company will be entitled to process such data as an external Data Processor (Art.28 GDPR) or as an authorized subject (Art.29 GDPR). In the context of this relationship, the undersigned company undertakes to process such data in compliance with the compliance requirements set out in the GDPR, guaranteeing any communication to other subjects exclusively within the scope of specific legal obligations.
RIGHTS OF THE INTERESTED PARTY (GDPR art. 15-22)
At any time, the interested party may exercise the right to:
• request confirmation of the existence or otherwise of their personal data.
• obtain information about the