Data privacy notice for suppliers

DATA PRIVACY NOTICE FOR SUPPLIERS

Notice pursuant to and for the purposes of Article 13, EU Regulation 2016/679

(General Data Protection Regulation)

Dear Supplier, MATIC PLAST MILANO S.r.l., with registered office in Via Giuseppe Garibaldi, 62, 20061, Carugate (MI), Tax Code and VAT No. 06964710963, as Data Controller of your personal data, pursuant to Art. 13 of EU Regulation 2016/679 (“General Data Protection Regulation,” hereinafter “GDPR”), informs you that your data will be processed in accordance with the provisions of the aforementioned legislation and the confidentiality obligations set forth therein. Specifically, the processing of data will be based on principles of correctness, lawfulness, transparency, and protection of confidentiality, using the methods and for the purposes indicated below.

1. Definitions

For the purposes of this privacy notice, the following definitions apply:

  • Personal data (hereinafter also referred to as “Data”): any information relating to the supplier as an identified or identifiable natural person, directly or indirectly, by means of a name, an identification number, one or more factors specific to his or her physical, economic or social
    identity, etc.;
  • Processing: any operation, performed with or without the aid of automated processes, applied to Data, such as collection, recording, extraction, consultation, communication by transmission, deletion, etc.;
  • Data controller (hereinafter also referred to as the “Controller”): the legal entity that determines the purposes and means of Data processing (in this specific case, MATIC PLAST MILANO S.r.l. is the Data Controller of your Data);
  • Legitimate Interest: the interest of the Data Controller or third parties that legitimizes the processing of supplier Data, provided that the interests or fundamental rights and freedoms of the supplier do not prevail and taking into account the reasonable expectations of the supplier based on their relationship with the Data Controllerù

 

2. Identity and address of the Controller

The Data Controller is MATIC PLAST MILANO S.r.l., with registered office in Via Giuseppe Garibaldi, 62, 20061, Carugate (MI), VAT number/Tax Code 06964710963, in the person of its pro-tempore legal representative.

3. Data subject to processing

The Data Controller processes the Data you have provided/acquired for/during:

  • contractual definition of supply agreements;
  • signing of estimates/purchase contracts;
  • carrying out supplier selection activities.

 

4. Purpose of Processing

The processing of the Data you provide will be used only for the following purposes:

  • fulfilling obligations arising from a contract to which you are a party or to comply with your specific requests before and after the execution of the contract;
  • supplier management (supplier administration, contract dministration, active orders, invoices, selections based on company needs);
  • management of litigations (breaches of contract, injunctions, transactions, debt collection, arbitration, legal disputes);
    • fulfillment of legal obligations of an administrative, accounting, civil, and fiscal nature, arising from national, EU, and supranational legislation.

 

5. Legal basis for processing and consequences of failure to provide Data

With the exception of compliance with legal obligations, which constitutes a separate legal basis, the legal basis for the processing of your Data is the legitimate interest of the Data Controller in processing such Data for the purposes indicated in the previous paragraph, taking into account that, based on the careful assessment carried out by the Data Controller, such processing, for the purposes and methods by which it is carried out, is not likely to harm your interests or your rights or fundamental freedoms; Furthermore, this is processing that you can reasonably expect in relation to the subject matter and purposes of the contractual relationship. The Data you provide will be processed only for purposes strictly related to the performance of activities inherent in the commercial relationship established between the Parties, in compliance with the purposes expressly provided for by the GDPR.
Failure to provide the Data for the purposes indicated in the previous paragraph will prevent the contractual relationship from being finalized and will also prevent the fulfillment of further obligations related to the supply relationship.
Pursuant to Article 13 of the GDPR, if the Data Controller intends to further process the Data for purposes other than those indicated and for which they were collected, it will provide the data subject with information about this different purpose prior to such further processing. Furthermore, if you
provide Data belonging to third parties, you must ensure that those persons have been duly informed of the processing of their Data in accordance with this privacy notice and, if required, that they have consented to the processing of their Data.

6. Data Processing and storage methods

In relation to the purposes indicated, Data Processing will be carried out in accordance with the provisions of the GDPR and Legislative Decree 196/2003 and subsequent amendments and additions.
In particular, Processing operations are carried out in a correct, lawful, and transparent manner, ensuring the logical and physical security and confidentiality of the Data through electronic and procedural security measures. The Data will be processed electronically and on paper. The Data will not be subject to automated decision-making processes.
The Data Controller will retain your Data, as required by current legislation, for the time strictly necessary in relation to the specific purposes for which the Data was collected, in compliance with the principles of storage limitation and minimization defined in Article 5 of the GDPR, and in any case for no longer than 10 years from the termination of the relationship, unless otherwise required by law.
When the aforementioned reasons for processing cease to exist, the Data will be anonymized, deleted, or destroyed.

7. Communication and disclosure of Data

The processing will be carried out by our staff specifically assigned to this task as part of their duties.
Your data may also be communicated to:

  • parties external to the Data Controller who carry out the processing on behalf of the Data Controller (e.g., accountants, shippers, carriers) and who have been designated to perform specific processing activities (e.g., data processing, customs procedures);
  • parties whose right to access such data is recognized by law or regulation;
  • any other natural and/or legal person, public and/or private, if the communication is necessary or functional to the performance of our activities and in the manner and for the purposes described above.

Your data will not be disclosed.

 

8. Transfer of Data abroad

Data may be transferred to countries outside the EU only in cases where this is necessary for the purposes stated and/or for the fulfillment of legal obligations. In such circumstances, the transfer will take place in compliance with the provisions of the GDPR. In this case, you will be duly informed and
will have the right to obtain a copy of the guarantees adopted for the transfer of Data, as well as information on where they have been made available, by contacting the Data Controller.

9. Suppliers’ rights

You may exercise your rights under the following articles of the GDPR at any time:

  • 15 (right of access)
  • 16 (right to rectification)ù
  • 17 (right to erasure – right to be forgotten)
  • 18 (right to restriction of processing)
  • 20 (right to Data portability)
  • 21 (right to object)
  • 22 (automated decision-making relating to natural persons, including profiling)

 

10. Methods for exercising the rights

You may exercise the rights indicated in the previous paragraph by sending a communication via:

  • Registered letter with return receipt to MATIC PLAST MILANO S.r.l, Via Giuseppe Garibaldi, 62, 20061, Carugate (MI);
  • E-mail to the certified email address maticplastmilano@legalmail.it

 

11. Right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with the Data Protection Authority if you believe that the processing of your Data violates the GDPR. Further information can be found on the website www.garanteprivacy.it