Information on contractual counterparties

INFORMATION TO CONTRACTUAL COUNTERPARTIES PURSUANT TO AND FOR THE PURPOSES OF ARTICLES 13 AND 14 OF THE 2016/679 EU REGULATION “GENERAL DATA PROTECTION REGULATION”

We would like to inform you that Regulation (EU) 2016/679 (“GDPR”) and the related Italian legislation of reference pro tempore in force, i.e. Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, (together with the GDPR, “Privacy Policy”) - including the provisions issued by the Guarantor Authority for the Protection of Personal Data (“Guarantor”) - dictate rules relating to the protection of individuals with regard to the processing of personal data, protecting their fundamental rights and freedoms and, in particular, the right to data protection personal. Pursuant to articles 13 and 14 of the GDPR, we inform you below of the methods and purposes with which BANCOMAT S.p.A., with its sole office in Piazzale Luigi Sturzo 15, 00144, Rome, as data controller, will process the personal data of its contractual counterparties (including, by way of example, the Members of the Circuits, the subjects who request certification services, the suppliers of products and services of the Circuits, the developers of solutions), to be understood, in accordance with this information, such as:

- counterparties to individuals, sole proprietorships;
- legal representatives, partners (individuals), directors and employees/contacts of contractual counterparties legal entities.

Personal data concern, in particular, the personal data, professional qualifications and contact details of the subjects indicated above and are collected directly from the counterparty at the time of the negotiation or after it, or indirectly through information found in lists, documents, public records and professional registers.

‍

These data are processed for the following legal bases and processing purposes:

a) pursuant to art. 6, paragraph 1, letter c) of the GDPR, to fulfill the obligations established by current tax legislation;
b) pursuant to art. 6, paragraph 1, letter b) of the GDPR, to negotiate the conditions relating to the contract to be concluded with BANCOMAT S.p.A. or for the purpose of executing it after the stipulation and for carrying out activities related to, connected to and dependent on the negotiating relationship;
c) pursuant to art. 6, paragraph 1, letter f) of the GDPR, to pursue BANCOMAT S.p.A.'s legitimate interest in exercising or defending a right in court or out of court, even in the event of a breach of contract.

The provision of personal data is optional, but necessary and, in case of non-provision, it will not be possible to enter into and execute the contract with BANCOMAT S.p.A. and execute it.

‍

Personal data will be processed with automated and non-automated tools, by specifically authorized and specially trained personnel. Adequate security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access.

‍

They will be kept for the entire duration of the contractual relationship and, in any case, for a maximum period of 10 years from the date of termination of effectiveness of the contract, for the purpose of fulfilling the legal obligations established by the civil code and tax laws concerning the obligations to keep business documents, without prejudice to any extensions due to interrupting the legal prescription or the exercise of the right referred to in art. 17 of the Regulation in the cases provided for by law.

‍

The employees and collaborators of BANCOMAT S.p.A. who are responsible for the conclusion and execution of the contract, as well as the employees and collaborators who are responsible for the fulfillment of legal obligations in tax matters, may become aware of the personal data collected. In addition, the following categories of subjects may become aware of them, who, as data processors or - where the conditions provided for by current legislation exist - of owners, provide BANCOMAT S.p.A. with instrumental services for carrying out their business: IT service providers; management service providers; administrative service providers; external professionals and consultants; external auditing firms, whose updated names may always be requested from BANCOMAT S.p.A. at contact details indicated below.

‍

Personal data will not be disclosed to third parties and will not be subject to “dissemination”, meaning dissemination or transmission to undetermined subjects, except for the execution of any legal obligations or by possible order of a judicial authority or police force or for the management of any litigation. In such cases, they may be communicated to the following third parties:

- to banks and payment institutions, in order to be able to make or receive payments related to the contract;
- to the competent authorities in tax and tax matters, in accordance with the provisions of the law;
- to the judicial authority or to police forces, in the event that it is necessary to report a crime or, in any case, to pursue their legitimate interest in exercising or defending a right in court;
- to lawyers and/or consultants, if necessary to pursue their legitimate interest in exercising or defending a right in court and out of court.

In general, the processing of personal data outside the European Economic Area is not envisaged, except to the extent that some of the subjects mentioned above - managers or data controllers (e.g., external auditing firms) - need, for the purpose of carrying out their respective activities, to transfer data to third countries, in compliance with the conditions set out in articles 44 et seq. of the GDPR.

‍

Each interested party retains the right to exercise, in cases permitted by law, at any time, free of charge and without formalities, the rights referred to in articles 15 to 22 of the GDPR, including: the right to request access to personal data (i.e. the right to obtain confirmation of whether or not personal data concerning them is being processed and, in this case, to obtain access to the data itself, obtaining a copy, and to the information referred to in art. 15 of the GDPR); correction (or the right to obtain the correction of inaccurate data that concern him or the integration of incomplete data) or the cancellation of the same (or the right to obtain the cancellation of the data concerning him, if there is one of the reasons indicated by art. 17 of the GDPR); the limitation of the processing that concerns him (i.e. the right to obtain, in the cases indicated by art. 18 of the GDPR, the marking of the data stored with the aim of limiting their processing in the future), as well as the right to data portability (or the right, in the cases indicated by art. 20 of the GDPR, to receive, in a format structured, commonly used and readable by an automatic device, the data concerning him, as well as to transmit such data to another data controller, without impediments).

‍

Each interested party also has the right to object, at any time, for reasons related to their particular situation, to the processing of personal data concerning them pursuant to art. 6, paragraph 1, letter f) of the GDPR.

Requests relating to the exercise of the rights described above should be addressed to BANCOMAT S.p.A., with headquarters in Piazzale Luigi Sturzo 15, 00144, Rome; e-mail: privacy@bancomat.it.

‍

In response to this request, the Data Protection Officer appointed by BANCOMAT S.p.A. pursuant to articles 37 et seq. of the GDPR is appointed by the Data Protection Officer appointed by BANCOMAT S.p.A. in accordance with articles 37 et seq. of the GDPR.

‍

The interested party who believes that the processing of their personal data contemplated by this information is in violation of the provisions of the GDPR has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, as required by art. 77 of the GDPR itself, or to take appropriate legal action (art. 79 of the GDPR).