We would like to inform you that Regulation (EU) 2016/679 (“GDPR”) and the related Italian legislation of reference pro tempore in force (together with the GDPR, “Privacy Policy”) - including the measures issued by the Guarantor Authority for the Protection of Personal Data (“Guarantor”) - dictate rules relating to the protection of individuals with regard to the processing of personal data, protecting their fundamental rights and freedoms and, in particular, the right to the protection of personal data. Pursuant to articles 13 and 14 of the GDPR, we inform you below of the methods and purposes with which BANCOMAT S.p.A., with its sole office in Piazzale Luigi Sturzo 15, 00144, Rome, as data controller, will process the personal data of its suppliers (“Suppliers” or “Interested Parties”), to be understood, in accordance with this information, such as:
- suppliers, individuals, sole proprietorships;
- legal representatives, partners (natural persons), directors and contacts of legal entity suppliers.
Personal data concern, in particular, the personal data, professional qualifications and contact details of the subjects indicated above and are collected directly from the Supplier at the time of the first contact with the same, during tenders held for the assignment of specific tasks, the negotiation or signing of the contract to be stipulated/stipulated with BANCOMAT S.p.A. and/or the consequent and in any case connected activities, as well as by filling out the data form of the Suppliers, or indirectly, through information found in public directories and professional registers. Furthermore, during the tender, BANCOMAT S.p.A. may enter into possession of data and documents indicated within its internal procedure for selecting Suppliers; the use of personal data and information contained therein remains strictly functional to carrying out the activities indicated in the above-mentioned selection procedure. These data are processed on the following legal bases and processing purposes:
a. pursuant to art. 6, paragraph 1, letter c) of the Regulations, to fulfill the obligations established by current accounting and tax legislation;
b. pursuant to art. 6, paragraph 1, letter b) of the Regulations, to negotiate the conditions relating to the contract concluded with BANCOMAT S.p.A. or in order to execute it after the stipulation;
c. pursuant to art. 6, paragraph 1, letter f) of the Regulation, to pursue the legitimate interest of Bancomat S.p.A.:
• to efficiently manage the Suppliers, inserting the related data into the Company's computer databases for the purpose of establishing a list of Suppliers (“Suppliers List”), containing the personal data of the Suppliers themselves;
• to request Suppliers to submit supply offers in relation to products and/or services useful to BANCOMAT S.p.A. and, therefore, to manage the formalities necessary for carrying out the tender procedure - initiated according to the Company's internal procedures - through which these offers are collected, possibly also with a view to the subsequent conclusion of the contract;
• to mitigate commercial risk, through the assessment of the solvency and financial reliability of Suppliers, also using IT tools suitable for carrying out such checks (e.g. Cerved);
• to ensure that the Supplier meets the necessary requirements of technical-professional capacity and good repute normally provided for Suppliers;
• to exercise or defend a right in court or out of court, even in the event of a breach of contract.
The provision of personal data is optional, but necessary, since in the event of non-provision, it will not be possible for the Supplier to submit supply offers at the start of the selection procedure for suppliers in relation to the purchase of products and/or services functional to the activity carried out by BANCOMAT S.p.A. and to proceed to conclude the contract with BANCOMAT S.p.A. and execute it.
Personal data will be processed with automated and non-automated tools, by specifically authorized and specially trained personnel. Adequate security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access.
They will be kept, depending on the processing purposes, for the necessary period of time connected to the completion of the formalities related to the tender procedures and for the 2 (two) years following the conclusion of the individual procedure in order to certify its correct performance, as well as for a maximum period of 10 (ten) years from the date of termination of effectiveness of the contract, for the purpose of managing any disputes and fulfilling the legal obligations provided for by the civil code and tax laws concerning the obligations of storage of business documents, without prejudice to any extensions due to interrupting the legal prescription or the exercise of the right referred to in art. 17 of the Regulations in the cases provided for by law.
Please note that the data contained in the Supplier List will be kept for the entire duration of the contractual relationship and, in any case, until BANCOMAT S.p.A. decides to use the Supplier - taking care to update the related data - or until the Supplier has expressed its desire to no longer be included in the above-mentioned List.
The employees and collaborators of BANCOMAT S.p.A. who are responsible for the conclusion and execution of the contract, as well as the employees and collaborators who are responsible for the fulfillment of legal obligations in accounting and tax matters, may become aware of personal data. In addition, the following categories of subjects may become aware of them, who, as data processors or - where the conditions provided for by current legislation exist - of owners, provide BANCOMAT S.p.A. with instrumental services for carrying out their business: IT service providers; management service providers; administrative service providers; external professionals and consultants; external auditing firms, whose updated names may always be requested from BANCOMAT S.p.A. at contact details indicated below.
Personal data will not be disclosed to third parties and will not be subject to “dissemination”, meaning dissemination or transmission to undetermined subjects, except for the execution of any legal obligations or by possible order of a judicial authority or police force or for the management of any litigation. In such cases, they may be communicated to the following third parties:
In general, the processing of personal data outside the European Economic Area is not envisaged, except to the extent that some of the subjects mentioned above - managers or data controllers (e.g., external auditing firms) - need, for the purpose of carrying out their respective activities, to transfer data to third countries, in compliance with the conditions set out in articles 44 et seq. of the Regulation.
Each interested party retains the right to exercise, in cases permitted by law, at any time, free of charge and without formalities, the rights referred to in articles 15 to 22 of the Regulation, including: the right to request access to personal data (i.e. the right to obtain confirmation of whether or not personal data concerning them is being processed and, in this case, to obtain access to the data itself, obtaining a copy, and to the information referred to in art. 15 of the Regulation); the correction (or the right to obtain the correction of inaccurate data concerning him or the integration of incomplete data) or the cancellation of the same (or the right to obtain the cancellation of data concerning him, if there is one of the reasons indicated by art. 17 of the Regulation); the limitation of the processing that concerns him (i.e. the right to obtain, in the cases indicated by art. 18 of the Regulation, the marking of the data stored with the aim of limiting their processing in the future), as well as the right to data portability (or the right, in the cases indicated by art. 20 of the Regulation) Regulation, to receive, in a structured format, commonly used and readable by an automatic device, the data concerning him, as well as to transmit such data to another data controller, without impediments).
Each interested party also has the right to object, at any time, for reasons related to their particular situation, to the processing of personal data concerning them pursuant to art. 6, paragraph 1, letter f) of the Regulation.
Requests relating to the exercise of the rights described above should be addressed to BANCOMAT S.p.A., with headquarters in Piazzale Luigi Sturzo 15, 54b, 00144, Rome; e-mail: privacy@bancomat.it.
In response to this request, the Data Protection Officer appointed by BANCOMAT S.p.A. pursuant to articles 37 et seq. of the Regulation is appointed by the Data Protection Officer appointed by BANCOMAT S.p.A. in accordance with articles 37 et seq. of the Regulation.
The interested party who believes that the processing of their personal data contemplated by this information occurs in violation of the provisions of the Regulation has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, as required by art. 77 of the Regulation itself, or to take appropriate legal action (art. 79 of the Regulation).
The Owner
BANCOMAT S.p.A.