Privacy notice on data processing of the suppliers pursuant to Article 13 of EU Regulation 2016/679

Version 1.1 – 01/10/2024

The purpose of this privacy notice, pursuant to Article 13 of EU Regulation 2016/679 (hereinafter “Regulation”), is to inform the data subjects whose personal data (e.g. name, surname, e-mail address) may be processed during the execution of the contract stipulated between your company (or the company you represent) and Diennea S.r.l. (“Diennea”), with registered office in Faenza (48018 – RA), Viale  G. Marconi, n. 30/14, VAT no. 02243600398. The Data Controller is Diennea as defined above.

The Data Controller’s organization has a designated Data Protection Officer (“DPO”). The DPO can be reached at dpo@diennea.com for any information regarding the processing of your Personal Data, including the complete list of data processors.

The Personal Data that Diennea collects may be processed for the following purposes:

  1. performance of the contract between your company (or the company you represent) and Diennea (“Performance of the contract”);
  2. to fulfil any legal, regulatory or other EU obligations and meet any requests received from the authorities (“Compliance”);
  3. to carry out statistical analysis without the possibility to identify the user (“Statistics”);
  4. for checks, audits, and sending surveys in order to achieve our internal objectives, such as to assess your Company’s reliability, competence and attributes, as well as to improve our ESG rating (“Checks and Audits”).

The legal bases for your Personal Data processing are as follows:

  • for the purpose of Performance of the contract, Article 6(1)(b) of the Regulation which reads, “…the processing is necessary for the performance of a contract … or in order to take steps at the request of the data subject prior to entering into a contract”. The communication of your personal data for this purpose is optional but by default it will not be possible for the Data Controller to execute the contract or to provide the services covered by it without this data;
  • for the purpose of Compliance, Article 6(1)(c) of the Regulation which reads, “… processing is necessary for compliance with a legal obligation to which the controller is subject”;
  • please, note that the processing of your Personal Data for Statistics purpose is not carried out on personal data and can therefore be freely carried out by Diennea;
  • for the purpose of Checks and Audits the processing of your Personal Data is based on our legitimate interest (Article 6(1)(f) of the GDPR).

For the purposes mentioned above, your Personal Data may be shared with:

  1. persons who typically act as data processors, i.e., persons, companies or professional firms that provide Diennea with consultancy and assistance in accounting, administrative, legal, tax, financial and debt collection matters;
  2. individuals, entities or authorities to whom it is mandatory to communicate your Personal Data due to legal provisions or orders of the authorities;
  3. persons authorised by Diennea to process your Personal Data in order to carry out activities strictly related to the performance of the contract. Persons who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees and/or collaborators of Diennea).

Your Personal Data will be processed both automatically and manually. Your Personal Data will not be disclosed.

Your Personal Data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that your Personal Data are processed by these recipients in accordance with the applicable rules on data protection. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. Further information is available from Diennea by writing to the following email address: privacy@diennea.com. 

The Personal Data processed for the purpose of Performance of the contract will be kept for the time necessary to achieve the same purpose. In any case, the further conservation is envisaged by the applicable legislation, including that provided for by Article 2946 and subsequent of the Italian Civil Code. The Personal Data processed for the purpose of Compliance will be kept until the time required by the specific legal obligation or applicable law. The Personal Data processed for the purpose of Checks and Audits will be retained as long as it is necessary for such evaluation and internal audits; specifically, your contact data will be retained for the duration of the contract with your Company in order to enable us to contact you to carry out the appropriate audits.

Further information on the data retention period and the criteria adopted in determining this period may be requested in writing from the DPO of Diennea at the following address: dpo@diennea.com. Diennea has, in any case, the possibility of retaining your Personal Data for the period allowed by Italian law to protect its interests (art. 2947 (1) (3) of the Italian Civil Code).

Under Article 15 et seq. of the Regulation, you, as a data subject, are entitled to request at any time, from Diennea, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing, pursuant to Article 21 of the Regulation. You are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the Regulation, as well as to obtain the Personal Data you have provided to Diennea in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.

Requests should be made in writing to: privacy@diennea.com.

In any case, please note that, as a data subject, you are entitled to file a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the Regulation, if you believe that the processing of your personal data is contrary to the law in force.