Privacy notice on data processing of the suppliers pursuant to Article 13 of EU Regulation 2016/679

The purpose of this privacy notice, pursuant to Article 13 of EU Regulation 2016/679 (hereinafter “Regulation”), is to inform the data subjects whose personal data (e.g. name, surname, e-mail address) may be processed during the execution of the contract stipulated between your company (or the company you represent) and Diennea S.r.l. (“Diennea”), with registered office in Faenza (48018 – RA), Viale  G. Marconi, n. 30/14, VAT no. 02243600398. The Data Controller is Diennea as defined above.

The Data Controller’s organization has a designated Data Protection Officer (“DPO”). The DPO can be reached at dpo@diennea.com for any information regarding the processing of your Personal Data, including the complete list of data processors.

 

The Personal Data that Diennea collects may be processed for the following purposes:

  1. performance of the contract between your company (or the company you represent) and Diennea (“Performance of the contract”);
  2. to fulfil any legal, regulatory or other EU obligations and meet any requests received from the authorities (“Compliance”);
  3. to o carry out statistical analysis without the possibility to identify the user (“Statistics”).

 

The legal bases for your Personal Data processing are as follows:

  • for the purpose of Performance of the contract, Article 6(1)(b) of the Regulation which reads, “…the processing is necessary for the performance of a contract … or in order to take steps at the request of the data subject prior to entering into a contract”. The communication of your personal data for this purpose is optional but by default it will not be possible for the Data Controller to execute the contract or to provide the services covered by it without this data;
  • for the purpose of Compliance, Article 6(1)(c) of the Regulation which reads, “… processing is necessary for compliance with a legal obligation to which the controller is subject”;
  • please, note that the processing of your Personal Data for Statistics purpose is not carried out on personal data and can therefore be freely carried out by Diennea.

For the purposes mentioned above, your Personal Data may be shared with:

  1. persons who typically act as data processors, i.e., persons, companies or professional firms that provide Diennea with consultancy and assistance in accounting, administrative, legal, tax, financial and debt collection matters;
  2. individuals, entities or authorities to whom it is mandatory to communicate your Personal Data due to legal provisions or orders of the authorities;
  3. persons authorised by Diennea to process your Personal Data in order to carry out activities strictly related to the performance of the contract. Persons who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees and/or collaborators of Diennea).

Your Personal Data will be processed both automatically and manually. Your Personal Data will not be disclosed.

 

The Data Controller does not intend to transfer your Personal Data outside the European Economic Area.

 

The Personal Data processed for the purpose of Performance of the contract will be kept for the time necessary to achieve the same purpose. In any case, the further conservation is envisaged by the applicable legislation, including that provided for by Article 2946 and subsequent of the Italian Civil Code. The Personal Data processed for the purpose of Compliance will be kept until the time required by the specific legal obligation or applicable law.

 

Further information on the data retention period and the criteria adopted in determining this period may be requested in writing from the DPO of Diennea at the following address: dpo@diennea.com. Diennea has, in any case, the possibility of retaining your Personal Data for the period allowed by Italian law to protect its interests (art. 2947 (1) (3) of the Italian Civil Code).

 

Under Article 15 et seq. of the Regulation, you, as a data subject, are entitled to request at any time, from Diennea, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing, pursuant to Article 21 of the Regulation. You are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the Regulation, as well as to obtain the Personal Data you have provided to Diennea in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.

 

Requests should be made in writing to: privacy@diennea.com.

 

In any case, please note that, as a data subject, you are entitled to file a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the Regulation, if you believe that the processing of your personal data is contrary to the law in force.