Privacy Notice Web Site
PRIVACY NOTICE FOR CUSTOMERS, SUPPLIERS AND CONSULTANTS ON DATA PROCESSING BY LABORATORI DERIVATI ORGANICI S.p.A.
PURSUANT TO EU REGULATION EU 2016/679 (GDPR)
The GDPR recognise that the protection of natural persons in relation to the processing of personal data is a fundamental right.
LDO S.p.A. acknowledges that the contractual relationship with its business partners (e.g. suppliers, customers, consultants, resellers) implies processing of personal data of their directors, employees and collaborators (hereinafter “personnel”). At such regard, the Controller and shall collect and process their personal data in compliance with the obligations of correctness, lawfulness, transparency and protection of confidentiality and integrity in accordance with the principles and requirements of the legislation on the protection of personal data and as provided for in this notice.
Data Controller is the company LABORATORI DERIVATI ORGANICI S.p.A. hereinafter also LDO S.p.A. or The Controller), Cod. Fisc./P. IVA 00818110157, with legal seat in Via Michele Barozzi, 4, 20122 Milano (MI) Italia 20144, e-mail: firstname.lastname@example.org – Tel +39 02 76.00.50.21 Fax +39 02 78.49.81.
Categories of data and necessity of processing:
Personal Data are processed for the purposes indicated in paragraph 3 and in particular for the management of the business relationship with the Business Partner.
The Controller processes the following data categories:
Contacts data: such as name, e-mail, company or organization of reference, telephone, mobile phone, e-mail address and postal address,
Functions: skills, job role, and circumstances related to the relationship with the Business Partner,
Correspondence: any information contained in messages exchanged for the a.m. purposes;
Performance events: visit on site, quantity and quality of work performed, complaints.
Data are usually provided directly by the data subject or by the Business Partner that can be a company, an individual firm or a natural person. Data can also be collected by a different source, including other business partners and public registers.
The provision of personal data is optional insofar as it is possible to manage the relationship with the Business Partner and comply with the provisions of the law without processing personal data.
Purposes of processing
A) Pre-contractual needs (e.g. preparation of our offers or orders, solvency checks, negotiations);
B) Fulfilment of contractual obligations (supply or purchase of goods and/or services, including the management of delivery obligations and of the logistics and transport functional to it, contacts with subjects in charge of providing a service);
C) Fulfilment of legal obligations (e.g. book-keeping, tax formalities, administrative and accounting management, safety at work);
D) Management of all aspects of the relationships with Business Partners, including management of credit facilities and risk control (fraud, insolvency, etc.), legal claims, litigation, financial services management, insurance, production management, telephone directory management, statistical processing;
E) sending commercial and promotional communications to the Business Partners, including direct offers of goods and services, via email, fax, text messages, phone calls, social networks, market research.
Legal basis for processing
The legal basis for processing personal data consists of:
• execution of pre-contractual measures at the request of the interested party;
• contractual relationship between the Data Controller and the Business Partner;
• fulfilment of legal obligations to which the Data Controller is subject, such as invoicing, accounting, financial statements;
• legitimate interests of the Controller, such as the safeguarding of its rights and company assets, company security and improvement of the organization and its IT system, improvement of service quality, transmission of offers, improvement of know-how, training of staff, sending newsletters, invitations to seminars and events, exhibitions and fairs, legal claims, provided that the interests and rights of the interested party do not prevail according to a balancing assessment performed before each processing and without prejudice to the right of opposition of the data subject for certain processing based on the legitimate interest of the Controller.
Communication of personal data to third parties
The above described personal data shall be shared by the Controller with the data subject’s employer, business partners, consultants, insurance companies (injury or damage), tax authorities (book-keeping inspection).
Any transfer of personal data to third countries, if necessary for the performance of the contract between the Parties, shall be subject to the appropriate safeguards provided by the law.
The data controller is not allowed disclose to third parties the personal data for purposes which are different from those above described.
Duration of processing
Personal data are processed for all the duration of the contractual relationship and for ten years after its termination (time limitation for any claim arising out of the contract) or even for a longer period, if this is required by the circumstances (e.g. in the event of a dispute).
For the purpose of compliance with legal obligations the period is provided by the applicable law (e.g. ten years for documentation of commercial transactions Art. 2014 and 2220 civil code).
Means of processing
Processing can be performed with or without the aid of electronic or automated tools, safeguarding data protection against intrusion, unauthorized access, alteration and loss of data. The data processing is carried out by the Data Controller also through data processors and / or external data processors and their representatives, in compliance with current legislation.
The data are stored in systems, IT supports and servers located in Italy. Data on physical support, if collected, are kept in locked archives only accessible to authorized personnel.
The Data Controller has taken the necessary technical and organizational data protection measures to guarantee the confidentiality, integrity and availability of personal data and in particular to prevent unauthorized access, alteration, diffusion, loss or destruction.
Data subject’s rights
Data subject has the right to obtain free information on processing of its personal data, including the origin of personal data, the purposes and methods of processing, the logic applied in case of processing carried out with the aid of electronic tools, the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as authorized representatives, processors or third parties with whom the Data Controller has contractual relations.
The interested party also has the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the cancellation, rendering anonymous or blocking of data processed in violation of the law and those that do not need to be kept for the purposes for which the data were collected and subsequently processed;
The interested party has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;
b) to the processing of data concerning him for the purpose of invitations to events, sending newsletters and not strictly related to the fulfillment of the contract concerning him.
At the request of the interested party, the Data Controller will limit the processing or allow the portability of personal data provided by the data subject.
Requests for deletion of data will be considered within the limits of the permitted, taking into account the legal and contractual obligations related to data retention.
The subject may at any time exercise their rights by sending an email to email@example.com or a registered letter, or a PEC to the owner firstname.lastname@example.org.
In any case, any request received by the Data Controller will be taken into consideration upon verification of the identity of the entitled person.
For any complaints, the interested party may write to the Data Controller by direct addressing the request by mail to email@example.com or registered mail or PEC to the Owner firstname.lastname@example.org .; without prejudice to their right to contact the Authority responsible for the protection of personal data www.garanteprivacy.it or the authority of the different European country in which they live or work.
For any further information and clarification, the business partner can send an e-mail to: email@example.com
Milan, 20 May 2019
Laboratori Derivati Organici S.p.A.