Information to Customers and Suppliers
INFORMATION TO CUSTOMERS AND SUPPLIERS ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF EUROPEAN REGULATION (EU) 2016/679
This information is provided pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the ‘Regulation’ or ‘GDPR’) and describes how the personal data of Customers and Suppliers collected by the company is processed
In accordance with the Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (EU Reg. of the European Parliament and of the Council of 27 April 2016, No. 2016/679/EU – GDPR) we hereby provide information pursuant to Articles 13 and 14 of the aforementioned Regulation.
- Data controller
The data controller is B&BDental S.r.l. with registered office in Via San Benedetto, 1837 40018 – San Pietro in Casale (BO) and operational headquarters in Via Due Ponti, 17/19 – 40050 – Argelato (BO), in the person of the legal representative pro tempore, who can be contacted at the email amministrazione@bebdental.it
- Data Protection Officer (DPO)
The Data Protection Officer (DPO) is Ing. Massimo Di Menna.
For all needs regarding the protection of personal data, including the exercise of the rights recognised to the interested party by current legislation, please refer to the following contacts at the Data Protection Officer: massimo.dimenna@gruppoingegneria.it
3. Data processed: personal data, identification data of the natural persons who collaborate and interact with the Data Controller by virtue of the contractual relationship in place with the same, contact data such as telephone number, personal or general department e-mail, addresses, accounting, financial, administrative, banking data, as well as any information provided by you that is necessary for the performance of the contract.
4. Purpose of processing and legal basis
The personal data provided by you will be processed for purposes connected with the execution of the contract, including any pre-contractual phase and, specifically, for the compilation of master lists, bookkeeping, invoicing, the execution of communications by both paper and electronic means, tax fulfilment, organisational management of the services requested and the stipulation of contracts, setting appointments, processing of orders, deliveries, and bureaucratic fulfilments relating to the services requested in the supply relationship. The Data provided by you are processed for the following purposes
a) for the fulfilment of contractual obligations arising from the contract signed with you and for the protection of the contractual rights of the Data Controller. The legal basis of the processing is the contractual relationship as provided for in Art. 6 letter b) European Reg;
b) the fulfilment of the legal obligations foreseen by the fiscal and tax regulations. The legal basis of the processing is the contractual relationship as provided for by art. 6 lett. c) European Reg;
c) to exercise the Controller’s rights, such as the right to defence in court (Art. 6 lett. f) Reg. 2016/679);
d) to follow up specific requests made to the Data Controller for communications of an informative nature relating to the Services of the same Data Controller, by email or other communication tools such as telephone (art. 6 lett. b) Reg. 2016/679).
The provision of data is compulsory; refusal to provide the data or complete opposition to their processing for the aforementioned purposes may in any case make it impossible to conclude the contractual relationship with you.
5. Data recipients
Your data may also be communicated to third parties, for technical and operational requirements strictly related to the purposes set out above, and in particular to the following categories of subjects
a) entities, professionals, companies or other structures entrusted by us with the processing related to the fulfilment of administrative, accounting and management obligations linked to the ordinary course of our business, also for credit recovery purposes
b) to public authorities and administrations for purposes connected with the fulfilment of legal obligations or to subjects legitimated to access the data by virtue of provisions of law, regulations, community rules;
c) banks, financial institutions or other entities to which the transfer of the aforesaid data is necessary for the performance of our company’s activities in relation to the fulfilment by us of our contractual obligations towards you.
d) suppliers of services of installation, assistance and maintenance of computer and telematic systems and equipment and of all services functionally connected and necessary for the fulfilment of the services covered by the Contract. The list of data processors is available upon request;
e) Associated companies.
6. Data retention periods
We will keep your data in a form that allows it to be identified for a period of time that does not exceed the fulfilment of the purposes for which the data was collected; it will therefore be kept until the existence of the existing contractual relationship and no longer than 10 years from the termination of the contract (Art. 2946 of the Italian Civil Code on the subject of prescription). Data that are strictly necessary for tax and accounting purposes, once the purpose for which they were collected no longer exists, will be kept for a period of 10 years as stipulated in Article 2220 of the Italian Civil Code.
7. Transfer of data
The Data Controller does not transfer personal data to third countries or international organisations.
8. Rights of the data subject
Data subjects – the identified or identifiable natural persons to whom the data refer – may exercise specific data protection rights, which are listed below:
a) right of access: the right to obtain from the Controller confirmation as to whether or not personal data is being processed and, if so, to obtain access to personal data and detailed information regarding the origin, purposes, categories of data processed, recipients of communication and/or transfer of data, and so on
b) right of rectification: the right to obtain from the Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, also by providing a supplementary declaration
c) right to erasure (‘oblivion’): the right to obtain from the Controller the deletion of personal data without undue delay in the event that: i. the data are no longer necessary in relation to the purposes of the processing; ii. the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; iii. the personal data have been processed unlawfully; iv. the personal data must be erased in order to comply with a legal obligation
d) right to object to the processing: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Controller;
e) right to restriction: the right to obtain from the Controller the restriction of the processing, where the accuracy of personal data is contested (for the period necessary for the Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has objected to the processing
f) right to data portability: right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another Data Controller, if technically feasible, only for cases where the processing is based on consent or contract and only for data processed by electronic means
(g) the right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing operations concerning him or her are in breach of the Regulation has the right to lodge a complaint with the supervisory authority of the Member State where he or she resides or habitually works, or of the State where the alleged breach has occurred.
The rights may be exercised by contacting the Controller at the following addresses
– Data Controller: amministrazione@bebdental.it
– DPO: massimo.dimenna@gruppoingegneria.it
Information updated to 18/09/2024