Supplier Privacy Policy

Dear Supplier, we would like to inform you that the “European Regulation 2016/679 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data” (hereinafter “GDPR”) provides for the protection of individuals and other subjects with respect to the processing of personal data. Siamatica Srl, pursuant to Article 13 of the GDPR, therefore provides you with the following information:

A. CATEGORIES OF DATA: the subject of the processing may be your personal data such as identification data, personal data, contact data, administrative and accounting data necessary for payments relating to your services.

B. DATA CONTROLLER: The Data Controller is Siamatica Srl, Via Treviso, 55 – 31057 – Silea (TV), Italy, VAT number IT04839900265, can be contacted at the email: info@siamatica.com.

C. SOURCE OF PERSONAL DATA: the personal data in the possession of the Data Controller are collected directly from the data subject and, only possibly, may come from public registers.

D. PURPOSES OF DATA PROCESSING AND LEGAL BASIS: personal data are processed by the Data Controller for the following purposes:

• Purposes related to legal obligations: such as accounting, remuneration, social security, welfare, insurance, tax, anti-money laundering, anti-mafia or obligations provided for by law, regulations and EU legislation, …
• Purposes related to the management of pre-contractual measures and for the fulfilment of the contract: to fulfil contractual obligations between the parties; to exercise or defend legal claims; for all purposes related to the management of relationships deriving from the role you hold, management of relationships with customers and suppliers and possibly for the assessment and maintenance of professional skills through curriculum vitae (Order of 5 June 2019 no. 146 Provisions relating to the processing of special categories of data, pursuant to Article 21, paragraph 1 of Legislative Decree 10 August 2018, No. 101).
• Purposes related to the existence of a legitimate interest on the part of the Data Controller: processing of employees’ or similar data of suppliers for the management of the relationships between the parties (controller-supplier).

E. DATA RECIPIENTS: within the limits pertaining to the purposes, your data may be communicated, if necessary, to other subjects connected to the processing activities, internal and external to the Data Controller, such as employees and similar, public and private bodies, collaborators, freelancers, insurance companies, insurance intermediaries, law firms, technical partners, banking institutions, transport companies. Your data will not be disseminated in any way.

F. TRANSFER OF DATA TO THIRD COUNTRIES: the data collected is not transferred to third countries outside the European Economic Area.

G. RETENTION PERIOD: the data collected will be stored for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of storage limitation”, art.5, GDPR) or according to the deadlines provided for by law. The obsolescence of the data stored in relation to the purposes for which they were collected is checked periodically.

H. RIGHTS OF THE DATA SUBJECT: the data subject always has the right to request from the Data Controller access to his/her data, the correction or deletion of the same, the limitation of processing or the possibility to object to the processing, to request data portability, to revoke consent to the processing by asserting these and the other rights provided for by the GDPR by simple communication to the Data Controller. You may also lodge a complaint with a supervisory authority.

I. OBLIGATORY OR NON-OBLIGATORY PROVISION OF DATA: the provision of your data is strictly necessary for the performance of the aforementioned activities by the organization for the purpose of establishing/executing and correctly managing the relationship and is also mandatory for the fulfillment of legal obligations. Therefore, failure to provide the data will make it impossible for the organization to carry out the aforementioned activities / to establish and execute the relationship.

J. METHODS OF DATA PROCESSING: the personal data you provide will be processed in compliance with the above-mentioned legislation and the confidentiality obligations that inspire the Data Controller’s activities. The data will be processed both with IT tools and on paper supports and on any other type of suitable support (e.g. cloud systems, archiving systems and digital substitute storage, …), in compliance with adequate technical and organizational security measures provided for by the GDPR.