More

Contact

  • ITALY Via Artigiani, 37
    23874 Montevecchia (LC)
  • CONTACT tel. +39 039 578 051
    mail@amarc.com

Privacy policy – to suppliers

WHO IS THE DATA CONTROLLER? HOW TO CONTACT HIM?

The Data Controller is Amarc S.r.l., with registered office in Montevecchia (LC), via Artigiani n. 37, in the person of its pro‐tempore Legal Representative, whom you can contact for any information by telephone 039 578051, e‐mail privacy@amarc.com.

 

MAIN DEFINITIONS

Please note that Article 4 of the GDPR provides for the following definitions:

Personal data: any information relating to an identified or identifiable natural person (‘data subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological identity of that natural person, genetic, mental, economic, cultural or social.

Data relating to criminal convictions and offences or related security measures (see Article 10 of the GDPR): personal data suitable for disclosing the measures referred to in Article 3, paragraph 1, letters from a) to o) and from r) to u) of Presidential Decree no. 313 of 14 November 2002, on criminal records, the registry of administrative sanctions dependent on crime and the related pending charges, or the status of accused or suspect within the meaning of Articles 60 and 61 of the Code of Criminal Procedure.

 

PURPOSE OF THE PROCESSING, LEGAL BASIS, RETENTION PERIOD, NATURE OF THE PROVISION

 

PURPOSE OF THE PROCESSING

A) Fulfilment of contractual obligations and administrative‐ accounting and legal purposes related to the establishment, execution and termination of the contractual relationship.
B) Preventing and conducting litigation and other legal matters and for the defense in the event of a lawsuit.
C) Management of requests regarding the protection of personal data and requests from other data subjects, pursuant to Articles 15 et seq. of the GDPR (rights of the data subject).
D) Management control aimed at guiding management towards the achievement of the objectives established during operational planning, detecting, through the measurement of specific indicators, the deviation between planned objectives and results achieved and informing the responsible bodies of these deviations, so that they can decide and implement the appropriate corrective actions.
E) Evaluation of the supplier through, personal data, company presentations or C.V., job profiles, certifications, any references

EGAL BASIS

A) The data processing is necessary for the performance of a contract (C44). Art. 6 (1) (b) GDPR.
B) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (C47‐ C50). Art. 6 (1) (f) GDPR.
C)  The processing is necessary for compliance with a legal obligation to which the controller is subject (C45). Art. 6 (1) (c) GDPR.
D) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (C47‐ C50). Art. 6 (1) (f) GDPR.
E) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data are overridden by the reasonable expectations of the data subject (Art. 6 (1) (f) and recital 47 of the GDPR).

DATA RETENTION PERIOD

A) 10 years. Article 2220 of the Italian Civil Code, except for contractual and non‐ contractual issues that may arise and unless otherwise required by law.
B) 10 years, unless objectiond and without prejudice to the time necessary for the defence in court.
C) 5 years from the closing of the request, except for litigation.
D) Maximum 10 years, unless objectiond.
E) Maximum 3 years, unless objectiond.

NATURE OF THE PROVISION

A) The provision of personal data is necessary for contractual purposes. Failure to provide the necessary personal data will make it impossible to establish a contractual relationship with the data subjects.
B) The provision of data is necessary. Failure to provide data will prevent the achievement of the legitimate interest of the Data Controller indicated in the purposes of this point. The refusal must be balanced with the legitimate interest of the Data Controller indicated in the purposes of this point.
C) The provision of personal data is mandatory, as it is essential to be able to comply with legal obligations.
D) The provision of data is necessary to allow the Data Controller to carry out management control. Failure to provide data will prevent the achievement of the legitimate interest of the Data Controller indicated in the purposes of this point. The refusal must be balanced with the legitimate interest of the Data Controller indicated in the purposes of this point.
E) The provision of data is necessary. Failure to provide data will prevent the achievement of the legitimate interest of the Data Controller indicated in the purposes of this point. The refusal must be balanced with the legitimate interest of the Data Controller indicated in the purposes of this point.

 

TO WHOM WILL THE PERSONAL DATA BE COMMUNICATED? DATA RECIPIENTS

The data will not be disseminated. Personal data will be communicated to subjects who will process the data as independent Data Controllers, or Data Processors (Article 28 of the GDPR) and processed by natural persons (Article 29 of the GDPR) who act under the authority of the Data Controller and the Data Processors on the basis of specific instructions provided regarding the purposes and methods of the processing. The data will be communicated to recipients belonging to the following categories:

  • subjects, based in Italy, who manage/support/assist, even if only occasionally, the Data Controller in the administration of the Information System and telecommunications networks (including e‐mail, websites and/or web platforms);
  • entities, based in Italy, provided for by current accounting and tax legislation as recipients of mandatory communications;
  • banking institutions and equivalents, based in Italy;
  • subjects, based in Italy, with whom the Data Controller has entered into economic agreements;
  • firms or companies, based in Italy, in the context of tax assistance and consultancy and administrative/accounting management;
  • certification bodies and companies, based in Italy;
  • any customers, based in Italy, in EEA or non‐EEA countries;
  • Competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.

The list of Data Processors under Article 28 is available by writing to privacy@amarc.com or to the other addresses indicated above.

 

IS THERE A DATA TRANSFER TO A COUNTRY OUTSIDE THE EEA?

Personal data will not be transferred to non‐EEA countries. It should be noted, in particular, that the data will be stored in Italy and that the recipients of the data are based in Italy.

 

IS THERE AN AUTOMATED PROCESS?

Personal data will be subject to traditional, electronic and automated manual processing. It should be noted that fully automated decision‐making processes are not carried out.

 

RIGHTS OF THE DATA SUBJECTS

The interested parties will be able to assert their rights as expressed by art. 15 et seq. GDPR, by contacting the Data Controller at the e‐mail address: privacy@amarc.com, or by writing to the contacts indicated above. The Data Controller guarantees data subjects the possibility of requesting, at any time, access to their personal data (art.15), rectification (art.16), cancellation of the same (art.17), limitation of processing (art.18). The Data Controller communicates (art.19) to each of the recipients to whom the personal data have been transmitted, any rectifications or cancellations or limitations of processing carried out.

The Data Controller shall notify the data subjects who request such recipients. In the cases provided for by the GDPR (art.20), the controller guarantees the right to portability and, in the event of requests pursuant to art.20, the data controller will provide the data subjects with the data subjects in a structured, commonly used and machine‐readable format. In the cases provided for by the GDPR (art.21), data subjects have the right to object, at any time, to the processing of data based on legitimate interest, by writing to the contacts indicated above with the subject “objection”.

In the event that data subjects believe that the processing of personal data carried out by the Data Controller is in violation of the provisions of Regulation (EU) 2016/679, they are free to lodge a complaint with the Supervisory Authority, in particular in the Member State in which they habitually reside or work, or in the place where the alleged violation of the regulation occurred (Garante Privacy https://www.garanteprivacy.it/) or to bring the matter before the courts.

 

POLICY CHANGES

The owner may change, modify, add or remove any part of this Privacy Policy. In order to facilitate the verification of any changes, the information will contain an indication of the date on which the information was updated.