Privacy notice pursuant to articles 13 and 14 of the European Regulation on Data Protection no. 2016/679
Pursuant to articles 13 and 14 of EU Regulation no. 2016/679 of the EU Parliament and the EU Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General regulation on data protection, hereinafter also referred to as “Regulation” or “GDPR”) and repealing Directive 95/46/EC, we hereby wish to inform you that the personal data voluntarily provided by you to Biomat s.r.l. shall be handled in compliance with the applicable laws and regulations on personal data protection and, in any case, with the principles of confidentiality that characterize our Company’s activity.
Controller and supervisor of personal data handling
The Controller (person responsible) of data handling is Biomat s.r.l. – in the person of its pro tempore legal representative – with registered office in Ala, frazione Santa Margherita (Trento), 38061, via Trento no. 124, Italy.
Source and type of data handled
For the purposes described in the following article (“Purposes of data handling”), the Company may handle Your Personal Data of a “COMMON NATURE”, among which mainly: personally identifiable information or personal details (of the legal representative/main contact in case of a client/supplier of Biomat s.r.l., such as for example name, surname, ID document, place and date of birth, domicile, residence etc.), contact information (e.g., telephone number, e-mail /certified e-mail address), fiscal data (e.g. tax code), bank details, information on job experience including role and duties.
No data falling within the definition of Special Categories of Personal Data shall be handled.
Purposes of data handling
Personal Data will be handled for the following purposes:
a) managing your contractual / pre-contractual relationship with the Company and complying with the connected legal and tax obligations, as well as effectively managing the financial and commercial relationships. Furthermore, Personal Data may be handled to pursue any further legitimate interest of the Data Controller (e.g., to exercise and/or defend a particular right in a court procedure, an administrative procedure or an out-of-court procedure such as arbitration or out-of-court settlement procedures; to guarantee safe access to the Data Controller’s premises, etc.) and to comply with the Data Controller’s legal obligations – particularly obligations relating to civil law and tax and accounting law, as well as complying with orders issued by the financial administration authorities or by any other public authorities or surveillance bodies having the legal right to do so.
Legal basis for using Personal Data
The handling of Personal Data for the purposes described in the above article (“Purposes of data handling”) does not, under applicable laws and regulations, require the consent of the interested party, given that the handling is necessary to perform under the contract (or for pre-contractual steps) between the Company and yourself (or between the Company and the client/supplier of Biomat whom you represent) and allow the parties to the contract to comply with the obligations arising thereunder, as well as allow the Company to comply with legal obligations and/or pursue any of its legitimate interests relating to its business.
Methods of data handling
Personal Data will be handled by means of suitable paper, electronic and/or telematics devices in compliance with the applicable laws and regulations on personal data handling, also taking adequate security measures to guarantee the safety and confidentiality of such data.
Furthermore, Personal Data will be handled by specifically instructed and trained personnel. Messages will be sent and managed through a communication platform and Personal Data will be saved on our servers.
Communication and disclosure of personal data
Personal Data will be communicated only to specific subjects. In particular, Personal Data will be communicated – strictly within the limits of the purposes described in the above article (“Purposes of data handling”) – to:
- specifically authorised subjects within the Company;
- other offices of the Company or companies that are subsidiaries of, or connected with, or in any case belonging to the group of the Company, even abroad and outside the European Union.
- subjects providing services for the management of IT systems and telecommunication networks, including e-mail, newsletters and internet websites, as well as companies, bodies, consortiums or individual professionals providing specific processing services for the Data Controller, or carrying out activities that are needed for, or connected to the Data Controller’s activities; such subjects will act as Data Processors appointed pursuant to art. 28 of the GDPR. An updated list of the Data Processors is available upon request at the offices of the Data Controller.
Data retention period
Personal Data will be stored only for as long as they are needed to achieve the purposes for which they are handled, in full compliance with the principle of retention limitation provided by the Regulation.
Pursuant to the Regulation, you may at any time exercise the following rights in respect of Personal Data:
- Right of access, in the cases specifically provided for by the Regulation;
- Right to obtain rectification of incorrect or incomplete Personal Data;
- Right to obtain cancellation of Personal Data for one of the reasons specifically provided for by the Regulation, such as – for example – when such Data are no longer necessary to the above described purposes, or has been handled in breach of the Regulation;
- Right to obtain restriction of processing of Personal Data in the cases specifically provided for by the Regulation, such as – for example – when the correctness of such Data is in question and must be verified.
- Right of transfer; that is, the to be provided – upon request – with Personal Data in a structured, readable form of common use, or that such Data be transferred to another controller.
- Right to object to the handling of Personal Data, in the cases specifically provided for by the Regulation.
How to exercise your rights
You may exercise the rights described in the above article (“Rights”) by contacting us per e-mail at email@example.com, or by paper letter to Biomat s.r.l., Ala, frazione Santa Margherita (Trento), 38061, via Trento no. 124, Italy.
The term for us to reply is (1) month, which may be extended to (2) months in cases of particular complexity; in such an event, Biomat s.r.l. will in any case provide at least a temporary answer within (1) month. As a general rule, your rights may be exercised free of charge, except in case of manifestly groundless or excessive/repetitive request.
If you are not satisfied with our answer, you can contact the Privacy Authority (Autorità Garante per la Protezione dei dati personali): Piazza Venezia, no. 11 – 00187 Rome, Italy; certified e-mail address: firstname.lastname@example.org.
Transfer of personal data abroad
Personal Data shall be kept at the Company’s registered office and on servers located in the European Union.
Automated data processing
Personal Data will not be handled by means of automated decision processes.
Privacy notice updates
This privacy notice applies as of the date of its publishing and may be updated and/or amended from time to time to meet any additional information requirements on privacy, as well as to remain up to date with any changes in the applicable laws and regulation.