INFORMATION ON THE PROCESSING OF PERSONAL DATA made pursuant to and for the purposes of articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR)

Customer Information

Dear customer,

We invite you to carefully read the information contained in this document, made in compliance with the provisions of the Regulation (EU) of the European Parliament and of the Council of 27 April 2016, no. 679 concerning the protection of individuals with regard to the processing of personal data. , as well as the free circulation of such data (hereinafter the “Regulation”).

 

Principles applicable to the processing of personal data

Pursuant to and for the purposes of Article 5 of the Regulation, the personal data provided by the interested party are: 

  1. a) processed lawfully, fairly and transparently;
  2. b) collected for specific, explicit and legitimate purposes;
  3. c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. d) accurate and, if necessary, updated;
  5. e)kept in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed;
  6. f) processed in a manner that guarantees adequate security. 

 

Holder of the treatment

The data controller is PASTIFICIO DI BARI TARALL’ORO SRL , with registered office in Sammichele di Bari (BA), PIP SS area 100 Km 33 Lot no. 13/15 – cap 70010 (e-mail address: taralloro@taralloro.it , certified e-mail address: pastificiotaralloro@pec.it , Tel: +39 080
8916362) .

 

Responsible
for the protection of personal data

The designated Personal Data Protection Officer can be contacted at the following e-mail addresses: dpo@taralloro.it , pec: valeria.dibari@pec.it .

 

Type of personal data processed

The personal data provided by the interested party are:

Identification  (name and surname, place and date of birth, municipality and place of residence, tax code);

Contact ( landline  and / or mobile phone number, e-mail address, pec address);

Bank  accounts (by way of example but not limited to, current account number, IBAN coordinates).

 

Purpose of the processing – Legal basis

The personal data provided by the interested party are processed:

 

Without consent for the following purposes:

 

Ø Manage pre-contractual measures, conclude contracts
relating to the Controller’s products, fulfill contractual obligations.

Legal basis:  The processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (Article 6, paragraph 1, letter b) of the Regulation).

 

Ø      To fulfill the legal, regulatory and tax obligations
deriving from the contract.

Legal basis: The processing is necessary to fulfill a legal obligation to which the data controller is subject (Article 6, paragraph 1, letter c) of the Regulation).

 

Ø      To protect and / or defend the rights of the owner arising from the contract.

Legal basis: The processing is necessary for the pursuit of the legitimate interest of the Data Controller for the protection and / or defense of their rights (Article 6, paragraph 1, letter f) of the Regulation).

 

Only with specific consent for the following purpose:

 

Ø      To send by e-mail commercial and / or promotional communications relating to the products of the Data Controller.

Legal basis: The interested party has given consent to the processing of their personal data for one or more specific purposes (Article 6, paragraph 1, letter a) of the Regulation).

 

Retention period

The personal data provided by the interested party are stored by the Data Controller in a form that allows identification of the same for a period of time not exceeding the achievement of the purposes for which they are processed. In particular, the personal data processed for the purposes for which the acquisition of consent is not required, are kept for the period of time required by law for tax purposes (maximum 10 years); the personal data processed by virtue of the consent expressed by the interested party are kept for a period of 36 months from the collection of the consent, without prejudice to the right of revocation. Once these terms have elapsed, the data are deleted or made anonymous, unless it is necessary to keep them for other and different purposes provided for by express provision of the law.

 

Location and methods of treatment

The processing of the personal data provided takes place at the registered office of the Data Controller, on paper, computer and telematic support and is also carried out by persons authorized to process, constantly trained on the Community and national legislation in force on the protection and protection of personal data (art .29 GDPR). Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

 

Nature of the provision and refusal

With regard to personal data relating to the execution of the contract between the Parties or relating to the fulfillment of a regulatory obligation (by way of example but not limited to, keeping of accounting and tax records), the failure to communicate personal data prevents the completion of the contractual relationship. Instead, the provision of data subject  to specific consent (sending commercial and / or promotional communications) is optional. By denying consent, the performance of the contractual relationship remains unaffected.

Data recipients

The personal data provided may be processed, on behalf of the Data Controller, for exclusive functional and organizational reasons, by the following subjects designated as Data Processors pursuant to Article 28 of the GDPR:


Accountant for the performance of the assignment given for accounting and tax consultancy;


IT consultants (or consultancy companies) for the provision of services relating to software and hardware assistance and maintenance;


E-mail and pec provider;


Consultants and freelancers in single or associated form for the fulfillment of the consultancy assignment conferred.

Furthermore, access to such data may be allowed by subjects who process the data in execution of specific legal obligations, judicial or administrative authorities, control and inspection authorities.

Finally, the interested party can ask the Data Controller for a list of constantly updated data processors.

 

 

Rights of interested parties – complaint to the supervisory authority

The interested party has the right to ask the   Data Controller:

  1. access to personal data provided and information relating to the same (Article 15 of the Regulations);
  2. the correction of inaccurate data or the integration of incomplete ones (Article 16 of the Regulations);
  3. the cancellation of personal data concerning him (upon the occurrence of one of the conditions indicated in art. 17, paragraph 1, EU Regulation 2016/679 and in compliance with the exceptions provided for in paragraph 3 of the same article);
  4. the limitation of the processing of the personal data provided (in the event of one of the hypotheses indicated in Article 18, paragraph 1, of the Regulations);
  5. the personal data provided in a structured and readable format by an automatic device, also for the purpose of communicating such data to another Data Controller (so-called right to the portability of personal data pursuant to Article 20 of the Regulation). 

The interested party has the right to object to the processing of personal data provided in the occurrence of particular situations that concern him (Article 21 of the Regulation).

Furthermore, the interested party can revoke, at any time, any consent given for specific purposes.

The interested party can exercise these rights by submitting a specific request to the Data Controller by e-mail to the address: taralloro@taralloro.it , pec at the address: pastificiotaralloro@pec.it , or by registered letter with return receipt to be delivered to: Pastificio Di Bari Tarall’oro srl, PIP area SS 100 Km 33 Lot no. 13/15 – 70010 Sammichele di Bari (BA). Furthermore, the interested party can exercise these rights by submitting a request to the Data Protection Officer by sending a specific request to the e-mail addresses: dpo@taralloro.it , pec: valeria.dibari@pec.it .

. If the interested party considers that the processing of your personal data is in violation of the provisions of EU Regulation 2016/679 and the national legislation in force on the matter of protection and protection of personal data, he can lodge a complaint with the Supervisory Authority (Guarantor Authority for the protection of personal data – www.garanteprivacy.it
 ​​Article 77 GDPR), or to take appropriate judicial offices (Article 79 GDPR).

 

Automated decision-making processes

The Data Controller does not make use of
automated decision-making processes, including profiling.

 

Transfer to a Third Country

The personal data provided by the interested party
are not transferred to third countries.

                        

Suppliers Information

Gentle supplier,

We invite you to carefully read the information contained in this document, made in compliance with the provisions of the Regulation (EU) of the European Parliament and of the Council of 27 April 2016, no. 679 concerning the protection of individuals with regard to the processing of personal data. , as well as the free circulation of such data (hereinafter the “Regulation”).

 

Principles applicable to the processing of personal data

Pursuant to and for the purposes of Article 5 of the Regulation, the personal data provided by the interested party are:

a)  processed lawfully, fairly and transparently;

b)  collected for specific, explicit and legitimate purposes;

c)  adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d)  accurate and, if necessary, updated;

e)  kept in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed;

f)    processed in a manner that guarantees adequate security. 

 

Holder of the treatment

The data controller is PASTIFICIO DI BARI TARALL’ORO SRL , with registered office in Sammichele di Bari (BA), PIP SS area 100 Km 33 Lot n.ri 13/15 – zip code 70010 (e-mail address: taralloro@taralloro.it , certified e-mail address: pastificiotaralloro@pec.it , Tel: +39 080 8916362) .

 

Responsible for the protection of personal data

The designated Personal Data Protection Officer can be contacted at the following e-mail addresses: dpo@taralloro.it , pec: valeria.dibari@pec.it .

 

Type of personal data processed

The personal data provided by the interested party are:

Identification                      (name and surname, place and date of birth, municipality and place of residence, tax code);

Contact ( landline                      and / or mobile phone number, e-mail address, pec address);

Bank                      accounts (by way of example but not limited to, current account number, IBAN coordinates).

 

Purpose of the processing – Legal basis

The personal data provided by the interested party are processed:

 

Without consent for the following purposes:

 

Ø      Manage pre-contractual measures, conclude contracts concerning the supply and / or purchase of goods and services functional to business activity, fulfill contractual obligations.

Legal basis: The processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (Article 6, paragraph 1, letter b) of the Regulation).

 

Ø      To fulfill the legal, regulatory and tax obligations deriving from the contract.

Legal basis: The processing is necessary to fulfill a legal obligation to which the data controller is subject (Article 6, paragraph 1, letter c) of the Regulation).

 

Ø      To protect and / or defend the rights of the owner arising from the contract.

Legal basis: The processing is necessary for the pursuit of the legitimate interest of the Data Controller for the protection and / or defense of their rights (Article 6, paragraph 1, letter f) of the Regulation).

 

Retention period

The personal data provided by the interested party are stored by the Data Controller in a form that allows identification of the same for a period of time not exceeding the achievement of the purposes for which they are processed. In particular, the personal data processed for the aforementioned purposes are kept for the period of time required by law for tax purposes (maximum 10 years). Once these terms have elapsed, the data are deleted or made anonymous, unless it is necessary to keep them for other and different purposes provided for by express provision of the law.

 

Location and methods of treatment

The processing of the personal data provided takes place at the registered office of the Data Controller, on paper, computer and telematic support and is also carried out by subjects authorized to process, constantly trained on the Community and national legislation in force on the protection and protection of personal data (art .29 GDPR). Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

 

Nature of the provision and refusal

With regard to personal data relating to the execution of the contract between the Parties or relating to the fulfillment of a regulatory obligation (by way of example but not limited to, keeping of accounting and tax records), the failure to communicate personal data prevents the completion of the contractual relationship.

Data recipients

The personal data provided may be processed, on behalf of the Data Controller, for exclusive functional and organizational reasons, by the following subjects designated as Data Processors pursuant to Article 28 of the GDPR:

–                       Accountant for the performance of the assignment given for accounting and tax consultancy;

–                       IT consultants (or consultancy companies) for the provision of services relating to software and hardware assistance and maintenance;

–                       E-mail and pec provider;

–                       Consultants and freelancers in single or associated form for the fulfillment of the consultancy assignment conferred.

Furthermore, access to such data may be allowed by subjects who process the data in execution of specific legal obligations, judicial or administrative authorities, control and inspection authorities.

Finally, the interested party can ask the Data Controller for a list of constantly updated data processors.

 

Rights of interested parties – complaint to the supervisory authority

The interested party has the right to ask the Data Controller:

1.                   access to personal data provided and information relating to the same (Article 15 of the Regulations);

2.                   the correction of inaccurate data or the integration of incomplete ones (Article 16 of the Regulations);

3.                   the cancellation of personal data concerning him (upon the occurrence of one of the conditions indicated in art. 17, paragraph 1, EU Regulation 2016/679 and in compliance with the exceptions provided for in paragraph 3 of the same article);

4.                   the limitation of the processing of the personal data provided (in the event of one of the hypotheses indicated in Article 18, paragraph 1, of the Regulations);

5.                   the personal data provided in a structured and readable format by an automatic device, also for the purpose of communicating such data to another Data Controller (so-called right to the portability of personal data pursuant to Article 20 of the Regulation).

The interested party has the right to object to the processing of personal data provided in the occurrence of particular situations that concern him (Article 21 of the Regulation).

Furthermore, the interested party can revoke, at any time, any consent given for specific purposes.

The interested party can exercise these rights by submitting a specific request to the Data Controller by e-mail to the address: taralloro@taralloro.it , pec at the address: pastificiotaralloro@pec.it , or by registered letter with return receipt to be delivered to: Pastificio Di Bari Tarall’oro srl, PIP area SS 100 Km 33 Lot no. 13/15 – 70010 Sammichele di Bari (BA). Furthermore, the interested party can exercise these rights by submitting an application to the Data Protection Officer by sending a specific request to the e-mail addresses: dpo@taralloro.it , pec: valeria.dibari@pec.it. If the interested party considers that the processing of your personal data is in violation of the provisions of EU Regulation 2016/679 and the national legislation in force on the matter of protection and protection of personal data, he can lodge a complaint with the Supervisory Authority (Guarantor Authority for the protection of personal data – www.garanteprivacy.it – ​​Article 77 GDPR), or to take appropriate judicial offices (Article 79 GDPR).

 

Automated decision-making processes

The Data Controller does not make use of automated decision-making processes, including profiling.

 

Transfer to a Third Country

The personal data provided by the interested party are not transferred to third countries.