PRIVACY POLICY PURSUANT TO REGULATION EU 2016/679
(GENERAL DATA PROTECTION REGULATION)

 

Data subjects: SUPPLIERS

 

Pursuant to Article 13 of Regulation EU 2016/679 and in relation to the personal data that the undersigned Data Controller, Meta Technologies s.r.l, will come into possession of with your assignment, I hereby inform you of the following:

  1. Data Controller

The Data Controller is Meta Technologies s.r.l

VAT no. 02947060352

street Emidio Villa 7, 42124- Reggio Emilia 

email: info@metahosp.com

tel. 0522.502.322

 

  1. Purpose of the data processing.

The purpose of the processing is:

  • Full and proper performance of the contract.
  • Purchase of products and/or services.
  • Fulfilment of tax and accounting obligations.
  • Compliance with the obligations incumbent on the company and envisaged by the regulations in force (including but not limited to anti-money laundering, insurance, safety at work).
  • Defence of a right in court or before judicial authorities exercising judicial functions
  • Video surveillance.
  1. Legal basis for the processing.

The processing is lawful because:

  • It is necessary for the performance of a contract you are party to, or the performance of pre-contractual measures taken at the request of the data subject.
  • It is necessary in order to comply with a legal obligation of the data controller (e.g. keeping and preserving accounting records in accordance with tax law and anti-money laundering, privacy, insurance, health and safety at work regulations).
  • It is necessary for the pursuit of the legitimate interest of the data controller, such as the protection of company assets (video surveillance), the defence of a right of the data controller in court or before judicial authorities.
  1. Methods of the data processing.

The processing is carried out in a manner strictly necessary to fulfil the purposes set out above, by means of some of the operations or set of operations indicated in Article 4, no. 2 of Regulation EU 2016/679: collection, recording, organisation, structuring, storage, consultation, processing, adaptation, modification, selection, retrieval, alignment, use, combination, blocking, disclosure, erasure and destruction of the data. The operations may be carried out with or without the aid of electronic, online or otherwise automated tools.

  1. Provision of the data.

The provision of personal data is not a legal obligation, but a necessary requirement for the conclusion of the contract.

  1. Data retention.

The personal data will be processed and stored for as long as is necessary for the complete performance of the contract you are a party to, as well as for the proper fulfilment of storage obligations for civil and tax purposes or for other purposes envisaged by the aforementioned laws or regulations. Storage is envisaged for as long as is necessary for the pursuit of the legitimate interest of the data controller, for the purpose of defending its own right in court or before judicial authorities and in any case until the expiry of the limitation period of the rights arising from the contractual relationship.

  1. Disclosure of the data.

For the above-mentioned purposes and to provide, improve, protect and promote services, the personal data may be disclosed to or seen by:

  • Parties authorised to process the data.
  • Data processors and related additional data processors and authorised parties including but not limited to: accountants, consultants, suppliers of IT services, cloud computing services or assistance thereto, and related technical staff, contractors, persons tasked with occasional maintenance, all adequately trained in the protection of confidentiality.
  • Judicial or administrative authorities, for the fulfilment of legal obligations or the execution of assignments made.
  • Banking and insurance institutions.
  • Other entities that process data in execution of specific legal obligations.
  1. Profiling.

The personal data are not subject to any fully automated decision-making process, including profiling.

  1. Transfer of data abroad.

Personal data are not transferred to countries outside the European Union.

 

10. Rights of the data subject.

Pursuant to Articles 15-18 and 20-21 of Regulation EU 2016/679, you have the right to obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and its communication in an intelligible form. You have the right to obtain information on: a) the origin of the personal data; b) the purposes and methods of the processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identity of the data controller and any data processors; e) the parties or categories of parties the personal data may be disclosed to or who may become aware of them in their capacity as data processors or persons tasked with processing. You also have the right to: a) have your data updated, corrected or, if you wish, completed; b) the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose storage is not necessary for the purposes the data were collected for or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been communicated – as also related to their contents – to the entities the data were disclosed or disseminated to, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. You have the right to wholly or partially object: a) on legitimate grounds to the processing of your personal data, even if pertinent to the purpose of their collection; b) to the processing of your personal data for the purpose of sending advertising or direct sales materials or for the performance of market surveys or commercial communications. You have the right to data portability, i.e. to receive your personal data in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another data controller without hindrance. You also have the right to lodge a complaint with a supervisory authority (in Italy, the Personal Data Protection Authority: www.garanteprivacy.it). You may exercise your rights by submitting a written request to the data controller at the addresses (registered office, email) provided in point 1.

  1. Subjects processed.

The list of data processors for limited sectors and operations is constantly updated and available by request addressed to the data controller, including to the addresses provided in point 1.

I, the undersigned __________________________________, tax code __________________________________, declare to have received, read and understood the above policy.

_______________, date ______________                                       Signature: _____________________