Privacy Notice on the Processing of Personal Data pursuant to Articles 13–14 of EU Regulation 2016/679
Data Subjects: commercial relationships
TIESSE S.P.A., in its capacity as Data Controller of your personal data and, depending on the processing purpose, as Data Processor pursuant to Article 28 of the GDPR, informs you that the above-mentioned legislation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and the protection of your privacy and rights.
Your personal data, as well as the personal data of the natural persons acting on behalf of your company in their capacity as authorised personnel, will be processed in accordance with the provisions of the aforementioned legislation and the confidentiality obligations set forth therein.
Purposes and Legal Basis of Processin
Your data will be processed for the following purposes related to the fulfilment of legal or contractual obligations:
- Management of pre-contractual relations with potential customers
(legal basis: performance of pre-contractual measures pursuant to Art. 6(1)(b) GDPR) - Management of contractual relations with the customer (in case the quotation is accepted), including post-contractual activities relating to the design, production, and support of physical and virtual network devices, including management and automation software
(legal basis: performance of a contract pursuant to Art. 6(1)(b) GDPR) - Activities related to the supply of goods on loan for use, including managing customer requests, product delivery, monitoring the trial period, possible return of goods, or subsequent conversion into purchase
(legal basis: performance of pre-contractual measures pursuant to Art. 6(1)(b) GDPR) - Fulfilment of legal obligations in tax and accounting matters (in case of acceptance of the quotation)
(legal basis: legal obligation pursuant to Art. 6(1)(c) GDPR) - Compliance with legal, regulatory, national and/or EU obligations
(legal basis: legal obligation pursuant to Art. 6(1)(c) GDPR) - Soft marketing activities, sending newsletters and informative communications regarding the services offered
(legal basis: legitimate interest pursuant to Art. 6(1)(f) GDPR) - Defensive investigations to establish, exercise or defend a right in legal proceedings
(legal basis: legitimate interest of the Controller pursuant to Art. 6(1)(f) GDPR)
The processing of data necessary for the fulfilment of the above purposes is required for the correct management of the relationship, and the provision of such data is mandatory to achieve the stated purposes. The Controller also informs you that failure to provide, or the incorrect provision of, mandatory information may result in the Controller being unable to ensure the proper performance of the processing.
The Controller also informs you that, at any time—including when collecting data required for invoicing—the data subject may object to the use of their personal data (specifically contact details) for sending communications, newsletters, and marketing activities related to the services offered.
Such processing does not require consent, since pursuant to Art. 6(1)(f) and Recital 47 of the GDPR, as well as Art. 130(4) of the updated Italian Privacy Code (Legislative Decree 196/2003), the Controller’s legitimate interest constitutes the applicable legal basis.
Processing Methods
Your personal data may be processed using the following methods:
- processing through electronic systems
- manual processing using paper archives
All processing is carried out in accordance with Articles 6 and 32 of the GDPR and through the adoption of adequate security measures.
Data Communication
Your data may be communicated exclusively to public bodies and offices to which tax data must be transmitted (e.g., Revenue Agency), as well as banks and credit institutions.
Where necessary for the provision of the requested services, data may be communicated to competent subjects duly appointed for the execution of the services required for the correct management of the relationship, such as consultants and service providers, with appropriate safeguards for the protection of the data subject’s rights.
Your data will be processed solely by personnel expressly authorised by the Controller.
Data disclosure and dissemination
Your personal data will not be disclosed/disseminated in any way.
Retention Period
In compliance with the principles of lawfulness, purpose limitation, and data minimisation pursuant to Art. 5 of the GDPR, the retention period for your personal data is as follows:
- Accounting and tax data: 10 years, in accordance with obligations regarding the retention of accounting and tax records (Art. 2220 Italian Civil Code; Art. 22 of Presidential Decree 600/1973)
- Other data: 10 years from termination of the contract or, in case of disputes, for the limitation period provided by law
- Quotations: 3 months (validity of the quotation) or, in case of disputes, for the statutory limitation period
- Goods on loan for use: until the end of the loan period
- Soft marketing data: data will be retained until withdrawal of consent or exercise of the right to erasure and/or objection, and in any case no longer than 3 years after contract termination
Data Subject Rights
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet registered, and to have such data communicated in an intelligible form.
2. The data subject has the right to obtain:
a. information on the origin of personal data;
b. the purposes and methods of processing;
c. the logic applied in case of processing carried out with electronic means;
d. identification details of the Controller, Processors, and appointed representatives;
e. the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them as appointed representatives, processors or authorised personnel.
3. The data subject has the right to obtain
a. the updating, rectification, or, where interested, integration of the data;
b. the erasure, anonymisation, or blocking of data processed unlawfully, including those whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
c. certification that the operations referred to in points (a) and (b) have been notified to the entities to whom the data were communicated or disseminated, unless this proves impossible or involves disproportionate effort;
d. data portability.
4. The data subject has the right to object, in whole or in part:
a. on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;
5. The data subject has the right to request the restriction of processing.
You may exercise your rights by sending an email to privacy@tiesse.com or by submitting a written request to the contact details indicated above.
If the data subject believes that the processing of their personal data violates applicable law, they may lodge a complaint with the Supervisory Authority pursuant to Art. 77 of Regulation 2016/679 or submit a report pursuant to Art. 144 of Legislative Decree 101/2018.