Supplier Information Pursuant to Article 13 of the 2016/679 EU Regulation
This disclosure is given to supplier, natural persons, and to natural persons acting in the name and on behalf of suppliers legal entities.
Dear Supplier, pursuant to art. 13 of the EU 2016/679 regulation (hereinafter called GDPR) laying down provisions for the protection of individuals with regard to the processing of personal data, we hereby inform you that your personal data will be processed in compliance with the aforementioned law and confidentiality obligations to which VisMederi Srl is bound. The processing of your data will take place according to the principles of correctness, lawfulness and transparency.
The data controller is VisMederi S.r.l. (hereafter referred to as the “Owner”), in the person of its pro tempore legal representative Dott. Duccio Meiattini, with registered and operative office in Strada del Petriccio e Belriguardo n. 35, 53100 Siena, Italy. The Owner can be contacted through:
– registered letter addressed to VisMederi S.r.l., Strada del Petriccio e Belriguardo n. 35, 53100, Siena (SI), Italy
– E-mail at the following address firstname.lastname@example.org
Types of Data Subject to Processing
VisMederi S.r.l. will process your personal data, collected and/or received under the contract and/or for the purposes of concluding thereof, including but not limited to:
Personal and contact information (e.g., name, physical address, nationality, residence, telephone, fax, email address, social security number, company name, VAT number); Bank information (such as postal and bank details IBAN/with the exception of credit card numbers). VisMederi S.r.l. does not require a transfer of your “Special” Personal Data referred to in art. 9 of the GDPR, literally the “[…]data suitable to reveal racial or ethnic origin, political opinions, religious or philosophical convictions or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person”. We invite you not to publish these data unless strictly necessary. In the event that the performance requested by VisMederi S.r.l. imposed the processing of such data, the interested party will receive prior notice and will be required to give appropriate consent.
Purpose, Legal Basis and Optional Nature of Processing
The Data Controller will process your Personal Data for the following purposes:
a)Execution of the contract and/or pre-contractual, as well as the fulfilment of each other obligation deriving from the contract, and any other purpose strictly connected and instrumental to the management of relations with suppliers (for example, registration and management of requests for contact and/or information).
b)In the event that it is necessary to ascertain, exercise or defend a right in court, for the pursuit of the legitimate interest that the Owner has found to exist based on the balance of interest (e.g. debt collection).
c)Compliance with laws, regulations or national and community regulations, compliance with the provisions of the supervisory authorities of the sector or orders issued by judicial and/or administrative authorities.
d)To carry out activities functional to supplies of firm and business operations, acquisitions, mergers, divisions or other transformations and aimed at performing such operations.
The legal basis for the processing of your data for purpose a) is Art. 6.1. b) of GDPR because the treatment is necessary for the performance of a contract; for purpose b) are articles. 6.1. f) and 9.2. f) of GDPR because the treatment is necessary in order to establish, exercise or defend a legal claim; for purpose c) is art. 6.1. c) as the processing is necessary to fulfil a legal obligation to which the Data Controller is subject; for purpose d) the legal basis is art. 6.1. f) since the processing is necessary for the pursuit of the Data Controller’s legitimate interest.
The provision of your personal data for purposes a) and b) c) and d) above is optional, but in default, it will not be possible for VisMederi S.r.l. to provide the Services and fulfil the additional obligations assumed by you.
In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerized and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of data, in addition to compliance with specific obligations sanctioned by the law.
Personal Data Storage
Personal Data will be kept only for the time necessary for the purposes for which they are collected, respecting the principle of minimization referred to in Article 5.1.c. c) of the GDPR. Further information is available from the Data Controller.
Personal Data Recipients
Personal Data may be shared with:
– Natural persons authorized by VisMederi S.r.l. to the processing of personal data pursuant to art. 29 GDPR for the performance of their job duties (e.g. employees and system administrators, etc.).
– Service providers (such as consultants, certification bodies, etc.) who typically act as controllers pursuant to art. 28 of the GDPR.
– Subjects, bodies or authorities to whom it is compulsory to communicate your Personal Data under the provisions of law or orders of the Authorities.
The complete and updated list of data recipients can be requested from the Owner at the addresses indicated above.
Extra EU Data Transfer
As for the possible transfer of data to Third Countries, the Owner informs that the processing will be carried out according to one of the modalities permitted by the law in force, such as the agreement of the interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. It is possible to have more information, upon request, from the Owner through the above-mentioned contacts.
Your Privacy Rights Pursuant to Art. 15 and Following of GDPR
You have the right to ask the Owner, at any time, access to your data, rectify or delete them or request the limitation of treatment, or obtain in a structured format, commonly used and readable by device automatic data concerning you in the cases provided for by art. 20 of the GDPR. At any time, you may revoke pursuant to art. 7 of the GDPR, the consent already given, without prejudice to the lawfulness of the processing carried out before the withdrawal of consent.
We also inform you that you have the right to oppose pursuant to art. 21 of the GDPR, for legitimate reasons, the processing of data. Requests must be sent in writing to the Owner at the addresses indicated above.
In any case you are always entitled to submit a complaint to the competent supervisory authority (Guarantor for the Protection of Personal Data), pursuant to art. 77 of the GDPR, if it considers that the processing of your data is contrary to the legislation in force.
The Data Controller