SUBJECT: informative report under article 13 of the Regulation (EU) 2016/679 (the “GDPR” – General Data Protection Regulation) relating to the protection of individuals with regard to the processing of personal data collected from the data subject.
During business communications the processing of personal data referring to natural persons can’t be exluded; we kindly ask you to forward this document to those employees or collaborators.
If Your Company ensures anonymous or pseudonymised communications you can ignore this document.
b. DATA CONTROLLER
The data controller is Flexin Group Srl with registered office in Sasso Marconi (Bo) – Via Cartiera, 53 – VAT Number IT02818791200 , Phone no. +39 051 6781494, e-mail: firstname.lastname@example.org.
c. DATA PROTECTION OFFICER
Not falling within the cases provided for by the GDPR’s art. 37 and according to the WP243 guideline, a Data Protection Officer has not been designated.
d. LEGAL BASIS, PURPOSES AND OBLIGATIONS OF DATA PROCESSING
Your personal data are processed for the following purposes:
|X||Legal obligations: invoicing, tax recording and other administrative purposes;|
|X||Contractual obligations: supplying of goods or services;|
|X||Fulfilment of requests from the data subject;|
The provision of Data for Legal and contractual purposes is mandatory; The provision of data is necessary to enable us to process your requests. Consent expression is not required.
The failure to communicate your personal data will impede the fulfilment of any contractual obligations.
e. LAWFULNESS OF THE PROCESSING
The data processing is lawful as:
|a) The data Subject has given consent for one or more purposes;|
|X||b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;|
|X||c) Processing is necessary for compliance with a legal obligation to which the controller is subject;|
|d) Processing is necessary in order to protect the vital interests of the data subject or of another natural person;|
|e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;|
|X||f) Processing is necessary for the purposes of the legitimate interests pursued by the controller (fulfilment of a contract or in the pursuit of the Company’s purposes).|
f. RECIPIENTS OF THE PERSONAL DATA
Your personal data could be shared with the internal employees as well as the following third-party entities:
- Business, legal, labor consultant;
- Specific subjects consultants: (Health and safety in the workplace, information technology, maintenance of hardware or software products);
- Parties which have to be informed according to a legally binding obligation;
- Monitoring organisations, especially in case of inspections;
- Logistics and transportation companies (in execution of contractual obligations);
- Third-party companies or practitioners (in execution of contractual or legal obligations).
The name of the subjects listed above is available at any time upon request by the data subject.
g. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The transfer of personal data outside the EU or to international organisations is not foreseen.
h. DATA RETENTION PERIOD
The period of personal data retention, where there are no legal obligations or cancellation requests, is based on the existence of the purposes listed at point “d” or on the need of regular performance of the company business.
i. RIGHTS OF THE DATA SUBJECT
The Data Subject has the right to request at any time of access, rectification, erasure, portability of Personal Data as well as to object, revoke or restrict the data processing or propose a complaint to the Data Protection Supervisor Authority.
j. AUTOMATED DECISION-MAKING PROCESSES
Personal data are not processed with automated decision-making processes