Dear Sir/Madam,
We process information about you, your personal data, in your capacity as a representative, delegate or appointee of a legal entity or entity that maintains relations with us for business purposes, as further specified below. As required by European personal data protection legislation (EU Regulation 679/2016), we are providing you with the following information for this purpose.
1. Data Controller and Data Protection Officer.
The Data Controller, i.e., the party responsible for decisions regarding the purposes, methods and security of personal data, is the company Pisa 1940 S.r.l. with headquarters in Milan, via Montenapoleone no. 9, 20121 Milan, tel. 02762081, e-mail compliance@pisa1940.com.
The Data Protection Officer (DPO) can be reached either through the contact details of the data controller or at the e-mail address dpo@pisa1940.com.
The personal data you provide , which may be collected in the course of our relationship, will be processed for the purposes set out below, according to the following legal bases:
|
Purpose
(Why we process your data) |
Legal basis
(The legal provision under which the data are processed) |
Consequences of refusing to provide consent to processing
(What happens if you refuse to provide personal data and/or give consent to processing) |
|
Performance of contracts to which the legal entity you represent is a party or to take steps at its request prior to entering into a contract. |
Art. 6, Par. 1, Letter b) GDPR - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. |
Consent is not required; however, in the event that you refuse to provide personal data, it may prevent us from carrying out the request or maintaining the relationship. |
|
Fulfillment of legal obligations in accounting and tax matters related to the existing relationship. |
Art. 6, Par. 1, Letter c) GDPR - processing is necessary for compliance with a legal obligation to which the controller is subject. |
Consent is not required; however, in the event that you refuse to provide personal data, it may prevent us from carrying out the contract. |
|
Selection, formation and maintenance of a list of the Company's suppliers |
Art. 6, Par. 1, Lett. f) GDPR - legitimate interest of the Company in forming and maintaining a list of its suppliers, including selection activities. |
Consent is noy required. The right to object can be exercised at any time. Processing prior to the objection shall remain valid. |
The personal data provided by you or acquired in the course of the relationship will be processed only by personnel authorized for this purpose or by data processors designated for this purpose.
In addition to the parties to whom the law mandatorily requires communication, your data may be communicated only to:
|
Purpose |
data category |
recipients |
|
Accounting, administrative, tax fulfillments. Fulfillments related to legal, statutory obligations. |
Identifiers of contract representatives or contact persons. |
Professionals and/or companies that process accounting/tax data, auditing firms, auditing bodies. |
Your personal data are not transferred outside the European Union.
Personal data subject to processing are collected in documents whose retention is established consistent with the purposes of processing as summarized below.
|
Document |
Retention period |
|
Contract documentation |
Ten years from the termination of the contractual relationship unless there is legitimate cause for suspension. |
|
Administrative, accounting, tax documentation. |
Ten years from the termination of the contractual relationship unless there is legitimate cause for suspension. |
6. Rights of the data subject.
In the cases provided for, you, as a data subject, have the right to obtain from us, as Data Controllers, access to your personal data and the rectification or erasure thereof or the restriction of processing concerning them or to object to processing (Arts. 15 et seq. of the Regulation). The appropriate application in writing is submitted at our contact details indicated above.
7. Right to lodge a complaint
If you believe that the processing of personal data relating to you in connection to the existing relationship is in violation of the provisions of the Regulation, you have the right to lodge a complaint with the Supervisory Authority, as provided for in Art. 77 of the Regulation, or the right to an effective judicial remedy (Art. 79 of the Regulation).
8. Collaboration
The protection of your data and compliance with the principles laid down in the regulations, with particular reference to the principle of transparency, are of utmost importance to us. We would be grateful if you would help us by pointing out any misunderstandings of this document or suggesting improvements using the contact details of the Data Controller indicated above.
Whatsapp
Find a boutique
Subscribe to our newsletter
