Privacy policy pursuant to art. 13 of the GDPR for data collected directly from the data subject
Article 13, paragraph 1 of the European General Protection Regulation (GDPR) requires informing data subjects, in the case of direct collection of their data, on the fundamental elements of the processing as specified in § 1, lett. a/f.
The undersigned company fulfils its obligations by informing you that:
1-A) The Data Controller is TODINI AND CO. SPA
- Registered Office: C.so Milano 46, Monza 20900 (MB), Italy
- E-mail: privacy@todini.com
- Telephone: (+39) 039-2302495
1-B) Data are collected for the following purposes:
- to fulfil the obligations arising from a contract or pre-contractual relationship;
- to fulfil the legal obligations;
- to manage suppliers (administration of suppliers; administration of contracts, orders, arrivals, invoices; selections based on the company’s requirements);
- to manage customers (administration of customers; administration of contracts, orders, shipments and invoices; reliability and solvency control);
- to manage disputes;
The legal basis of which is based:
- on contractual or pre-contractual requirements;
- on the legal obligation that the undersigned company must fulfil.
1-C) The recipients or any categories of recipients are:
- Postal institutions or other companies responsible for delivering correspondence;
- Banks and credit institutions;
- Credit recovery companies;
- Legal firms;
- Insurance companies;
- IT maintenance and repair companies;
- Professional firms and/or companies that provide us with certain accounting and/or tax services, etc;
- Public bodies;
- Subjects of the Umicore Group
1-D) The data may be transferred outside the EU or to an international organisation based on binding corporate rules (art. 47) which are legally binding Standard Contractual Clauses approved by the European Commission, and apply to all members of a business group or group of companies engaging in a joint economic activity, including their employees. In addition, these relationships give data subjects the express right provided for by the GDPR regarding the processing of their personal data;
Additional information needed to guarantee correct and transparent processing.
2-A) The retention period of personal data contained in the databases regarding:
How long the data relating to potential customers/suppliers are retained
- For precontractual processing activities requested by the data subject to draw up the contract or commercial offer, 3 years
How long the data relating to customers/suppliers are retained
- For contractual fulfillments, 5 years
- For data that can potentially be used in litigation, 10 years
- For legal obligations, 10 years
2-B) You are informed that you have the right to request access to your personal data, to rectify, erase, limit the processing of data concerning you, to oppose their processing, to data portability;
2-C) You have the right to lodge a complaint with a supervisory authority.
2-D) The communication of your data:
- is a necessary requirement for the conclusion of the contract, therefore your refusal to communicate the data will make it impossible to perform the contract;
- is obligatory by law, therefore your refusal to communicate data will make it impossible to perform the contract.