PRIVACY POLICY
regarding the processing of personal data of customers/suppliers and their contacts
EU Reg. 2016/679 - GDPR
General Data Protection Regulation
GENERAL INFORMATION
Customers/suppliers (data subjects) and their contacts (hereinafter “data subjects,” pursuant to Art. 4, para. 1 of the GDPR) are hereby informed that the professional relationships established with the undersigned Data Controller may involve the processing of personal data, in accordance with the following general principles:
all data is processed lawfully, fairly, and transparently in relation to the data subject, in accordance with the general principles set out in Art. 5 of the GDPR;
specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access;
the Data Controller is the undersigned company Pype Lyne Spa Via Pomarico snc 75015 Pisticci Scalo +39 0835 416718 Email info@pypelyne.it
the Data Controller Pype Lyne Spa has appointed a Data Protection Officer who can be contacted at (privacy.dpo@pypelyne.it) to exercise all the rights provided for in Articles 15-21 of the GDPR (right of access, rectification, erasure, restriction, portability, objection), as well as to withdraw previously given consent or lodge a complaint with the Supervisory Authority for the protection of personal data.
PURPOSE OF THE PROCESSING
The Data Controller processes personal identification data of the customer/supplier (e.g., name, surname, company name, personal/tax data, address, telephone number, e-mail address, bank and payment details) and of its operational contacts (name, surname, and contact details) acquired and used in the context of the provision of services by the Data Controller.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
The data is processed for the following purposes:
to enter into contractual/professional relationships;
to fulfill pre-contractual, contractual, and tax obligations arising from existing relationships, as well as to manage the necessary communications related to them;
fulfilling obligations under the law, regulations, EU legislation, or an order from the Authority
exercising a legitimate interest and a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; ordinary internal operational, management, and accounting requirements).
Failure to provide the above data will make it impossible to establish a relationship with the Data Controller. The above purposes represent, pursuant to Article 6, paragraphs b, c, and f, suitable legal bases for the lawfulness of the processing. If processing for different purposes is intended, specific consent will be requested from the data subjects.
METHOD OF PROCESSING
Personal data is processed using the methods indicated in Art. 4 no. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Personal data is processed both on paper and electronically and/or automatically. The Data Controller will process personal data for the time necessary to fulfill the purposes for which it was collected and related legal obligations.
SCOPE OF PROCESSING
The data is processed by internal subjects who are duly authorized and trained in accordance with Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects who act as independent Data Processors or Data Controllers (consultants, technicians, banks, transporters, etc.). Please also note that personal data may be subject to intercompany communication between Group companies. The data is not disseminated or transferred to countries outside the EU. Should it become necessary, in the context of tenders/contracts or in the fulfilment of regulatory obligations (e.g. joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.), to acquire personal data of their employees from customers/suppliers, it is agreed between the parties that the undersigned company will be entitled to process such data as an external processor (Art. 28 GDPR) or authorized entity (Art. 29 GDPR). Within the scope of this relationship, the undersigned company undertakes to process such data in compliance with the requirements of the GDPR, ensuring that any communication to additional parties is exclusively within the scope of specific legal obligations.