Eustema S.p.A. is aware of the fundamental importance of protecting the Personal Data of its Suppliers, thereby providing that the processing of Personal Data is carried out in full compliance with the protections and rights recognized by the EU Regulation 2016/679 (hereinafter “GDPR”).
This policy explains in detail who we are and and the purposes of the use your data, which you submitted for the establishment and execution of contractual relationships with us.
The Data Controller of the personal data provided through the website www.eustema.it is Eustema S.p.A. (hereinafter referred to as “Eustema” or the “Company”) with registered office in Rome at via Carlo Mirabello
nr. 7, CF and P. IVA 05982771007, contactable at the e-mail address: “privacy(at)eustema(dot)it “. The Data Controller has appointed a Data privacy Officer (DPO) available at the following e-mail address: “dpo_privacy(at)eustema(dot)it “.
The Data Controller, for some treatments, will be supported by the company EUforLEGAL S.r.l. with registered office in Rome at Via Carlo Mirabello
nr. 7, TAX CODE and VAT NUMBER no. 15957891003, which will act as Joint Data Controller. The Joint Data Controllers EUforLEGAL S.r.l. and Eustema S.p.A. have indeed stipulated a co-ownership agreement concerning the data processing according to art. 26 of the GDPR. A summary of the agreement is available at this link.
The Company may collect, use, consult and more generally process Personal Data of the Supplier during and for the purpose of the proper performance of the contractual relationship with the Supplier, such as:
– personal data, tax code, VAT number and personal data of the Legal Representative
– judicial data (e.g. pending charges, anti-mafia self-declaration)
– data on operational and administrative contacts (e.g. name, professional classification, telephone number, fax number, e-mail address, CVs)
– Contractual and administrative information (e.g. bank details and account number etc.).
Your Personal Data will be used to:
Should Eustema intend to further process Personal Data for purposes other than those for which they were collected, it will provide you with information regarding those purposes and any other relevant information required by the GDPR before the processing.
The aforementioned processing has a legal basis related to the fulfillment of an existing contract between the parties in accordance with Art. 6.1, letter b) or to comply with the law.
The transfer of Personal Data is compulsory for the opening and management of contractual relationships and necessary to meet any demands of the interested party (technical information, commercial, etc.). Any refusal on your part to submit these data could result in the non-execution or partial execution of the contract and / or the continuation of the relationship.
Eustema aims to protect your data by treating them according to the principles of correctness, lawfulness and transparency. The data will be treated with appropriate procedures to protect confidentiality and the treatment consists in their collection, recording, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, destruction of the same including the combination of two or more of the above activities. The processing of Personal Data for the abovementioned purposes will take place mainly through automated and computerized procedures, or manually.
Data will be stored on computer and/or in paper archives. Physical, electronic and procedural security measures appropriate to the sensitivity of the information in our possession will be adopted.
Your data will not be disclosed. They will not be communicated to unspecified subjects, neither as available data or for consulting purposes.
They may be communicated to certain subjects such as:
The data are processed within the European Union. In case it is necessary to transfer the data outside the European Union, the Data Controllers commit to comply with the provisions of Chapter V of the GDPR and to do what is necessary to ensure adequate levels of protection and safeguarding of Personal Data.
Your Data will be processed for the entire duration of the contractual relationship established and beyond, for the performance of all legal obligations. Data will be kept for a period of time no longer than the period necessary for the purposes for which they were collected or subsequently processed (management of the contractual relationship and fulfillment of tax obligations, also with reference to any litigation) in accordance with the current regulations, unless a longer storage period is imposed or authorized by law.
You can exercise your rights in any moment and, among these, in particular:
– Right of Access: you have the right to access your Personal Data held in order to verify whether the Personal Data is processed in accordance with the law.
– Right to Rectification: You have the right to obtain the rectification of any inaccurate or incomplete information in order to ensure the accuracy of such information in accordance with the purposes of the processing.
– Right to Erasure: you have the right to request that the Data Controller and/or Co-Processor to delete Your information and no longer process such data in the cases provided for by the GDPR.
– Right to Restriction of Processing: you have the right to request that the Data Controller and/or the Joint Data Controller limits the processing of the Data.
– Right to Data Portability: you have the right to receive in a structured, commonly used and machine-readable format Your Personal Data and to transmit such Data to another Data Controller.
– Right to object to processing: you have the right to object to the processing of Your Data in the cases provided for by the GDPR, at any time and without having to justify your decision.
– Right not to be subjected to automated decision-making processes: you have the right not to be subjected to a decision based solely on automated processing of your Data, including profiling, which produces legal effects against you or significantly affects you in a similar way.
You may exercise Your rights at any time by writing to the following e-mail address: e-mail privacy(at)eustema(dot)it . We will take care of your request to ensure with the utmost effort the exercise of your rights.
Finally, you will have the right to lodge a complaint with the Italian Data Protection Authority or any other competent supervisory authority.