in accordance with Articles 13 and 14 of EU Regulation 2016/679
In accordance with Articles 13 and 14 of European Regulation 679/2016 on the protection of personal data of natural persons (hereafter, the “GDPR”), COET S.p.A. (hereafter “COET” or the “Company”), in the capacity of data controller, wishes to provide you with information on the processing of your data.
TYPE OF PERSONAL DATA
If you work for one of our suppliers, customers or commercial partners, we inform you that COET, as part of the relationships it has with your employer, holds some of your personal data provided by you, provided by your employer or obtained from public sources (for example, Chambers of Commerce); those data include your name, surname, professional title, contact details, such as the work address, email address and telephone numbers; if you work for one of our suppliers/contractors and you are assigned to carry out services for COET, your data may include information relating to your salary, as well as the pension and insurance contributions paid by your employer (to the extent necessary to check its compliance with rules protecting workers under works contracts).
If you are personally one of our suppliers, customers or commercial partners, in addition to the data highlighted above, COET may also process data relating to invoicing and payments (including VAT number, tax code and bank details), registration on rolls and registers, as well as information of economic and financial nature (for example, data regarding solvency).
All of your personal data will be processed by COET in conformity with the GDPR and other applicable legislation on personal data protection, including the decisions of the Data Protection Supervisory Authority.
PURPOSE AND LEGAL BASES OF PROCESSING
Your data are processed by the Company in carrying out its economic and commercial activities for purposes related to the negotiation, establishment, management and execution of the contractual relationship with your employer or directly with you (if you are a supplier, a customer or a commercial partner of the Company), including the management of the pre-contractual relationship and/or the insertion into the Company’s list of suppliers. In particular, the data will be processed (i) to fulfil legal and regulatory obligations (e.g. tax and accounting obligations, obligations deriving from the rules on works contracts and on workplace health and safety); (ii) for the administrative management of the contracts, therein including the management of payments and invoices; (iii) to fulfil obligations relating to the supply or purchase of goods and services; as well as (iv) to manage any litigation.
The processing of personal data for the purposes described above is legitimate in accordance with the GDPR and, specifically, in accordance with Art. 6.1 letter b) (processing is necessary for the performance of a contract), Art. 6.1 letter c) (processing is necessary for compliance with a legal obligation) and/or Art. 6.1. letter f) (processing is necessary for the purposes of the legitimate interests pursued by the controller, meaning, in our case, our Company’s interest in entering into, executing and fulfilling contracts as part of its activity and verifying the economic-financial reliability of its commercial partners).
NATURE OF PROVISION AND METHODS OF PROCESSING
The collection and provision of your data is necessary in order to establish a commercial relationship, to carry out correctly the pre-contractual and contractual obligations or, if a contractual relationship is already established, to fulfil the obligations deriving from it.
Your personal data will be processed by the Company and by its authorised personnel, mainly by staff of the Purchasing Department, Sales and Administration and Finance Department and also by other staff of the Company who may need to process the data, with electronic and manual systems, according to principles of fairness, lawfulness and transparency envisaged by the applicable legislation on personal data protection, protecting your confidentiality by technical and organisational security measures to guarantee an adequate level of security.
The data will be stored in respect of the GDPR and the applicable legislation on personal data protection for the entire time necessary to fulfil the purposes indicated above. In particular, the data will be stored for the entire term of the contractual relationship with you or with your employer and even after the termination of the same, in compliance with civil and fiscal obligations (for example, obligation to retain invoices and company documentation for at least 10 years).
DATA COMMUNICATION AND TRANSFER
In addition to communications to be made in fulfilment of legal and contractual obligations, your data may be communicated to tax or legal consultants, collaborators of the Company, credit institutions, public bodies and administrations if this is necessary, as well as to entities legitimated by law to receive such information, Italian and foreign judicial authorities and other public authorities, for purposes connected to the fulfilment of legal obligations, or to carry out obligations assumed and arising from the contractual relationship, as well as for defending legal claims.
Your contact details may be communicated, entirely occasionally, to other customers and/or suppliers of the Company, for example, if they must collaborate with you or with your employer for the purposes of executing contractual obligations.
The Company also uses third parties for the performance of some services that involve the processing of personal data, such as accounting and financial services, video surveillance, and management of computer systems. Those entities operate in the capacity of processors, based upon specific and adequate instructions in terms of processing methods and security measures indicated in specific contractual documentation.
Your personal data will not be transferred outside the European Union.
Rights of the data subject
- receive confirmation of the existence of your data and access their content (right of access);
- update, modify and/or rectify your data (right of rectification);
- request the erasure of your data or the restriction of processing of the data in violation of law, including data whose storage is not necessary in relation to the purposes for which they were collected or otherwise processed (right to be forgotten and right to restriction);
- except where the processing is required in fulfilment of a legal obligation, object to the processing, in the cases envisaged by the GDPR (right to object);
- receive a copy of the data in electronic format and ask for the data to be sent to another controller (right to data portability).
The Data Subjects may also lodge a complaint with the Data Protection Supervisory Authority in the event of a breach of the rules on personal data protection.
Identity and contact details of the Data Controller
The Controller of your personal data is COET S.p.A. with registered office in Via Civesio, 12 – 20097 San Donato Milanese (MI), email email@example.com.
registered office at Via Civesio, 12
20097 S. Donato Milanese (MI)
Tel: +39 02 842934
Fax: +39 02 5279753
TYPE OF DATA PROCESSED
The IT systems and software procedures that run the Website acquire, during their normal operation, some personal data of Users whose transmission is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified Data Subjects but that may, by its very nature, through processing and association with data held by third parties, allow for Users to be identified.
This category of data include IP addresses or domain names of the computers used by Users who connect to the Website, addresses in URI (Uniform Resource Identifier) notation of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and IT environment of the User.
DATA PROVIDED VOLUNTARILY BY THE USER
Any optional and voluntary transmission of communications to the email addresses indicated on the Website, along with the completion, by Users, of the contact forms for sending comments or information requests regarding our commercial activity, involve the collection and acquisition of the sender’s email address and other data entered in the mandatory fields of the forms (for example, name and surname), as well as any data entered in the optional fields or in the message.
PURPOSE AND LEGAL BASIS OF DATA PROCESSING – DATA STORAGE TIMES
The browsing data are used to pursue the legitimate interest of the Controller consisting of obtaining anonymous statistical information on use of the Website and checking the correct functioning of the Website itself; those data are erased immediately after processing. The browsing data, in addition, may be used for the legitimate interest of the Controller in ascertaining liability in the event of cybercrimes.
The personal data provided voluntarily by Users who send emails and/or contact requests are used for the sole purpose of satisfying or responding to the requests sent. The “legal bases” that, in accordance with Art. 6, paragraph 1 of the GDPR, legitimise the collection and processing of those personal data are:
- the legitimate interest of the Controller in responding to requests of Users;
- compliance with legal and regulatory obligations;
- the management of any disputes, arguments, controversies, complaints, as well as the protection of the information systems of the Controller;
- the processing of pre-contractual requests.
The personal data will be stored for the time necessary to pursue the purposes for which they were collected and, in any case, for the time necessary to fulfil legal provisions and/or exercise or defend legal claims.
AUTHORISED OFFICERS AND DATA RECIPIENTS
The processing connected to interaction with the Website (physically hosted in Italy) is carried out at the office of the Controller only by authorised personnel, relating to the company functions involved each time in the request or the contract (e.g. IT, Sales). If required by law or to prevent or repress the commission of a crime, the personal data may be communicated to public bodies or to the judicial authority.
OPTIONAL NATURE OF DATA PROVISION
Aside from what is specified for browsing data and cookies, Users are free to provide personal data by sending emails or completing contact forms, to request the transmission of informative material. Any failure to provide the personal data indicated above may involve, in these cases, the impossibility for the Controller to follow up the requests of Users.
The personal data are processed with automated tools. Specific security measures are respected to prevent the loss of data, unlawful or incorrect uses and unauthorised accesses.
RIGHTS OF THE DATA SUBJECTS
Users have the right at any time, if the legal requirements are in place, to access their processed personal data, to request their rectification, supplementation or erasure, to request the restriction of processing, to object to their processing or to request the portability of the data (Articles 15-22 of the Regulation).
Requests may be sent to the email address: firstname.lastname@example.org
More specifically, the cookies that are downloaded are:
icl_current_language: This cookie is stored by WPML WordPress plugin. The purpose of the cookie is to store the current language. (1 day)
cookielawinfo-checkbox-necessary: Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Necessary” category. (1 year)
cookielawinfo-checkbox-non-necessary: Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Non-necessary” category. (1 year)