Privacy Notice for Clients and Suppliers

In compliance with the provisions of Article 13 of EU Regulation 2019/679 («GDPR»), Renato Corti Srl informs customers and suppliers of the purposes and methods of processing the personal data collected, their scope of communication and dissemination, as well as the nature of their provision.

1. Purpose of data processing

The data collected from customers/suppliers, subject to processing, are processed and used directly to fulfil the following purposes:

• fulfilment of existing contractual relationships.
• consequent legal and tax obligations deriving from them.
• achieve effective management of commercial relations.

2. Types of data subject to processing

As provided for by Article 4.1 of the GDPR, it is considered "personal data" any information relating to an identified or identifiable natural person ("data subject"); it is considered Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Therefore, the Data Controller will process the personal data collected within the framework of the contract between the parties and/or in the interconnected relationships for the conclusion of the same, such as, by way of example but not limited to, name, surname, landline and mobile telephone number, address, e-mail of the contact persons and in general contact data. Any processing of data belonging to special categories (art. 9.1 GDPR) may only take place with the explicit consent of the data subject.

3. Processing methods

The data are processed with manual or paper, electronic, computer and telematic tools with logics strictly related to the purposes indicated above and are stored both on computer and paper supports, and on any other type of suitable support, in compliance with the appropriate security measures, prepared for the protection of personal data in proportion to the degree of risk. This activity is carried out by internal subjects specifically appointed, trained and informed.
No processing is carried out that consists of automated decision-making processes on the data processed.
In the case of data processing through computer systems managed and/or maintained by external companies, these will be appointed as Data Processors. Their updated references can be requested from the Data Controller.

4. Data retention

These data will be stored for the entire duration of the contractual relationship and also after the termination of the relationship for the performance of any obligations connected or deriving from it. In addition, the data will be stored for the time necessary to carry out accounting and tax purposes in accordance with the provisions of the law and in any case for a period not exceeding 10 years.

5. Access to data

The Data Controller informs the data subjects that their data may be communicated, exclusively in compliance with the purposes described above, to the employees and collaborators of the Data Controller, to third party companies and to professionals who perform services on behalf of the Data Controller. In addition, the personal data of the data subject may be communicated, without any further information and/or consent, to Supervisory Bodies, judicial and public security authorities, to insurance companies for insurance services, as well as to all those subjects to whom communication by the Data Controller is mandatory by law.

6. Transfer of data

The Data Controller does not transfer personal data to third countries outside the EEC. However, it reserves the right to use cloud services and in this case the service providers will be selected from those who provide adequate guarantees, as provided for by Article 46 GDPR.

7. Rights of the data subject

According to the articles of the GDPR nr:
15 right of access,
16 right to rectification,
17 right to erasure,
18 right to restriction of processing,
19 notification obligation,
20 right to portability,
21 right to object,
22 Right to object to automated decision-making
the interested party may assert his/her rights by writing to the Data Controller, at the coordinates set out below.

8. Right to lodge a complaint

The data subject always has the right to lodge a complaint with the competent supervisory authority (Privacy Guarantor), pursuant to Article 77 of the GDPR, if he/she believes that the processing of his/her data is contrary to the legislation in force. You may revoke the consent already given at any time (Art. 7.3 GDPR) without prejudice to the lawfulness of the processing carried out prior to the withdrawal of consent.

9. Data Controller and Data Processor

The Data Controller is Renato Corti Srl, via Ettore Ponti 49, 20143 Milan, in the person of its legal representative.
To exercise the rights indicated in point 5 or for any other communication relating to this policy, the interested party must send a written request addressed to Renato Corti Srl, via Ettore Ponti 49, 20143 Milan, for the attention of the Data Controller, or by sending an email to the address: privacy@renatocorti.it.

Milan, 02/09/2019