Articles 13 et seq. of (EU) Regulation 2016/679 (GDPR)
Personal data-processing policy, in accordance with Article 13 et seq. of (EU) Regulation 2016/679.
This is to inform you, in accordance with (EU) Regulation 2016/679 (“General Data Protection Regulation”), hereafter GDPR, which covers the protection of individuals in terms of the processing of their personal data, about the methods T&T Systems uses to collect, store and use your personal data, including personal information and banking details that have been acquired at the beginning or during the period of the contractual relationship.
The data shall be processed in accordance with the principles of correctness, lawfulness and transparency.
Data processor responsible for data security
The data controller for the processing of personal data is T&T sistemi, who have their registered office in Via Leo Valiani 75 Levane (AR) 52025
It is possible to contact the data processor through the internal Security Manager, by sending your request to: firstname.lastname@example.org
The role of Data Processors is covered by internal personnel and external collaborators, with whom a contractual agreement has been established. To fulfil these agreements, it is necessary to share personal data.
Personal data collected
T&T sistemi uses your personal data to carry out its activities in the best manner. It is possible to request, even in part, the following data:
- personal details, tax identification number, VAT number, name, registered office, residence and domicile and contact date;
- data relating to the contractual relationship, which describes the contract type and information about its execution and what is necessary to fulfil said contract;
- accounting data regarding the financial relationship, the amounts owed and the payments, their performance for the period and a summary of the financial standing of the relationship;
- data that further defines the relationship with our established and makes our collaboration and operational efficiency more effective;
- data relating to your employees and/or collaborators, information about the job carried out or your company.
Purpose of the processing of personal data
Your personal data shall be processed for the following purposes:
- the management of pre-contractual and contractual relationships and activities, which pertain to the fulfilment of the obligations contained in the contract for the supply of goods or services;
- the management of any disputes (contractual breaches, warnings, transactions, debt collection, arbitration, legal disputes);
- communications between the parties while providing the service/product;
- fulfilment of accounting and tax obligations;
- fulfilment of legal obligations (e.g. anti-money-laundering checks);
- tax and accounting checks.
- Management of clients (client administration, administration of contracts, orders, shipments and invoices, checks on reliability and solvency and checks on the supply of services/products);
- Internal control services (regarding security, productivity, service quality and the integrity of assets);
- Management of Commercial Marketing activities (analyses and market research);
- Promotional activities;
- Surveys about client satisfaction.
In all cases, the interested party may freely choose not to consent to these purposes and provide the methods through which they can be contacted or receive commercial information.
Period of retention for your data
The data collected shall be retained for the entire duration of your relationship or collaboration with our organisation and in accordance with the tax regulations in effect.
Method and location of the processing
Your personal data shall be processed via manual, paper, IT, telematics and automated tools, which are also suitable for the memorisation, management or transmission of the data. In all cases, these shall be suitable to ensure the security and confidentiality of the data, in accordance with the provisions of Article 32 of (EU) Regulation 2016/679 (“the Regulation”).
The data that is subject to processing is retained in the Company’s office.
Personal data shall be processed by us only where it is necessary to achieve the goals outlined above. Personal data that is not necessary for achieving these goals shall be immediately eliminated from our records.
Legal basis for the processing and provision of data
Processing connected to the management of the contractual relationship is based on the need to fulfil the contract and legal obligations. The provision of your personal data, for the purposes indicated in this policy, is essential for the fulfilment of the contract and legal obligations.
Failure to provide it, therefore, shall render it impossible for the Company to manage its contractual relationship with you.
Dissemination and communication of data
Your personal data shall not be disseminated, unless this is necessary for the fulfilment of legal obligations, regulations and/or to fulfil obligations stemming from the contractual relationship in place with the Company.
Your data may be processed by employees of T&T Systems, who have been specially appointed to handle the processing in order to fulfil the goals that were outlined above.
In particular, your data may be processed by:
- other offices belonging to the T&T Systems, including subsidiaries and associate companies;
- subjects who are entrusted with maintaining and developing our IT system, for the period of time that is strictly necessary for performing this service;
- Our consultants and/or professionals, to the extent necessary for performing their duties in our organisation or theirs, subject to us being nominated as a manager who regulates confidentiality and security;
- other services that are outsourced;
- Public Bodies or Offices or auditing authorities, in accordance with legal and/or contractual obligations.
In all cases, the data may be processed by those who are nominated to process data, in accordance with Article 28 of the GDPR, in order to fulfil the goals outlined above and shall treat only the data that is necessary for the provision of the service that has been commissioned and exclusively for these purposes. They shall also ensure that their representatives have signed a confidentiality agreement.
For anything not indicated here, the subject must supply a specific policy regarding the processing of personal data that they perform.
Transmission of personal data overseas
The data you provide shall only be processed in Italy. Should your data be processed in a non-EU state, in accordance with the contractual relationship and the purpose of its provision, the rights bestowed to you by EU regulations shall be ensured.
Rights in accordance with Article 15 et seq. of the GDPR
In accordance with Article 15 of the GDPR, you have the right to obtain:
- confirmation that personal data concerning you is being processed and that you can access, among other things, the following information:
- the purpose of the processing;
- the categories of personal data in question;
- the recipients, or categories of recipients, to whom the personal data has been, or shall be, communicated, particularly in cases where the recipients are in third countries or are international organisations;
- the period of retention for the personal data provided or, where this is not possible, the criteria used to determine this period (Article 15 of the Regulation).
- the correction of personal data concerning you, as well as the completion of incomplete personal data
(Article 16 of the Regulation);
- the deletion of your personal data, in cases where this is allowed by the regulations in effect;
- the limitation of your personal data, in hypothetical cases allowed by the regulations in effect
(Article 18 of the Regulation);
- the right to portability, that is, to receive your personal data in a structured format, which is of common use and can be read by automatic devices (Article 20 of the Regulation).
Finally, you shall have the right to make a complaint to the National Control Authority (Guarantor for the protection of personal data, Piazza di Montecitorio no. 121, 00186, Roma (RM)).