Download Information on the processing of personal data
Download Information on the processing of personal data suppliers of goods and services
Information on the processing of personal data 

On the basis of the provisions of the European Regulation 2016/679, hereinafter referred to synthetically as the Regulation, and of Legislative Decree no. 196/2003 (integrated with the amendments introduced by Legislative Decree of 10 August 2018, no. 101, containing the “Provisions for the adaptation of national legislation to the provisions of Regulation (EU) 2016/679”), hereinafter briefly referred to as the Code, the processing of personal data concerning you will be based on the principles of lawfulness, correctness and transparency and carried out through the adoption of technical and organizational measures appropriately identified in order to guarantee to your data confidentiality, correctness and integrity and to you the full exercise of your rights.

The company VARISCO SRL provides you with the following information on the processing of your data.

 

1.                            Data of the owner of the treatment

The holder of the treatment, hereafter synthetically indicated as Holder, is the company:

Varisco & c SRL

with registered office in Piazza di Mauro 6 A, 96010 Priolo Gargallo

P.IVA 01262650896 Cod. Fisc. 01262650896.

2.                            Object, purpose and legal basis of the processing

The owner, for the purpose of providing the services you requested, processes your data

personal identification (such as name and surname, address, company name, telephone, email).

Explicit consent is not required for the processing of data necessary for the performance of a contract (the request for the provision of Services) to which the data subject is a party, including the fulfilment of any related obligation under applicable regulations (e.g. the issuance of invoices) and, where necessary, the defence of a right in the appropriate courts. The regulatory obligations of the Owner in the execution of these tasks constitute the legal basis for the lawfulness of these treatments. The same are therefore mandatory for the purposes indicated above.

On the other hand, the Owner acts with your explicit consent for promotional activities related to the provision of services.

The treatment takes place in accordance with the principles of the Regulation: correctness and transparency, data minimization, accuracy, limitation of storage, integrity and confidentiality.

3.                            Origin, processing methods and data access

The processing of your personal and sensitive data is carried out by means of the following operations:“the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction.

  1. Data source

Your personal data are communicated by you in connection with the procedures by which you request

the provision of our Services.

  1. Tools for storage, compilation and updating

The processing is carried out using both paper and electronic instruments, in compliance with the security measures indicated by the Code and the others indicated by the Regulations.

  1. Subjects entitled to the treatment on behalf of the Owner

The processing of data on behalf of the Owner is carried out both by employees and collaborators of the Owner, in their capacity as appointees, and by the staff of external parties, in their capacity as data processors. In all cases the principles underlying the proper processing of your data are and will be respected: the persons in charge will be appointed and trained and the data processors appointed and sensitized to comply with the dictates of the Regulation, in accordance with the principle of strict necessity of the treatments.

  1. Storage times

The Owner will process personal data for the time necessary to fulfil the above purposes and in any case for no longer than 24 months from the termination of the relationship, i.e. from the date of the last Service used.

  1. Procedures for providing information and, where necessary, acquiring consent

The information is published in the “Privacy and Data Protection” section of the website www.variscosrl.com.

4.                            Communication and dissemination of data and categories of recipients

The Owner will not be able to communicate your data without the need for your explicit and distinct consent.

In all cases where the Owner requires his specific and separate consent, the communication will take place unless the withdrawal of such consent.

Finally, we would like to stress that – in any case – the above-mentioned communications will be made for specific, explicit and legitimate purposes, in compliance with the principles of lawfulness, correctness, confidentiality and integrity, following the procedures indicated in section 3 of this document.

5.                            Data transfer to non-European servers

Personal data are stored on servers located within the European Union. The Owner excludes the transfer of data to servers located in non-EU areas.

6.                            Rights of the interested party and how to exercise them

In your capacity as data subject, you have the rights as per art. 15 of the Regulation, namely

rights of:

  1. obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form;
  2. get the indication:
    1. the origin of the personal data;
    2. the purposes and methods of processing;
    3. the logic applied in case of treatment with the aid of electronic instruments;
    4. the identification details of the owner and the persons responsible;
    5. the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents;
  3. get:
    1. updating, rectification or, when interested, integration of data;
    2. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the obligations of the Owner;
    3. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  1. oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection;
  2. withdrawing a consent previously granted for the processing of a specific purpose.

In order to assert your rights, you may contact the Data Controller without any particular formalities at the references indicated in section 1.

It also has the right to complain to the Guarantor Authority.

Cookie Policy

This website uses cookies to improve your experience while browsing the site. Of these, cookies classified as necessary are stored on your browser as they are essential for the basic functionality of the website to work. We also use third-party cookies that help us analyze and understand how you use this website. These cookies are only stored on your browser with your consent. You also have the option to opt out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Cookie Durata Descrizione
cookielawinfo-checkbox-analytics 11 months This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Analytics”.
cookielawinfo-checkbox-functional 11 months The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Functional”.
cookielawinfo-checkbox-necessary 11 months This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”.
cookielawinfo-checkbox-others 11 months This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Other.
cookielawinfo-checkbox-performance 11 months This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Performance”.
viewed_cookie_policy 11 months The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

 

Information on the processing of personal data suppliers of goods and services

ex art. 13 D.Lgs. 196/2003 (“Codice Privacy”) e ex art. 13 Regolamento UE 2016/679 (“RGPD”)

Dear Sir,,

In accordance with the provisions of European Regulation 2016/679 (RefLeg. 1), hereinafter referred to synthetically as Regulation, and Legislative Decree No. 196/2003 (RefLeg2), hereinafter referred to synthetically as Code, the processing of personal data concerning you will be based on the principles of lawfulness, correctness and transparency and carried out through the adoption of technical and organizational measures appropriate entity identified in order to ensure its confidentiality, correctness and integrity and you the full exercise of your rights.

This Company provides you with the following information on the processing of your data.

 

1               Data Controller and Data Protection Officer (DPO) details

The holder of the treatment, hereafter synthetically indicated as Holder, is:

Varisco & c SRL

with registered office in Piazza di Mauro 6 A, 96010 Priolo Gargallo

P.IVA 01262650896 Cod. Fisc. 01262650896.

The Data Protection Officer, hereinafter referred to briefly as DPO, is:

S.G. TECHNOLOGY SRL

Via Salvatore Riscica 17

96100 SIRACUSA

P.IVA 01822060891

2               Object, purpose and legal basis of the processing

For the purpose of the conclusion of relations based on the provision of goods and services as well as professional services, the Data Controller processes your personal and judicial data (relating to criminal convictions and offences). Other data belonging to special categories (health data, data revealing racial or ethnic origin and religious beliefs) are not systematically processed.

The data processed to allow the verification of the legal, fiscal and conduct positions of suppliers and economic operators who are in relationship with the company in order to: carry out the preliminary activities related to the procedures for the acquisition of goods and services; coordinate and analyze the preparation of technical, administrative and contractual documentation; manage the procedure and related activities (signing of the contract, monitoring the timing of the procedure in entrusting, etc.) as well as tax treatment, social security, welfare, in accordance with the obligations of laws and regulations.

Depending on the processing activities, the Owner acts with or without your explicit consent as described below.

  1. Explicit consent is not required for the processing of data necessary for the performance of a contract of which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject. The following is an illustrative and non-exhaustive list.
  • Management of the company’s economic operators list.
  • The fulfilment of pre-contractual, contractual and fiscal obligations arising from existing relationships with you.
  • The fulfilment of the obligations provided for by law, by a regulation, by the joint regulations or by an order of the Authority (such as, for example, anti-money laundering).
  • Insertion in ministerial databases (SIDI, GPU, etc.).
  • The conclusion of contracts for the services of the Owner and archiving of the economic operator’s file.
  • The exercise of the rights of the Owner, for example the right of defence in court.
  • The evaluation of quality by the company’s stakeholders (internal staff, families, quality system, etc.).

 

The regulatory obligations of the Owner in the execution of these tasks constitute the legal basis for the lawfulness of these treatments. The same are therefore mandatory for the purposes indicated above. See section 6 of this document for the consequences of your refusal to respond.

  1. Instead, the Owner will require your specific and distinct consent to:
  • Any consultations by other companies of the economic data released by the company.
  • Participation in data collections for statistical purposes outside the company.

See section 6 of this document for the consequences of refusing to grant consent.

In all the above cases, the processing is carried out in compliance with the principles of the Regulation: correctness and transparency, limitation to institutional purposes, data minimization, accuracy, limitation of storage, integrity and confidentiality.

3               Origin, processing methods and data access

The processing of your personal and sensitive data carried out by means of the following operations: “the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

  1. Data source

Your personal data are those communicated by you on the occasion of the conclusion of relations for the supply of goods and services to other State Administrations and bodies responsible for compliance with the rules on transparency, anti-corruption (courts, ANAC, etc.) and anti-mafia (Prefecture / Police Headquarters), as well as to bodies responsible for verifying its fiscal regularity (Revenue Agency, Equitalia, etc.).

  1. Tools for storage, compilation and updating

The processing is carried out using both paper and electronic instruments, in compliance with the security measures indicated by the Code and the others indicated by the Regulations; the data will be stored according to the indications of the Technical Rules on digital storage of documents defined by AGID.

The electronic systems owned by the Owner with which the data are manipulated by its employees are in line with the requirements of the minimum ICT security measures dictated by AGID, with a view to protecting the confidentiality and integrity of the data not only during storage but also during the processing phases.

  1. Subjects entitled to the treatment on behalf of the Owner

Data processing on behalf of the Data Controller is carried out both by the employees and collaborators of the Data Controller, in their capacity as appointees and/or system administrators, and by the personnel of external parties, in their capacity as data processors. In all cases are and will be respected the principles underlying the proper processing of your data: the persons in charge will be

Appointed and trained data processors and data controllers appointed and made aware of the requirements of the Regulation, in accordance with the principle of strict indispensability of processing.

  1. Storage times

The Owner will process personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship for service purposes.

  1. Procedures for providing information and, where necessary, acquiring consent

The information notice is published in the “Privacy and Data Protection” section of the company’s website and will be made available upon publication of the tender for the supply of goods or services. At the time of the stipulation of supply contracts, an additional more specific informative note may be delivered according to the service rendered or the good acquired.

4               Communication and dissemination of data and categories of recipients

The Data Controller may disclose your data without the need for your explicit consent for all the purposes indicated in section 2, letter A) of this document. It will instead use your consent for all the purposes indicated in section 2, letter B). Below we inform you about these communications.

  1. Communications without the need for your explicit consent

Personal and judicial data may be communicated to public subjects, to State Administrations and bodies in charge of respecting the rules on transparency, anti-corruption and anti-mafia (Prefecture, Police Headquarters, courts, ANAC, etc.), as well as to bodies in charge of verifying its fiscal regularity (Inland Revenue, Equitalia, etc.), always within the limits of what is provided for by the laws and regulations in force and the consequent obligations.

Personal and judicial data may be published on the WEB site, in the various public sections dedicated to transparency (online notice board, transparent administration) or in other service sections.

Communications will take place through paper or electronic transmission by means and computer platforms that protect the confidentiality and integrity of the data. In the event that these computer platforms are set up by the recipient, the same will ensure compliance with the principles dictated by current legislation. These subjects will treat the data in their capacity as autonomous data controllers.

As a general rule, for all the services requested by the interested party and not included in the specific obligations, the communication will always be for specific, explicit and legitimate purposes unless the relative request/offer is withdrawn, after which the relationship of supply of goods and services will be immediately interrupted.

  1. Communications that take place with your explicit consent

The communications that this company will make under your explicit consent will be made at the request of subjects that carry out data collection.

In none of these cases does the communication take place in such a structural manner as to justify the appointment of such persons as Data Processors.

In all cases in which the Controller requires your specific and separate consent, the communication will take place unless you withdraw that consent, after which the limitations on the Controller’s service as set out in section 6 of this document will still apply.

Finally, we would like to stress that – in any case – the above-mentioned communications will be made for specific, explicit and legitimate purposes, in compliance with the principles of lawfulness, correctness, confidentiality and integrity, following the procedures indicated in section 3 of this document.

5               Data transfer to non-European servers

Personal data are stored on servers located within the European Union. The Owner excludes the transfer of data to servers located in non-EU areas.

6               Nature of the conferment and consequences of refusal to answer

The provision of data for the purposes referred to in section 2 lettera A of this document is mandatory. Any refusal to provide such data will result in the failure to complete and immediate termination of the supply of goods and services in existence with the Owner.

The provision of data for the purposes referred to in section 2 letter B letter B instead optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided. In this case, the services referred to in section 2 etter B cannot be provided.

7               Rights of the interested party and how to exercise them

In your capacity as data subject, you have the rights as per art. 7 of the Code and art. 15 of the Regulations and precisely the rights to:

  1. obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form;
  2. get the indication:
  3. the origin of the personal data;
  4. the purposes and methods of processing;
  5. the logic applied in case of treatment with the aid of electronic instruments;
  6. the identity of the owner, manager and the representative appointed under Article. 5, paragraph 2 of the Code and Article 3, paragraph 1 of the Regulation;
  7. the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents;
  8. get:
  9. updating, rectification or, when interested, integration of data;
  10. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law and, with those that do not need to be kept in relation to the obligations of the Owner;
  11. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  12. oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection, with the consequences described in section 6 of this document;
  13. withdrawing a consent previously granted for the processing of a specific purpose.

In order to assert your rights, you may contact, without any particular formalities, both the Data Controller and the Data Protection Manager, at the references indicated in section 1.

It also has the right to complain to the Guarantor Authority.

8              Normative references

RefLeg. 1: EU Regulation 2016/679 “General Data Protection Regulation” RefLeg. 2: D.L s. 196/2003 “Personal Data Protection Code”.

Ref. 3: Presidential Decree 445/2000 “Legislative provisions on administrative documentation”.