INFORMATION ON THE PROCESSING OF PERSONAL DATA
Information pursuant to Art. 13 and Art. 14 of Reg. (EU) 679/2016, so-called GDPR)
Dear Interested,
Below we provide you with some information that you need to be aware of, not only to comply with legal obligations, but also because transparency and fairness towards stakeholders is a fundamental part of our activity.
Data controller
The Data Controller of your personal data is Krupps S.r.l., which is responsible to you for the lawful and correct use of your personal data and which you may contact for any information or request at the following addresses:
VAT NO. | IT04251180289 |
Headquarter | Via Austria 19 – 35127, Padova (PD) – Italia |
Contact information | 049 7625156, info@krupps.it, krupps@pec.it |
Data Protection Officer
The Data Protection Officer (DPO) can be contacted at the following addresses:
Contact information | dpo@krupps.com – Xifram S.r.l. |
Data source
Data are disclosed by the user and/or third parties, such as other vendors, and/or collected from publicly accessible sources. Some of these sources are publicly accessible: Yes.
Treatments
Your personal data are collected and processed by automated, semi-automated and non-automated methods, as specified below:
Planning and control activities
Purpose and legal basis | – Scheduling of activities, based on: Legitimate interest, of the Holder in the exercise of the business activity |
Data Categories | Anagraphical data, Contact data, Activity data |
Storage Time* | Common Data: 10 years from the year of competence |
Data recipients | Data processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the owner |
Management Control
Purpose and legal basis | – Internal control of business management, based on: Legitimate interest, Exercise of business activity |
Data Categories | Anagraphical data, Contact data, Activity data |
Storage Time* | Common Data: 10 years from the year of accrual |
Data recipients | Data processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the owner |
Supplier Management
Purpose and legal basis | – Establishment and management of the contractual relationship, based on: Execution of a contract and/or pre-contractual measures, Legal obligation, To be specified |
Data categories | Anagraphical Data, Contact Data, Address Data, Payment Data |
Storage Time* | Common Data: 10 years from the year of termination of the last contract |
Data recipients | Authorities and public administrations with respect to which there is a legal obligation to communication, Banks, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the data controller |
Planning and quality control
Purpose and legal basis | – Scheduling of activities, based on: Legitimate interest, Exercise of business activity |
Data Categories | Anagraphical data, Contact data, Activity data |
Storage time* | Common Data: 10 years from the year of termination of the last contract |
Data recipients | Data processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the owner |
Accounting
Purpose and legal basis | – Keeping of accounting records, based on: Mandatory by law, To be specified – Tax compliance, on the basis of: Mandatory by law, To be specified |
Data Categories | Biographical data, Contact data, Address data,Payment data, Employment data, Data related to purchases or use of services |
Storage Time* | Common Data: 10 years from the year of termination of the last contract |
Data recipients | Authorities and public administrations with respect to which there is a legal obligation to communication, Banks, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the data controller |
Receipt and acceptance of goods
Purpose and legal basis | – Acceptance of goods, on the basis of: Execution of a contract and/or pre-contractual measures, To be specified |
Data Categories | Anagraphical Data, Contact Data, Address Data, Payment Data |
Storage Time* | Common Data: 10 years from the year of accrual |
Data recipients | Data processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the owner |
Purchase Management
Purpose and legal basis | – Activity of purchasing goods or services, based on: Execution of a contract and/or pre-contractual measures, To be specified |
Data Categories | Anagraphical Data, Contact Data, Address Data, Payment Data |
Storage Time* | Common Data: 10 years from the year of accrual |
Data recipients | Data processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the owner |
Marketing and communication activities
Purpose and legal basis | – Marketing (market analysis and surveys), Sending information and/or advertising material, based on the consent of the Data Subject** |
Data categories | Anagraphical data, Contact data, Address data, Data related to purchases or use of services, Profiling data |
Storage Time* | Common data: Until consent is revoked. Then processing will be limited to mere storage for 10 years from the year consent was revoked |
Data recipients | Data processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the owner |
**Providing consent is always optional and the same can be revoked at any time, You may contact the Holder via the contact information above.
Reception
Purpose and legal basis | – Monitoring of people entering the company, based on: Legitimate interest, Protection of company assets, Safety of workers, Organizational and production needs – Filtering of phone calls, based on: Legitimate interest, Organizational and productive needs |
Data categories | Anagraphical Data, Contact Data, Address Data, Data on identification/recognition documents |
Storage time* | Common Data: 1 year from the year of Data acquisition |
Data recipients | Authorities and public administrations with respect to which there is a legal obligation to communicate, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see Register of Data Processors), other entities for which the communication of the data is necessary in order to carry out the declared purposes of the controller |
Management and maintenance of IT systems
Purpose and legal basis | – Management and maintenance of the network and information systems, based on: Legitimate interest, Legal obligation, Legitimate interest in the protection of the network and computer systems; legal obligation limited to the provisions of the regulations on system administrators |
Data categories | Access and Identification Data |
Storage Time* | Common data: 2 years from the year of termination of the contractual relationship for accounts, passwords, and user names; 18 months for system administrator compliances |
Data recipients | Data processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purpose of carrying out the stated purposes of the owner |
Defence of interests and rights of the owner
Purpose and legal basis | – Prevent and/or detect possible abuses and defend the rights and interests of the owner , based on: Legitimate interest, Protect its rights and interests in court or in the stages preparatory to its possible establishment |
Data categories | Data useful for the defence of the holder’s interests and rights |
Storage Time* | Data useful for the defense of the Holder’s interests and rights: Data will be retained for as long as the Data Controller has an interest in exercising its right or interest |
Data recipients | Authorities and public administrations with respect to which there is a legal obligation to communicate, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see Register of Data Processors), other entities for which the communication of the data is necessary in order to carry out the declared purposes of the controller |
Data protection compliance management
Purpose and legal basis | – Personal data protection obligations, based on: Legal obligation, To be specified |
Data categories | Anagraphical data, Contact data, Address data |
Storage Time* | Common data: For as long as strictly necessary to fulfil the purposes |
Data recipients | Authorities and public administrations with respect to which there is a legal obligation to communicate, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see Register of Data Processors), other entities for which the communication of the data is necessary in order to carry out the declared purposes of the controller |
Accomodation Management
Purpose and legal basis | – Accommodation organisation, on the basis of: Execution of a contract and/or pre-contractual measures, To be specified |
Data Categories | Anagraphical data, Contact data, Employment data, Identification/recognition document data |
Storage time* | Common data: 10 years from the year of organisation |
Data recipients | Data processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Transfer services, Accommodation facilities, other entities for which the communication of the data is necessary for the fulfilment of the declared purposes of the data controller |
* In addition to the time required for the accrual of prescriptive periods in relation to reciprocal rights and the retention time of backups.
Automated process
The processing is not based on automated decision-making.
Provision of data
Failure to provide compulsory data may entail legal and contractual consequences, while failure to provide optional data may result in the impossibility of performing the processing or in its partial performance. Therefore, in the event of failure to provide data, the data subject may not obtain the expected result or may only obtain it partially.
Extra-EU data transfer
The processing of personal data (e.g. storage, archiving and preservation of data on its own servers or in the cloud) will be circumscribed within the areas of circulation and processing of personal data of the countries that are part of the European Union, with an express prohibition to transfer them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of the protection tools provided by the EU Regulation 2016/679 (third country judged adequate by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).
Rights of the data subject
- You have the right, in accordance with Articles 15 et seq. of EU Reg. 2016/679, to request from the Data Controller access to your personal data, as well as its rectification and deletion or oblivion;
- You also have the right to request data portability or restriction of processing;
- You have the right, on grounds relating to your particular situation, to object to processing based on legitimate interests of personal data concerning you;
- You are entitled to see the essential contents of any signed co-ownership agreements;
- For processing based on consent, you have the right at any time to withdraw your consent, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
- You may also lodge a complaint with the Italian Data Protection Authority, based in Piazza Venezia 11, 00187 – Rome – protocollo@pec.gdpd.it.
To exercise your rights or to request additional information, you may contact the Controller using the contact information above.
Amendments to this notice
We reserve the right to update our Privacy Policy. We will notify you of changes as we deem appropriate and update the date in this Privacy Policy. We therefore recommend that you consult our Privacy Policy periodically, including by requesting a copy from the Data Controller.