Privacy information
pursuant to art. 13 of the EU Regulation no. 2016/679
NAX B – Nordic Alliance X Business with registered office in Rome, Salita San Nicola da Tolentino, 1/B, as personal data controller (hereinafter “Data Controller” or “NAX B”) and as per article 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”), informs you that your personal data will be processed according to the following purposes.
In this regard, the Data Controller invites you to read carefully this notice (hereinafter, “Information”), as it contains important information on the protection of personal data and the security measures taken to ensure confidentiality in full compliance with the GDPR.
This Information is for:
- supplier that provides services to the Data Controller (hereinafter also the “Supplier” or “Suppliers”)
1. DATA CONTROLLER
The Data Controller is NAX B – Nordic Alliance X Business with registered office in Rome, Salita San Nicola da Tolentino, 1/B.
2. PERSONAL DATA OBJECT OF PROCESSING
The execution of contractual relationships requires the processing of personal data of the Supplier. Personal data can refers to the Supplier as natural person and, in case of entity or company, to a “contact point” acting on behalf of the Supplier, as well as any Supplier’s employee duly hired for the contractual relationship between the Data Controller and the Supplier. In this respect, we ask you to submit this information to persons who, within your company organization, are responsible for the execution of the contractual relationship with the Data Controller.
Due to the execution of the agreement in force, the Data Controller collects and processes the following personal data:
- a) name, surname, place and date of birth, fiscal code, address of residence, e-mail address, telephone and mobile phone, income data, financial data and bank details of the Supplier and / or contact point, as well as of employees duly hired to perform the services provided by the contract signed between the Data Controller and the Supplier.
3. PURPOSES OF THE PROCESSING
The personal data being processed are used to fulfill instrumental and functional purposes for the performance of the pre-contractual and / or contractual relationship, which takes place in the management of orders / supply of goods or provision of services, including professional and qualified ones and also related to said activities, such as archiving, billing, processing and registration. In such cases, it remains the responsibility of the Supplier to make this information accessible to interested parties, identified in their collaborators, employees, contact persons, etc. The provision of personal data is mandatory for the purposes described and, therefore, any refusal to provide them inwhole or in part may result in the impossibility of establishing and managing the existing contractual relationship.
4. LEGAL BASIS OF THE PROCESSING
The legal basis for the processing of personal data for the purposes referred to in the paragraph above (Purpose of processing) is the execution of obligations deriving from the existing contract or those c.d. pre-contractual and / or the fulfillment of legal obligations (Article 6 paragraph 1 letter b) and c) of the European Regulation).
5. METHODS OF PERSONAL DATA PROCESSING
The personal data collected for the aforementioned purposes can be processed using both automated methods, on electronic or magnetic support, and non-automated methods by internal or external subjects, specifically appointed and authorized to do so and committed to confidentiality. The data is processed and stored with suitable tools to ensure its security, integrity and confidentiality through the adoption of adequate security measures as required by law.
6. SCOPE OF COMMUNICATION AND TRANSFER OF PERSONAL DATA
For the aforementioned purposes, personal data may be communicated and /or transferred to the following categories of recipients, located within the European Union or outside the EU (this last transfer will in any case take place in compliance with the appropriate guarantees provided by applicable legislation):
- duly authorized collaborators and employees of NAX B;
- third parties, such as legal and sector consultants, credit institutions, insurance companies, credit recovery companies and contractual consultancy, freight forwarders, third-party supply companies and technical and IT assistance, engaged in the correct and regular pursuit of the purposes described, appropriately appointed Data processors, who will process personal data to comply with the law as well as, where necessary for the pursuit of the purposes indicated in paragraph 2 and in any case within the limits of the same.
A complete list of data processors appointed by NAX B is available, upon request, through the e-mail address: info@naxb.it.
7. RIGHTS OF THE DATA SUBJECT
In accordance with the provisions of the GDPR, you have the right to ask the Data Controller, at any time, for access to your personal data, for a rectification or erasure of your personal data, or to object to the processing; additionally you have the right to request the restriction of processing provided for by art. 18 of the GDPR and to obtain your data in a structured commonly used and machine-readable format, in the cases provided for by art. 20 of the GDPR.
Any request can be addressed to registered office of NAX B – Nordic Alliance X Business, Rome, Salita San Nicola da Tolentino, 1/B, or via e-mail address to info@naxb.it.
In any case, you are always entitled to lodge a complaint with the competent supervisory authority (Italian Personal Data Protection Authority) pursuant to art. 77 of the GDPR, if you consider that the processing of personal data infringes the existing legislation.
8. RETENTION OF PERSONAL DATA
Personal data will be retained for the period of time necessary for the fulfillment of the administrative, accounting and tax purposes relating to the contractual relationship existing between the Data Controller and the supplier and for the fulfillment of the related obligations established by law, and in any case for a time not exceeding 10 years, unless otherwise required by law or the need to exercise rights, even in court by the Data Controller. When it is no longer necessary to keep personal data, these will be deleted or destroyed. When it is no longer necessary to keep personal data, they will be deleted or destroyed or made anonymous.
Personal data in accordance with business needs are stored on NAX B internal servers, electronic devices as well as a paper archive.
9. CHANGES AND UPDATES
NAX B may make changes and / or additions to this Information, also as a consequence of any subsequent amendments and / or regulatory additions. Any changes or updates to this Notice will be made available from time to time.
