Top

Information sheet for customers/suppliers

VIDEE S.p.A. wishes to inform you that EU Regulation 2016/679 (“GDPR”) governs the protection of individuals and other subject with regard to the processing of personal data.
In accordance with the aforementioned legislation, said processing will be based on principles of fairness, lawfulness and transparency, protecting privacy and rights, in accordance with the principles set out in Article 5 of the GDPR. Pursuant to Article 13 of the GDPR, we would therefore like to provide you with the following information:

 

DATA CONTROLLER

The Data Controller is VIDEE S.p.A. with registered office in Via Roggiuzzole 3 – 33170 PORDENONE (PN), which you can contact at the following e-mail address: [email protected].

DATA PROTECTION OFFICER (DPO)

The company’s Data Protection Officer is identified as the company PRATIKA S.R.L. (contact Stellini Alex) located in Via Carnia, no. 1, Rodeano Alto, Rive D'Arcano (UD), whose contact details are as follows: e-mail [email protected]; certified e-mail: [email protected]

PERSONAL DA T A PROCESSED

"Data" means the data of natural persons processed by the Company to enter into and perform contractual relationships with its customers or suppliers, such as the data of the company’s legal representative who signs the agreement in the name of and on behalf of the latter, as well as the data of employees/consultants, involved in the activities referred to in the agreement.

PURPOSE OF THE DATA PROCESSING

  • Purposes related to the establishment and performance of the contractual relationship with the Company, including:

    • management of personal details;

    • management of purchase requests;

    • management of the contractual relationship;

    • management of technical and administrative documentation;

  • Fulfilment of administrative and accounting requirements, such as accounting and invoicing management, in accordance with the requirements of current legislation.

  • Fulfilment of obligations established by law, by a regulation, by community legislation or by an order of the Authorities;

  • Ascertaining, exercising and/or representing the rights of the Company before the courts.

LEGAL BASIS OF PROCESSING

The various data processing activities are necessary for the performance of an agreement, or are necessary to comply with a legal obligation which the data controller is subjected to. The processing may also fall within the legitimate interests of the Data Controller. In any event the Data Controller can be asked to clarify the specific legal basis of each processing and in particular to specify if the processing is based on the law, provided for by an agreement or necessary to conclude an agreement.

PERIOD OF RETENTION OF PERSONAL DATA

For the term of the agreement, and upon termination of the contractual relationship for a period of 10 years or as otherwise established by tax and accounting legislation currently in force, or appropriate to represent the Company before the courts. In the event of contentious proceedings, for the entire duration of the same, until the term for lodging an appeal have expired.

 

SUBJECTS AUTHORISED TO PROCESS DATA

Your data may be processed by the employees of the company departments delegated to pursue the aforementioned purposes, who have been expressly authorised to process data and who have received adequate operating instructions or by external Data Processors appropriately appointed by the Data Controller pursuant to Article 28 of the GDPR

 

DATA RECIPIENTS

Your data may be communicated to external parties acting as Data Controllers, by way of an example, banks and credit institutions, authorities and supervisory and control bodies and in general public or private subjects entitled to request the data.
Your data may be processed, on behalf of the Data Controller, by external parties designated as Data Processors, who perform specific activities on behalf of the Data Controller, by way of an example, accounting, tax and insurance requirements, correspondence delivery, management of receipts and payments, consultants in various capacities, etc.

PROVISION OF DATA

The provision of your data is mandatory to be able to enter into the agreement and/or perform the same. The contractual relationship therefore may not be established and/or the consequent obligations may not be fulfilled upon refusal to provide the data.

 

TRANSFER OF PERSONAL DATA

Pursuant to Articles 44 et seq. of the GDPR 2016/679 some of your personal data may

be communicated to recipients and data processors (the latter appropriately appointed by the Data Controller), based in non-European third countries, invariably in accordance with the principles of fairness, lawfulness, transparency and protection of

your privacy.

RIGHTS OF DATA SUBJECTS AND COMPLAINTS TO SUPERVISORY AUTHORITIES

With regard to your personal data, you may exercise the rights set out in Articles 15 et seq. of the GDPR, and more precisely:

Right of access (Article 15) – Consists in the right to obtain from the Data Controller confirmation as to whether or not personal data concerning the data subject are being processed, and, where that is the case, access to the personal data and to certain information (specified in the aforementioned article) regarding the data in question. Right to rectification (Article 16) - Consists in the right to obtain from the Data Controller the rectification of inaccurate personal data concerning the data subject. Right to erasure (Article 17) - This is the right to obtain from the Data Controller the erasure of personal data concerning the data subject when, for example, the data subject withdraws consent on which the processing is based or the purpose pursued has been achieved or when it is unlawful. Obviously, it may not always be possible to fulfil requests to have data erased. Erasure will not be possible, for example, when the data serves to fulfil a legal obligation or is necessary to defend a right before the courts. Right to object (Article 21) - The right to object to the processing of personal data must be guaranteed when the legal basis is the legitimate interest or the performance of a task carried out for reasons of public interest. This right also has its limits as there may be cases in which, further to the appropriate balancing, the legitimate interest of the Data Controller prevails over that of the data subject, or in which processing is necessary for a task carried out for reasons of public interest or the ascertainment, representation or exercise of a right before the courts. Right to data portability (Article 20) – provides that, if processing is based on an agreement or on consent, upon request, the data subject will be provided with his or her data in a structured, commonly used and machine-readable format (json, xml, csv). This right is only applicable to data provided spontaneously and not to any inferred or derived data. Right of withdrawal (Article 7) - If a data subject signs any form of consent to the processing of his or her personal data requested by the Data Controller, it should be noted that the data subject may at any time withdraw his or her consent, without prejudice to the mandatory obligations established by legislation in force at the time of the withdrawal, by contacting the Data Controller at the address indicated above, or by email, specifying the subject of his or her request, the right he or she intends to exercise and attaching a photocopy of an identity document certifying the legitimacy of the request.
The data subject also has the right to lodge a complaint with a supervisory authority (personal data protection authority).

All of the aforementioned rights may be exercised by sending a request to the Data Controller using the contact channels indicated in this information notice.