GDPR Information for Clients and Suppliers

  • Home
  • GDPR Information for Clients and Suppliers
Update June 2022

Dear Client/Supplier,

pursuant to art. 13 of EU Regulation no. 2016/679 (hereinafter "GDPR"), we inform you that the processing of the data you provided will be carried out with methods and procedures aimed at ensuring that the processing of personal data takes place in compliance with the rights and fundamental freedoms, as well as the dignity of the data subject, with particular reference to confidentiality and security, personal identity and the right to the protection of personal data.

We remind you that processing means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, erasure or destruction (art. 4 GDPR).

  1. Subject of the processing and legal basis

    The data are processed by Base 9 s.r.l. pursuant to art. 6 GDPR for the fulfillment of contractual obligations and/or for the execution of pre-contractual measures and refer to:

    • personal and identification data (such as name, surname, addresses, contacts);
    • data necessary for invoicing (such as tax code).

    The legal bases for such processing are found:

    1. in the execution of obligations arising from a contract (pursuant to art. 6.1, lett. b) of the GDPR);
    2. in the fulfillment of obligations provided for by law (ex art. 6.1, lett. c) of the GDPR).

  2. Origin of the data

    The data are collected from the data subject, through the completion of paper forms or company applications.

  3. Purpose of the processing

    Personal data and any changes that you will communicate in the future to Base 9 s.r.l. are collected and processed for the following and exclusive purposes:

    • fulfillment of pre-contractual, contractual and fiscal obligations, arising from the existing relationship;
    • fulfillment of obligations arising from the Law, Regulations, community regulations or an order of the Authority;
    • management of correspondence and communications;
    • exercise of the rights of the Data Controller.

  4. Processing methods

    The processing is carried out by means of the operations indicated in art. 4 GDPR:

    • collection of data from the data subject, through the completion of paper forms or company applications;
    • registration and processing on computerized and paper support;
    • organization of archives in a predominantly automated form, through company applications and computerized registries.

    The processing of data will be carried out by means of tools suitable to ensure its confidentiality, integrity and availability. The processing is carried out on paper support and by means of IT and/or automated systems and will include all the operations or set of operations provided for in art. 4 of the GDPR and necessary for the processing in question, including communication to those responsible for the processing itself.

  5. Data retention

    The Data Controller will process personal data for the time necessary to fulfill the purposes mentioned above and in any case no longer than 10 years from the termination of the contract.

  6. Access to processing

    The data will be made accessible, for the purposes referred to in point no. 3:

    • to employees/collaborators in their capacity as authorized to process, after appropriate appointment;
    • to third parties who perform specific instrumental and/or support services on behalf of the Data Controller, after authorization to process (ex art. 28 GDPR);
    • subjects to whom the right to access your personal data is recognized by provisions of law or secondary or community regulations.

  7. Communication of data

    In any case, the data will not be communicated to unauthorized third parties or disseminated, for purposes other than those for which you have given your consent. To this end, the processing is carried out using security measures suitable to prevent unauthorized third-party access to the data and to ensure its confidentiality.

    Without the need for express consent, the Data Controller may communicate your data for the purposes referred to in point 3 to the following subjects:

    • Supervisory Bodies, Judicial Authorities, Control Bodies;
    • other subjects to whom the right to access your personal data is recognized by provisions of law or secondary or community regulations.

    These subjects will process the data in their capacity as autonomous Data Controllers.

  8. Data transfer

    The management and storage of personal data will take place within the European Union.

  9. Nature of data provision and consequences of refusal to respond

    The provision of data for the purposes referred to in point 3.1 is mandatory. In their absence, it will not be possible to proceed with the conclusion of the contract and the provision of the related service.

    The provision of data for the purposes referred to in point 3.2 is optional.

  10. Rights of the data subject

    We inform you that as a data subject you can exercise the following rights, provided for by the GDPR, towards the Data Controller:

    • obtain confirmation as to whether or not a processing of personal data concerning them is underway and, if so, to obtain access to the personal data (Right of access art. 15);
    • obtain the rectification of inaccurate personal data concerning them without undue delay (Right of rectification art. 16);
    • obtain the erasure of personal data concerning them without undue delay and the data controller is obliged to erase personal data without undue delay if certain conditions are met (Right to be forgotten art. 17);
    • obtain the restriction of processing in certain cases (Right to restriction of processing art. 18);
    • receive in a structured, commonly used and machine-readable format the personal data concerning them provided and has the right to transmit such data to another Data Controller, without hindrance from the data controller to whom they have provided them, in certain cases (Right to data portability art. 20);
    • object at any time, for reasons related to their particular situation, to the processing of personal data concerning them (Right of opposition art. 21);
    • receive without undue delay communication of the personal data breach suffered by the Data Controller (art. 34);
    • withdraw the consent given at any time (Conditions for consent art. 7).

    Where applicable, in addition to the rights referred to in arts. 16-21 GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right of opposition), the data subject has the right to lodge a complaint with the Supervisory Authority.

    This Information may be subject to changes. It will be our care to inform you about substantial changes by sending you a communication to the e-mail address you provided us or by posting an announcement on our website.

  11. Data Controller

    The Data Controller is base 9 S.r.L., P.I. 04525700276, Sestiere Cannareggio, 2523 – 30121 Venice

  12. How to exercise the right

    The data subject who wishes to exercise his/her rights can contact the data controller at the e-mail address: hello@base9.it