CUSTOMER AND SUPPLIER PRIVACY POLICY
pursuant to Article 13 of EU Regulation 2016/679

DATA CONTROLLER AND CONTACT DETAILS
TEKNE S.R.L.  is the Data Controller of the personal data processed.
The registered office is in in Contrada San Matteo 42, 66030 Poggiofiorito (CH). For all privacy matters, please contact the following email address: privacy@tekne.it ovvero il recapito telefonico tel. +390871938820.
The Company Website has the following address: https://www.tekne.it

DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS
TEKNE S.R.L. informs you that the personal data, collected for the purpose of concluding the contract with the customer and / or supplier, will be processed in compliance with the legislation, in order to guarantee the rights, fundamental freedoms, as well as the dignity of natural persons, with particular reference to confidentiality and personal identity.
The management of the contractual relationship with customers/suppliers (mainly legal persons) necessarily involves the processing of personal data (identification, telephone numbers, email) relating to persons with whom you come into contact. This Privacy Policy is therefore made available to natural persons who work with customers/suppliers. Since it is difficult to send it directly to the Data Subjects, the Privacy Policy is made available to them on the Data Controller's website, with a request to notify the Data Subjects.
The persons concerned by the processing activities are the natural persons who, by virtue of their employment or other relationship with the legal persons of the customers/suppliers, are operationally involved in commercial, pre-contractual and contractual communications. Furthermore, they may also be customers/suppliers who are natural persons, consultants, freelancers or private companies.

TYPES OF DATA PROCESSED
In relation to the activity carried out, the information processed in relations with customers and suppliers are mainly related to legal persons, any referents generate processes that may include processing of personal data.
The processing of personal data can be performed for all subject who relate to TEKNE S.R.L. employeers, due to contracts or collaborations stipulated,
Personal Data collected: identification data, telephone numbers, email, profession, bank details, accounting, tax and financial data, address, professional quality certificates, tax code and other personal identification numbers.
These personal data are provided by data subjects in:

• visits or phone calls;
• direct contacts;
• receipt/proposal of offers;
• post-order sercives.

 

PURPOSES OF DATA PROCESSING
The processing of personal data is carried out by TEKNE S.R.L. to conclude the contract with the customer / supplier and in the execution and stipulation of the contract.
The personal data are processed for:

• forward communications with different means of communication (phone, mobile phone, sms, email, fax, ordinary mail);
• make requests or process requests and proposals;
• exchange information for the execution of the contractual relationship, including pre- and post-contractual activities.

Furthermore, it is possible personal data proceesing of third parties when communicated by the customer. In this case, the customer is an data controller and assumes the consequent legal obligations and responsibilities, indemnifying the company for any dispute, claim and / or request for compensation for damage from processing that may reach the Company from interested third parties.
According with GDPR and without specific consent from the interested party, the data will be stored, collected and processed by the Company for the following purposes:
The data are processed for the management of customers and suppliers, more specifically to:

1. conclude contracts for the services/products of the Data Controller or supplier; fulfil pre-contractual, contractual and tax obligations arising from existing relationships;
2. fulfil the obligations provided for by law;
3. planning of activities;
4. internal control services;
5. services to protect consumers and users;
6. customer satisfaction survey; 
7. exercise the rights of the Data Controller, such as the right of defence in court and the management of litigation

to send newsletter, marketing communications by mail, sms, ordinary mail, phone. 

LEGAL BASIS FOR PROCESSING

• For the purposes provided for in points 1, 3, 4: the processing is necessary for the performance of a contract to which the Data Subject is party or the performance of pre-contractual measures taken at the request of the Data Subject (Article 6, paragraph 1, letter b) of the GDPR).
• For the purpose provided for in point 2, 5: the processing is necessary for compliance with a legal obligation to which the Data Controller is subject. (Article 6, paragraph 1, letter c) of the GDPR).
• For the purpose provided for in point 7: processing is necessary for the purposes of pursuing the legitimate interests of the Data Controller or third parties (Article 6, paragraph 1, letter f) of the GDPR).
• For the purpose provided for in point 6, 8: Consent (Article 6, paragraph 1, letter a) of the GDPR).

Finally, please note that for the processing of the purpose of direct sending of advertising material (or direct sale or for carrying out market research or commercial communications) in relation to products or services similar to those used by the customer, the company may use e-mail addresses or personal data pursuant to and within the limits permitted by art. 130, paragraph 4 of the D.Lgs 196/2003 and the provision of the Italian Authority of 19 June 2008, even in the absence of explicit consent. The legal basis for the processing of data for this purpose is art. 6, paragraph 1, letter f) of the GDPR, without prejudice to the possibility of opposing such processing at any time, following the indications in the "Rights of the data subject" section of this Information.
 

RECIPIENTS AND CATEGORIES OF RECIPIENTS
The personal data processed by the Data Controller will not be disclosed.
The data may be communicated to external parties who collaborate with TEKNE S.R.L., as Data Processors (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, website management personnel, accountants), or other parties involved in the organisation of this Website (administrative, sales, marketing, legal and system administrator personnel, auditors).
Finally, the data may be communicated to the subjects entitled to access them under the provisions of the law, regulations, Community regulations. In order to comply with legal obligations or to ascertain responsibility in the event of computer crimes against the Website, the data may be communicated to, or allocated to, third parties.
The updated list of the Data Processors can always be requested from the Data Controller.
This is without prejudice to the obligation of TEKNE S.R.L. to communicate data to Public Authorities on specific request.

TRANSFER ABROAD
The data are processed at the Data Controller's operational headquarters and in any other place where the parties involved in the processing are located, therefore the Data Controller does not transfer this personal data to third countries or international organisations.
However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR 2016/679. The equivalent levels of protection adopted for the processing of the personal data of the Data Controller's employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided will be applied.

DURATION OF PROCESSING
The data will be processed for the entire duration of the contract, and for the fulfillment of all legal obligations, as well as for future commercial purposes.
The Data collected for the purposes indicated will be kept for the entire duration of the contract, not exceeding the necessary time, and, after the termination of the contract (for example for 10 years for tax retention, or for legal disputes, the Data will be kept for the entire duration of the dispute, until the time limit for appeals has expired).
Your data are collected and recorded lawfully and correctly for the purposes indicated above in compliance with the principles and requirements of art. 5 c 1 of the GDPR.

METHODS AND NATURE OF PROVISION
Personal data processing is carried out by means of manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality.
In addition to the Data Controller, in some cases, other subject involved in the organization (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, data processors by the Data Controller, may have access to the data.
In particular, considering the roles and job duties, workers have been entitled to process your personal data, within the limits of their skills and in accordance with the instructions given to them by the Data Controller. They carry out their activities on the basis of the instructions received from TEKNE S.R.L.. Pursuant to art. art. 29 of the GDPR, they are authorized subjects.
The external subjects operating under the authority of the Data Controller have also been appropriately authorized, considering the type of service provided, the processing carried out and the nature of the data processed.
The external subjects who process personal data have been appointed as Data Processors. TEKNE S.R.L. give to them adequate operating instructions, with particular reference to the adoption and compliance with security measures, in order to guarantee the confidentiality and security of the data.
The provision of data for the aforementioned purposes is entirely optional. Any refusal by the Data Subject to provide personal data, the lack of consent or its revocation for one or more purposes, will make it impossible to use the services related to them.
The Data Subject may refuse to provide the Data Controller with his/her navigation data. To do this, he/she must disable the cookies by following the instructions provided by the browser in use. Disabling cookies may worsen or prevent you from navigating and enjoying the functionality of the Website.

RIGHTS OF THE DATA SUBJECTS
In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of Data Subjects (Articles 15 to 22), with regard to the processing operations covered by this Privacy Policy, as Data Subjects, users may exercise certain rights with reference to the data processed by the Data Controller.
In particular, the Data Subject has the right to:

• Revoke consent at any time
• Oppose the processing of their data
• Access to their own Data
• Verification and rectification
• Restriction of processing
• Deletion or removal of their personal data
• Portability

Furthermore, the Data Subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he/she considers that the processing operations concerning him/her are in breach of the GDPR, pursuant to Article 77 of the GDPR.
The data subject may revoke consent at any time.
How to exercise your rights
If you wish to request further information on the processing of your personal data or to exercise your rights, you may do so in writing also to privacy@privacy.it using the "Exercise of Personal Data Protection Rights Form" too. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

AUTOMATED DECISIONS
The Data Controller does not, under any circumstances, carry out processing operations consisting of automated decision-making processes with regard to the processing operations indicated.

CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users by email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.

Last modified: 09/01/2022