Skip links
Arredamenti Ivan Tuani

GDPR Privacy Notice for Suppliers

EU REGULATION 2016/679 (GDPR), Legislative Decree 101/2018, amended Legislative Decree 196/2003 SUPPLIER PRIVACY NOTICE 

Please note:

  • The Data Controller determines the purposes and means of personal data processing; 
  • The Data Controller uses suppliers for the purchase of goods and services;
  • In the context of these purchases, the Data Controller processes the supplier’s personal data.

The following information is provided:

  1. DATA CONTROLLER – The Data Controller (hereinafter “Controller”) is ARREDAMENTI IVAN TUANI S.R.L., VAT No. 10103000963, with registered office at Via Maestri del Lavoro 8/10 – 20813 BOVISIO MASCIAGO (MB), Italy.
    Phone: +39 0362 594497 – Email: info@ivantuani.it – Certified Email (PEC): ivantuanisrl@pec-certif.it
  2. PURPOSES OF PROCESSING – All personal data processing activities are carried out for the following purposes:
  • To fulfill pre-contractual needs (e.g., processing offers, orders, solvency checks);
  • To comply with pre-contractual obligations (e.g., supplying goods/services, delivery management, logistics and related transport);
  • To fulfill legal obligations (e.g., accounting, tax formalities, administrative management);
  • To manage disputes and credit assignments;
  • For statistical analysis.
  1. LEGAL BASIS FOR PROCESSING – The legal basis for processing personal data includes:
  • Processing is necessary for the performance of a contract to which the Supplier is party, or to take steps at the request of the Supplier prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which the Controller is subject;
  • Processing is necessary for the Controller’s legitimate interests in fulfilling the pre-contractual and contractual obligations agreed between the parties.
  1. PROCESSED PERSONAL DATA – The personal data processed includes:
  • Identity data;
  • Contact details;
  • Tax data;
  • Bank details.
  1. PROVISION OF PERSONAL DATA – Providing personal data is necessary for the purposes listed in Section 2. Refusal to provide such data may prevent the Controller from initiating or executing the business relationship.
  2. METHODS AND PROCESSING ACTIVITIES – Data processing is carried out both by automated means (digital and computer-based) and non-automated means (paper documents), in compliance with legal requirements and confidentiality and security standards set by the Controller. Processing activities include: collection, recording, access, consultation, storage, and communication. No automated decision-making, including profiling, will be carried out.
  3. DATA PROCESSING LOCATION – Personal data is processed at the offices of ARREDAMENTI IVAN TUANI S.R.L., Via Maestri del Lavoro 8/10 – 20813 BOVISIO MASCIAGO (MB), Italy, and may also be processed on behalf of the Controller by external companies and/or professionals within the scope of assigned services.
  1. DISCLOSURE OF PERSONAL DATA – Personal data may be disclosed to internal staff authorized by the Controller and to external parties, only as necessary for providing contracted services, in compliance with the confidentiality and security policies defined by the Controller and current regulations. External recipients may include:
  • Tax, labor, and workplace safety consultants/companies;
  • Credit institutions and credit insurance companies;
  • Public and private authorities, including Tax Police and Judicial Authorities, as part of inspections or audits.
  • Consultants or firms supporting management systems (e.g., Quality, Energy and Environment, Information Security).
  1. TRANSFER OF PERSONAL DATA ABROAD – Personal data is not currently transferred outside of Italy. Should such a need arise, the Controller will request specific consent, specifying the destination country and safeguards adopted to ensure the transfer is safe and compliant with applicable laws.
  2. DATA RETENTION PERIOD – Personal data will be stored only for as long as necessary for the purposes for which it was collected, in accordance with the principles of data minimization and storage limitation. Data will be retained to comply with legal obligations, respecting the principles of necessity, relevance, and proportionality. The Controller may retain data after the end of the contractual relationship to fulfill legal obligations (up to 10 years). Once the purposes of processing have ceased, data will be deleted, destroyed, or anonymized.  
  3. DATA SUBJECT RIGHTS – The Supplier (data subject) has the right to access their personal data and obtain data portability; to request updates, corrections, or additions; and, where applicable under current law, to request deletion, restriction, or to object to processing. If data is processed unlawfully, the data subject has the right to lodge a complaint with a supervisory authority. Consent can be withdrawn at any time, without prejudice to legal obligations in effect at the time of withdrawal, by contacting the Controller.

Data Controller

Explore
Explore