1.  Personal data processed, source of Data, purpose of the processing of Data, legal basis of the processing and storage period

 

By "Data" we mean those relating to natural persons processed by INQUIAROMA SRL for the stipulation and execution of the contractual relationship with its customers/suppliers, such as, for example, those of the legal representative of the customer/supplier who signs the contract in the name and on behalf of the latter, of the employees/consultants of the customer/supplier involved in the activities referred to in the contract, the Data of the companies in the group of the customer/supplier for which the latter signs the contract with the necessary powers of representation, as well as any other information necessary for the performance of the contract and/or the provision of the service(s) (also referred to below).

The source of the Data is the customer/supplier.

In particular, said Data shall be processed for the purposes indicated below.

​

A. Management of the contractual/commercial relationship, such as: fulfilment of specific requests made by the data subject prior to the conclusion of the contract; conclusion, modification, execution of the contract; provision and management of related services; management of complaints.

The legal basis of the processing is the execution of the contract or the fulfilment of specific requests also in the pre-contractual phase.

Data retention period: contractual duration and, after termination, for a further 10 years. In the case of legal disputes, for the entire duration of the same, until the time limits for appeals are exhausted.

​

B. Administrative - accounting, such as: invoicing; management of payments, delays and non-payments; communication of the same Data between group companies, for internal organisational, administrative, financial and accounting purposes functional to the aforementioned activities.

The legal basis for the processing is the need to fulfil a legal obligation to which the data controller is subject.

Period of Data retention: contractual duration and, after termination, for a further 10 years. In the case of legal disputes, for the entire duration of the same, until the exhaustion of the time limits for bringing legal actions. 

​

C. Fulfilment of obligations or exercise of rights provided for by national or European Union law or by collective agreements in accordance with national law, such as: fulfilment of obligations provided for by EU and national law, in particular by laws, regulations, including contingent and urgent measures for the protection of public order, the investigation and prosecution of criminal offences.

The legal basis for the processing is the need to fulfil a legal obligation to which the data controller is subject.

Period of Data Retention: contractual duration and, after termination, for a further 10 years. In the case of legal disputes, for the entire duration of the same, until the time limit for appeals is exhausted.

​

D. Out-of-court debt recovery (in the case of customers), such as: protection and possible recovery of the debt, directly or through third parties (credit recovery agencies/companies) to whom they will be disclosed only for this purpose.

The legal basis of the processing is the legitimate interest of the data controller.

Period of Data retention: contractual duration and, after termination, for a further 10 years. In the event of legal disputes, for the entire duration of the same, until the time limit for appeals is exhausted.

 

E. If necessary, to ascertain, exercise and/or defend rights in court.

The legal basis of the processing is the legitimate interest of the data controller.

Period of Data Retention: contractual duration and, after termination, for a further 10 years. In the case of legal disputes, for the entire duration of the same, until the time limit for appeals is exhausted.

 

H. Safety, pursuant to Legislative Decree 81/2008. With particular reference to the identification data freely provided by the guest/visitor at our premises (name, surname, organisation or company to which he/she belongs), the processing has the sole purpose of ensuring compliance with the company's formally applied security procedures, also in accordance with current legislation (e.g. entry in the visitors' register/database, application of legal obligations regarding safety at work).

Legal basis for processing: the need to fulfil legal obligations to which the Data Controller is subject.

Period of Data Retention: Data will be retained for the period of time required by law.

Once the above-mentioned retention period has expired, the Data will be destroyed or made anonymous, compatibly with the technical procedures of deletion and backup.

​

2.  Scope of communication, subjects authorised to process and transfer of Data to countries outside the European Union

The Data may be communicated to external subjects operating as data controllers, by way of example, authorities and supervisory and control bodies and, in general, public or private subjects entitled to request the Data (e.g. banks and credit institutions; public administrations and other public authorities).

The Data may be processed, on behalf of the data controller, by external subjects designated as data processors, who carry out specific activities on behalf of the data controller, for example, legal, tax and administrative consultants, companies that provide maintenance services for the company's information system.

The Data may be processed by the employees of the corporate functions assigned to the pursuit of the above-mentioned purposes, who have been expressly authorised to process them and have received adequate operating instructions.

The Data may be transferred to countries outside the European Union, only in relation to those where the level of protection is deemed adequate by the European Commission pursuant to art. 45 of the GDPR, in compliance with the guarantees provided.

​

3.  Provision of Data

The conferment of Data by the customer/supplier is optional, however, any refusal to provide such Data may result in the non-execution or partial execution of the contract/service.

​

4.  Data Controller

According to the Applicable Regulations, the data controller is INQUIAROMA S.R.L. with registered office in Via Carlo Porta 3, 21013 - Gallarate (Va) and operating office in Via Libero Temolo 4, Floor 4, 20126 Milan (MI); tel. +39 023 0462590 

Email address: info@inquiaroma.com

​

5.  Rights of the data subject

By contacting the data controller at the email address info@inquiaroma.com, the data subject may request access to the Data concerning him/her, their deletion, the rectification of inaccurate Data, the integration of incomplete Data, the deletion of Data, the limitation of processing in the cases provided for by Art. 18 GDPR, as well as object, for reasons related to his/her particular situation, to processing carried out for legitimate interests of the data controller.

The data subject also has the right, in the event that the processing is based on consent or contract and is carried out by automated means, to receive the Data in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit it to another data controller without hindrance.

The Data Subject has the right to lodge a complaint with the competent supervisory authority in the Member State where he/she normally resides or works or in the State where the alleged infringement took place, or to bring an action before the competent courts.

​

6.  Changes to the privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time, giving appropriate notice to those concerned.

 

Date: May 2024.

​

​

​

​

​

​