INFORMATION NOTICE ISSUED TO THE COMPANY’S SUPPLIERS

REGARDING THE PROCESSING OF PERSONAL DATA

In compliance with the rights recognised by European Regulation no. 679/2016 (also known as the “GDPR”), we provide you with the following information on the processing carried out with your personal data

1) Data Controller

The Data Controller is FaultBuster srl, with registered office in Trento (postcode 38123), Strada delle Novaline 11, VAT no. 02712330220 – certified email: faultbuster@pec.it Email: info@faultbuster.it Website: www.faultbuster.it

2) Legal Basis and Purpose of Processing

The processing of personal data carried out by the Controller within the scope of commercial relationships already in place or in the process of being finalised has the following purposes: a) prior to the establishment of the commercial relationship, the processing is aimed at analysing your promotional or commercial information, and any offers, and therefore at the management of pre-contractual negotiations, as well as b) subsequent to the purchase of your products or services, the processing is aimed at the payment of the price and fiscal and accounting management of the relationship, as well as the consequent fulfilment of obligations, whether contractual or provided for by laws, regulations, or EU legislation, regarding tax matters and the keeping of corporate and accounting records. The legal basis for the processing is therefore: a) the execution of pre-contractual negotiations; b) the execution of the existing contract; c) the fulfilment of a legal obligation to which the Controller is subject.

3) Provision of Data and possible refusal

In the pre-contractual phase, the provision of data is optional. In the contractual phase, the provision is mandatory. Any refusal makes it impossible to continue the commercial relationship.

4) Nature of the data processed

The processing concerns only so-called common personal data (such as name and surname or company name, tax code or VAT number, address or registered office, contact details, company contact person details and role, banking and fiscal data).

5) Data Processing Methods

The data will be processed in electronic and paper format, in compliance with the corporate security measures adopted in accordance with art. 32 GDPR.

6) Communication and Dissemination of Data

Personal data is not subject to dissemination but may be communicated, for the performance of the required activities, to the following subjects:

  • banking institutions;
  • external consultants, who support the Controller in managing regulatory compliance;
  • public administrations;
  • electronic invoicing system, if applicable; In the event that the processing is carried out through the continuous professional contribution of third parties, these will be appointed as data processors, whose names are available at the registered office.

7) Transfer of data abroad

The Controller does not transfer the personal data of its suppliers to countries that do not guarantee an adequate level of personal data protection. Should such a transfer become indispensable for the fulfilment of the contract of which the Controller is a party, the Supplier will receive specific informative communication.

8) Retention Period

The data will be processed for the time necessary to achieve the purposes indicated above. In particular, for tax purposes, the Supplier’s personal data will be kept for at least 5 years from the closure of the individual contract to comply with tax and fiscal obligations. The data will be stored at the Controller’s premises and at the external processor responsible for managing accounting and declarations.

9) Profiling

The Controller does not carry out any automated processing or so-called profiling of personal data relating to suppliers.

10) Data Subject’s Rights

The Regulation grants the data subject, i.e., the person to whom the processed data refers, the following rights. They can obtain from the Data Controller confirmation of whether or not their personal data exists, know the origin of such data, as well as know the characteristics of the processing; they can also obtain the deletion, as well as the update, rectification, or integration of the data. They can also object to the processing and obtain data portability, where the legal requirements exist. Requests must be sent by registered letter to the company’s registered office or via certified email (PEC). The data subject also has the right to lodge a complaint with the supervisory authorities, the Guarantor for the protection of personal data (www.garanteprivacy.it), with headquarters in Rome, in the ways provided for by the regulation should they believe their rights have been violated. Trento, version 2023