The following General Privacy Notice to Suppliers refers only to the processing of personal data managed by Gulliver Srl, as Data Controller, for the purpose of executing contracts with Suppliers, as well as for commercial and marketing development purposes.
With reference to any processing of personal data conducted by Suppliers on behalf of Gulliver Srl, as Data Processor, please refer to the provisions of the contracts between the Data Controller and Data Processor signed between the parties.
GENERAL SUPPLIER INFORMATION - RELATING TO THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 AND 14 OF THE REGULATION (EU) 2016/679 ("GDPR")
1. Owner and managers of the treatment
The Data Controller is GULLIVER S.R.L, with registered office in Via Orzinuovi 73, 25125 Brescia, Tax Code and Partita. VAT number 03559600170; Gulliver srl has appointed its own Data Protection Officer (DPO) who can be contacted for any request at the e-mail address email@example.com.
The updated list of data processors is kept at the registered office of the Data Controller
2.Object of the processing - categories of personal data processed
The Data Controller processes the personal data of your appointees, to be understood as common identification data of commercial contact (such as name, surname, address, telephone, e-mail), communicated by you when defining and / or concluding contracts in as a customer for the services of the owner or, still during the contractual relationship. The Customer receiving this information undertakes to give it to their employees whose data is processed by the Data Controller.
The Data Controller may also process the personal data of your appointees, to be understood as common commercial contact identification data (such as name, surname, address, telephone, e-mail), acquired by third-party owners (ex. trade fair organizations) who have acquired their legitimate consent to the transfer for commercial contact purposes.
3.Purpose and legal basis of the processing
3.1 Contractual and pre-contractual purposes:
3.1.1 the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same,
3.1.2 the processing is necessary to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority
3.1.3 the processing is necessary to exercise the Data Controller's legitimate defense interest in court.
3.2 Commercial Development and Marketing Purposes: to send you commercial or marketing communications relating to the Controller's products or services (by e-mail)
3.2.1 based on the legitimate interest of the Data Controller (so-called Soft Spam) if you have already purchased our products or used our services and for products / services similar to those you have already used, unless you disagree,
3.2.2 on the basis of your explicit and specific consent given to us or provided to third parties from whom the data was acquired.
4.Processing methods and duration
The processing of your personal data may be carried out by means of the operations indicated in art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data may be subjected to both paper and electronic processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned contractual purposes and in any case for no more than 10 years from the termination of the contractual relationship. For marketing purposes, the Data Controller will process personal data for the time strictly necessary to fulfill the purposes for which they were collected, for the period required by law or under the provisions of the authority. Given your desire to revoke the consent given or express decision to cancel from our commercial mailing list, your data will be promptly deactivated from our marketing databases so that you will not receive further communications. In any case, the personal data contained in previous communications will be kept for a period not exceeding 24 months from their registration, without prejudice to the transformation of said data into anonymous form.
5.Access to data
Your data may be made accessible for the purposes referred to in the previous art. 3:
to employees and collaborators of the Data Controller in their capacity as persons in charge of processing and / or system administrators;
to third-party companies or other subjects (by way of example, professional firms, consultants, insurance companies, credit institutions, etc.) who carry out activities on behalf of the Data Controller, in their capacity as independent Data Controllers or external Data Processors appointed by the Data Controller.
6.Communication of data
Pursuant to art. 6 lett. b) and c) GDPR, therefore without the need for express consent, the Data Controller may communicate your data for the purposes deriving from the contractual relationship to judicial authorities as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the purposes said. These subjects will process the data in their capacity as independent Data Controllers.
Your data will not be subject to disclosure.
Personal data may be transferred, for the purposes referred to in this information as well as for archiving and storage purposes, both to countries of the European Union and to third countries with respect to the European Union.
In any case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions.
8.Nature of the provision
The provision of data for the contractual purposes of art. 3.1 is mandatory. In their absence, we will not be able to guarantee the execution of the contractual relationship.
The provision of data for the marketing purposes of art. 3.2 is optional; you can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided and any consent given, in this case, you will not be able to receive the aforementioned commercial communications and advertising material concerning the products or services offered by the Data Controller.
9.Rights of the interested party
By contacting the Data Controller by e-mail at firstname.lastname@example.org, any interested party may exercise the rights referred to in art. 15 GDPR and precisely:
Rif. GUL_INFO05 del 16/02/2021