Privacy Policy

Pursuant to art.13 of Regulation (EU) 2016/679 (hereinafter the “Regulation” or “GDPR”), we inform you below of the methods and purposes by which ELECTRO SYSTEM S.R.L., with registered office in Imola (BO), Via Pietro Nenni 9, as data controller, will process your personal data (“Company”).

Please read this notice carefully, which covers the processing of personal data of:

1. customers/suppliers/consultants/contracting parties-individuals;
2. legal representatives, partners (natural persons), directors or employees–managing the existing relationship between the parties–of customers/suppliers/consultants/contracting parties–legal persons.

1. How was my personal information obtained?

We collect your personal data from:

– You at the time of negotiation and conclusion of the contract.

These data belong to the following categories:

• Biographical data (first name, last name, gender, date of birth, place of birth, social security number, other…);
• contact information (postal or e-mail address, landline mobile phone number);
• payment details (bank account number, credit card details, other…);
• Data related to identification/recognition documents (ID card, passport, driver’s license, CNS, other…)

– extracted visas at the Chambers of Commerce;

– databases of entities offering information on the business reliability of entrepreneurs and managers (see section 2.c below) i.

2. For what purposes of processing will my personal data be processed?

We will process your personal data for the following processing purposes:

1. to execute a contract to which you are a party and pre-contractual measures taken at your request (art. 6, co.1, letter b) of the Regulations).
   We will process your personal data to execute each contract entered into or to execute pre-contractual measures taken at your request;
2. To fulfill legal obligations (art. 6, co. 1, lett. c) of the Regulations).
   We will process your personal data in order to fulfill obligations under current tax legislation;
3. To pursue a legitimate interest of ours (Art. 6, co. 1(f) of the Regulations) a:
4. mitigate our business risk and comply with our internal counterparty verification policies-we will consult certain databases of entities that provide information on the business reliability of entrepreneurs and managers (e.g., Cerved, CCIAA, RCS), to obtain information related to your business reliability.
   The data extracted from these databases belong to the following categories:
   • economic and financial data;
   • reputational data;
   • data necessary for the purpose of conducting asset investigations;
   • Data contained in news articles from open sources.
5. Evaluate your contractual diligence and your company’s business performance – in the course of contract performance, we will process your personal data, including data obtained from the business information and financial strength systems referred to in paragraph (i) above, to pursue our legitimate interest in evaluating your diligence in contract performance and your company’s business performance, in order to assess whether and under what conditions to continue to maintain a business relationship with your company;

• exercise or defend a right in or out of court – we will process your personal data to pursue our legitimate interest in exercising or defending one of our rights in or out of court, including in the event of breach of contract;
• Efficiently manage our suppliers through our supplier register-we will enter your information into a supplier register of our own, in pursuit of our interest in efficiently managing suppliers and avoiding the need to carry out the necessary suitability and adequacy checks of each supplier each time.

3. Is the provision of data mandatory or optional?

The provision of personal data is mandatory, since in case of failure to provide them, it will not be possible to enter into the contract with our Company and execute it.

4. How will my personal data be processed and how long will it be kept?

Your personal data will be processed by automated and non-automated means.
Specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access.
Your personal data will be retained for 10 years after the termination date of the contract.

This retention period is necessary for the purpose of fulfilling legal obligations under the Civil Code and tax laws concerning business record retention obligations, unless extended due to events interrupting the legal statute of limitations.

5. What parties may become aware of my personal data?

Your personal data may come to the attention of our employees and collaborators who are involved in the conclusion and execution of the contract, as well as our employees and collaborators who are involved in the fulfillment of legal obligations in tax matters.

Your personal data may also be disclosed to the following categories of persons, who, in their capacity as data processors pursuant to Art.
28 of the Regulations, provide us with services instrumental to the conduct of our business:

• IT service providers; management service providers; administrative service providers;
• outside professionals and consultants; debt collection companies and those specializing in asset investigation; external auditing firm, if any.

Your data may, also, be disclosed to third parties belonging to the following categories:

• banks and payment institutions, to the extent necessary to make or receive payments in connection with the contract;
• competent tax and revenue authorities to the extent required by law;
• judicial authorities or police forces, in case we need to report a crime or otherwise where necessary to pursue our own legitimate interest in exercising or defending a right in court;
• lawyers, where necessary to pursue a legitimate interest of their own in exercising or defending a right in and out of court.

Please note that, your personal data will be processed only within the European Union and the European Economic Area.

6. What are my rights?

You have the right to exercise, at any time, free of charge and without formalities, the following rights set forth in Articles 15 to 22 of the Regulations: the right to request access to personal data (i.e., the right to obtain from us confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to the personal data, obtaining a copy thereof, and to the information referred to in Art. 15 of the Regulation), rectification (i.e., the right to obtain the rectification of inaccurate data concerning you or the integration of incomplete data), cancellation (i.e., the right to obtain the deletion of data concerning you, if one of the reasons indicated in Art. 17 of the Regulations), restriction of processing (i.e., the right to obtain, in the cases indicated by Art. 18 of the Regulations, the marking of the data stored with the aim of limiting their processing in the future), as well as the right to data portability (i.e., the right, in the cases indicated by Art. 20 of the Regulations, to receive from us, in a structured, commonly used and machine-readable format, data concerning you, as well as to transmit such data to another data controller without hindrance).

We remind you that you always have the option of filing a complaint with the Data Protection Authority www.garanteprivacy.it or the different Supervisory Authority of the EU Member State where you reside or work.

7. Do the Regulations also give me the right to object to processing?

Yes, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you in accordance with Article 6(1), letters (e) or (f) of the Regulations, including profiling, where carried out, on the basis of these provisions.

8. How can I contact you and exercise my rights?

Requests to exercise your rights, as stated above, should be submitted using the form for the exercise of personal data protection rights available at https://www.garanteprivacy.it/home/modulistica-e-servizi-online.

This form, duly completed and addressed to the data controller, should be sent to privacy@electrosystem.com or by mail to the following address:

ELECTRO SYSTEM S.R.L.

Pietro Nenni Street No. 9

40026 – Imola (BO)

c.a: Privacy Office.