INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA
SUPPLIERS

(Information pursuant to art. 13 and art. 14 of Reg. (EU) 679/2016, so-called. GDPR)

Below we provide you with some information that is necessary to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards interested parties is a fundamental part of our business.

This information is addressed to the collaborators and suppliers of Krupps Srl

Who is the data controller?

The Data Controller of your personal data is Krupps Srl (VAT number IT04251180289), with registered office in Via Austria 19 – 35127, Padova (PD) – Italy, responsible for the legitimate and correct use of your personal data and which you can contact for any information or request at the following addresses: 0497625156, privacy@krupps.com, krupps@pec.it

How do I contact the Data Protection Officer?

The Data Protection Officer (DPO) can be contacted at the following addresses: dpo@krupps.com

Where is the data collected?

The data is communicated by you and/or by third parties such as other suppliers and/or collected from publicly accessible sources.

What data processing is carried out?

Your personal data is collected and processed, using automated and non-automated methods, as specified below.

Supplier Management

Purpose and legal basis	– Instaurazione e gestione del rapporto contrattuale, sulla base dell’esecuzione di un contratto e/o misure precontrattuali, obbligo di legge
Data categories	Dati anagrafici, Dati di contatto, Dati di indirizzo, Dati di pagamento
Storage time*	10 anni dall’anno di cessazione dell’ultimo contratto
Data recipients	Soggetti autorizzati al trattamento nominati ex art. 29 Reg. UE 2016/679, Autorità e pubbliche amministrazioni rispetto alle quali vige un obbligo di legge alla comunicazione, Responsabili del trattamento nominati ex art. 28 Reg. UE 2016/679 (vedi registro dei responsabili), altri soggetti per cui la comunicazione dei dati risulti necessaria ai fini dello svolgimento delle finalità dichiarate del titolare, Banche

Planning and control of activities

Purpose and legal basis	– Planning of activities, based on the legitimate interest of the Data Controller in carrying out business activities
Data categories	Personal data, Contact data, Data relating to work activity
Storage time*	10 years from the year of data acquisition
Data recipients	Soggetti autorizzati al trattamento nominati ex art. 29 Reg. UE 2016/679, Responsabili del trattamento nominati ex art. 28 Reg. UE 2016/679 (vedi registro dei responsabili), altri soggetti per cui la comunicazione dei dati risulti necessaria ai fini delAuthorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Management control

Purpose and legal basis	– Internal control of company management, based on the legitimate interest in carrying out business activities
Data categories	Personal data, Contact data, Data relating to work activity
Storage time*	10 years from the year of competence
Data recipients	Soggetti autorizzati al trattamento nominati ex art. 29 Reg. UE 2016/679, Responsabili del trattamento nominati ex art. 28 Reg. UE 2016/679 (vedi registro dei responsabili), altri soggetti per cui la comunicazione dei dati risulti necessaria ai fini delAuthorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Accounting

Purpose and legal basis	– Keeping of accounting records, based on a legal obligation – Tax obligations, based on a legal obligation
Data categories	Personal data, Contact data, Address data, Payment data, Data relating to work activity, Data relating to purchases or use of services
Storage time*	10 years from the year of termination of the last contract
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Authorities and public administrations with respect to which there is a legal obligation to communicate, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purposes of carrying out the purposes declared by the owner, Banks

Receipt and acceptance of goods

Purpose and legal basis	– Accettazione delle merci, sulla base d- Acceptance of goods, on the basis of the performance of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Address data, Payment dates
Storage time*	10 years from the year of competence
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Purchase Management

Purpose and legal basis	– Purchasing activities of goods or services, based on the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services, Profiling data
Storage time*	Until consent is revoked. Then the processing will be limited to mere storage for 10 years from the year in which consent was revoked
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Marketing and communication activities

Purpose and legal basis	– Marketing (market analysis and research), Sending of information and/or advertising material, based on the consent of the interested party**
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services, Profiling data
Storage time*	Fino alla revoca del consenso. Poi il trattamento si limiterà alUntil consent is revoked. Then the processing will be limited to mere storage for 10 years from the year in which consent was revoked
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

**The provision of consent is always optional and can be revoked at any time, you can contact the Owner via the contact information above.

Reception

Purpose and legal basis	– Monitoring of people entering the company, based on the legitimate interest in protecting company assets, worker safety, organizational and production needs – Filtering of telephone calls, based on legitimate interest in organizational and production needs
Data categories	Personal data, Contact data, Address data, Data relating to identification/recognition documents
Storage time*	1 year from the year of data acquisition
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner, Authorities and public administrations for which there is a legal obligation to communicate

Accommodation Management

Purpose and legal basis	– Organization of accommodation, on the basis of the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Data relating to work activity, Data relating to identification/recognition documents
Storage time*	10 years from the year of organization
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), Accommodation facilities, Transfer services, other entities for which the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

* In addition to the time required for the statute of limitations to accrue in relation to the reciprocal rights and the time for retaining backups.

In addition to the above, within the scope of activities functional to the good management of the organization, your personal data will also be processed by internal or external personnel duly authorized for:

1) the management and maintenance of the network and IT systems, when the processing occurs through even partially automated methods (for example when the data passes through the IT systems of Krupps Srl), on the basis of the legitimate interest in protecting them and for the obligations inherent to information security; the data are stored in compliance with the security implementations and with what is foreseen for the main processing of reference among those described above;

2) manage compliance activities, including personal data protection obligations, as required by law, in accordance with the retention periods established for the main processing in question;

3) to prevent and detect abuse and to defend the rights and interests of the Data Controller, retaining them until the expiry of the limitation periods, except in the event of litigation (in which case, the data will be retained until the matter of the dispute has been definitively resolved), on the basis of the legitimate interest of the Data Controller in protecting its rights and interests.

Are there automated processes?

The processing is not based on automated decision-making.

Is it mandatory to provide data?

Except for any purposes based on consent, the provision of your data is a necessary requirement: failure to provide the data indicated as mandatory could lead to legal and contractual consequences. Therefore, in the event of failure to provide them, you may not obtain the expected result or obtain it only partially.

Is data transferred outside the European Union?

The processing of personal data (e.g. storage, archiving and conservation of data on its own servers or in the cloud) will be limited to the areas of circulation and processing of personal data of the countries belonging to the European Economic Area, with an express prohibition on transferring them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of protection instruments provided for by EU Regulation 2016/679 (third country deemed adequate by the European Commission, group BCR, model contractual clauses, consent of the interested parties, etc.).

What rights are recognized?

You have the right, pursuant to articles 15 and following of EU Reg. 2016/679, to request from the Data Controller access to your personal data, as well as their rectification, cancellation or oblivion;
You also have the right to request data portability or limitation of processing;
You have the right, for reasons relating to your particular situation, to object to the processing of your personal data based on the legitimate interest;
You have the right to view the essential contents of any joint ownership agreements signed;
For treatments based on consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the treatment based on the consent given before the withdrawal;
You may also lodge a complaint with the Authority for the Protection of Personal Data, located in Piazza Venezia 11, 00187 – Rome – protocollo@pec.gdpd.it.

To exercise your rights or to request additional information, you can contact the Owner using the contact information above.

Can the information in this policy change?

We reserve the right to update our Privacy Policy. We will communicate changes as appropriate and update the date in this Privacy Policy. Therefore, we recommend that you periodically consult our Privacy Policy, including by requesting a copy from the Data Controller.

Last updated: 29/11/2024

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	[vc_row][vc_column][vc_column_text]YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.[/vc_column_text][/vc_column][/vc_row]

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	[vc_row][vc_column][vc_column_text]This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.[/vc_column_text][/vc_column][/vc_row]
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.