Information on personal data processing for Suppliers

Pursuant to Articles 13 and 14 of Regulation 2016/679/EU (hereinafter “GDPR”) PEIMAR S.R.L. (hereinafter “Data Controller”) with registered offices in Brescia (BS), Via Cefalonia 70 – 25124, in its capacity as “Data Controller”, informs you that your personal data, collected for the purpose of concluding the contract with the Supplier and/or in the execution and/or stipulation of said contract, will be processed in compliance with the aforementioned legislation, to guarantee your rights and fundamental freedoms, as well as the dignity of individuals, with particular reference to privacy and personal identity. We inform you that if the activities outsourced to you provide for the processing of personal data of any third parties, as controller of their data it will be your responsibility to ensure that you have complied with the provisions of the legislation with regard to the Data Subjects concerned, in order to make their processing by us legitimate.

Source, purpose, legal basis and nature of the processed data
The processing of your personal data, directly supplied by you, is carried out by PEIMAR S.R.L. for the purpose of concluding the contract with the Supplier and/or in the context of execution and/or stipulation thereof.
Furthermore, processing of the personal data of third parties, provided by the Supplier to this Company, may be possible. With respect to this possibility, the Supplier acts as an independent data controller and assumes the consequent legal obligations and responsibilities, thus exonerating this Company with respect to any dispute, claim and/or request for compensation for processing damage that may be received by the Company from the third parties concerned.
In compliance with current legislation on the protection of personal data and without the need for specific consent from the Data Subject, the Data will be stored, collected and processed by the Company for the following purposes:

  1. fulfilment of contractual obligations, execution and/or stipulation of the contract with the Supplier and/or management of any pre-contractual measures;
  2. fulfilment of any legal obligations, of fiscal and tax provisions resulting from performance of the business activity and obligations relating to administrative and accounting activities.

The legal bases of processing for the purposes a) and b) above are articles 6.1. b) and 6.1. c) of the Regulation.

The provision of Data for the aforementioned purposes is optional, but failure to provide your Data and the refusal to supply them would make it impossible for the Company to execute and/or enter into the contract and provide the services required by the same.

Your data may be communicated to third parties appointed as data processors pursuant to Article 28 of the GDPR and, in particular to banking institutions, companies working in the insurance sector, providers of services that are strictly necessary for performing business activities, or to consultants of the company, if necessary for fiscal, administrative or contractual reasons, or for needs protected by current regulations.
Your personal data, or the personal data of third parties controlled by you, may also be communicated to external companies, identified from time to time, to which PEIMAR S.R.L. entrusts the execution of obligations deriving from the assignment received, and to which only the data necessary for the activities requested will be transmitted. All employees, consultants, temporary workers and/or any other “natural person” who, authorised for data processing, carry out their activity on the basis of the instructions received from PEIMAR S.R.L., pursuant to art. 29 of the GDPR, are appointed “Data Processors” (hereinafter also “Processors”). The Processors or persons in charge of processing that may be appointed by PEIMAR S.R.L. are given adequate operating instructions, with particular reference to the adoption of, and compliance with, security measures, to guarantee the confidentiality and security of data. With reference to the aspects of protection of personal data, the Supplier is invited, pursuant to art. 33 of the GDPR, to report to PEIMAR S.R.L. any circumstances or events from which a potential “breach of personal data (data breach)” may arise, in order to allow for immediate assessment and the adoption of any actions aimed at countering this event. Any communication can be sent to PEIMAR S.R.L. at the contact addresses below.
Your Data will not be disclosed.
PEIMAR S.R.L.’s obligation to communicate your data to Public Authorities, upon their specific request, remains.

Transfer of data abroad
Transfer of your personal data abroad may occur if it is necessary for the management of the assignment received. For the processing of information and data that may be communicated to these subjects, levels of protection that are equivalent to those adopted to process their staff’s own personal data will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory instruments foreseen by Chapter V of the GDPR will be applied.

Data processing methods and period of retention
Your data are collected and recorded in a lawful and correct manner, for the purposes indicated above and in compliance with the principles and requirements of art. 5 c 1 of the GDPR.
Personal data processing is carried out using manual, computerised and telematic means with logic that is strictly related to the actual purposes and, in any case, in such a way as to guarantee their security and confidentiality.
Personal data will be processed by PEIMAR S.R.L. for the entire duration of the assignment and also subsequently to assert or protect their rights or for administrative purposes and/or to execute obligations deriving from the legislation and regulatory framework applicable at the time and in compliance with the specific legal obligations on the retention of data.

Nature of data provision
In relation to the aforementioned purposes a) and b) above, provision of your data is essential for execution of the assignment between you and PEIMAR S.R.L. and to allow PEIMAR S.R.L. to comply with the formalities required by the applicable regulations: failure to provide the Data and the refusal to provide them would make it impossible for the Company to execute and/or enter into the contract and provide the services required by the same. We therefore inform you that the processing of personal data is based on the provisions of art. 6 c. 1 b) of the GDPR.

Rights of the data subject
In compliance, within the limits and under the conditions established by the legislation on personal data protection, regarding exercising the rights of Data Subjects, as far as the processing herein is concerned, as a Data Subject you have the right to: request confirmation of whether your personal data are being processed or not, access personal data concerning you, and in relation to them you have the right to request their rectification, cancellation, notification of rectification and cancellation to those who the data have may have been transmitted to by our Organisation, the limitation of processing in the hypothesis foreseen by the regulation, the portability of the personal data – supplied by you – in the cases indicated by the regulation, to oppose the processing of your data and, specifically, you have the right to oppose decisions that concern you if based solely on automated processing of your data, including profiling. If you believe that the way your data has been processed is in violation of the rules of the GDPR, you have the right to lodge a complaint with the Data Protection Authority pursuant to art. 77 of the GDPR.
If you wish to request further information on the processing of your personal data or wish to exercise your rights, you may contact Marco Casale, in writing, at:

Data Controller
The Data Controller, pursuant to art. 4 of the GDPR, is PEIMAR S.R.L., Via Cefalonia 70 – 25124
Brescia (BS) P.IVA: 03416340986 – CF: 03416340986

Data Protection Officer
The DPO (Data Protection Officer) appointed by the Data Controller pursuant to art.37 and GDPR may be contacted at the email address

Kind regards

The Data Controller