INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to Art. 13 Reg. EU 2016/679

Dear Supplier,
below we provide, in accordance with EU Regulation 2016/679 (hereinafter referred to as the “Regulation”), information on the processing of your personal data.

1. OWNER
The data controller is PDT Cosmetici S.r.l. (VAT NO. 04754730721)
Registered office: Viale Cavalieri del Lavoro, 45/47 – 70017 Putignano (BA)
PEC: pdtcosmeticisrl@pec.it
E-mail: gdpr@pdtcosmetici.it.

2. PURPOSE AND LEGAL BASIS OF PROCESSING

a. Personal data collected are processed for the purposes set out below on the legal basis set out below. The provision of such data is necessary:

Purpose Categories of data processed Legal basis Let’s take an example
Fulfilment of legal obligations Personal data (mainly browsing data) Necessary for compliance with a legal obligation to which the data controller is subject (Art. 6, 1, c. Regulation) For example, we will process your personal data if we are obliged to respond to requests made by a public authority.
Supplier relationship management Personal data (mainly personal data, contact details) Necessary for contract implementation or execution of pre-contractual measures (art. 6 (1)(b) Regulation) For example, the processing of data transmitted by sending an e-mail message will be necessary to provide a reply.
Litigation management Personal data (mainly personal data, contact data, browsing data) Necessary for the purposes of pursuing the legitimate interests of the data controller or a third party (Art. 6(1)(f) Regulation) For example, the data could be used to ascertain liability in the event of hypothetical computer crimes against the Site.

3. CATEGORIES OF RECIPIENTS
Within the scope of the above-mentioned purposes, the data collected may be communicated to the following subjects:

Recipient Motivation
Social security, welfare, other public or similar bodies Banks and credit institutions Insurance companies Professionals, consultants or companies working for the company Other organisations that provide services for the company (e.g. IT services, canteen, car rental) Persons authorised to process data Clients Legal or contractual obligation Instrumental to the implementation of the contract

4. DISSEMINATION OF DATA
The data will not be disseminated.

5. DATA TRANSFER
The controller does not intend to transfer personal data to a third country or an international organisation.

6. DATA RETENTION
The personal data collected will be kept for the time necessary to perform the contract and for the further period prescribed by law for the purposes referred to in point a, i.e., 10 years from the conclusion of the employment relationship.

7. RIGHTS OF THE DATA SUBJECT
In relation to the data provided, you may request to exercise the following rights: access, cancellation, rectification, restriction of processing, objection to processing, data portability, revocation of consent given when processing is based on consent. If you believe that a processing operation is in breach of Regulation (EU) 2016/679, you can also file a complaint with the supervisory authority of the member state where you reside, work or where the breach occurred.
To exercise your rights, you can send a written request or e-mail to the holder’s addresses listed above.