Supplier and Prospect Data Policy
The information which follows is intended for natural persons, including professionals, individual business owners and the representatives/contact people of businesses, entities, associations and foundations, henceforth “Data Subjects”.
Identity and contact data of the Data Controller
Calzaturificio S.C.A.R.P.A. S.P.A., henceforth “SCARPA” or “Data Controller”, head offices at 1 Via Enrico Fermi, Asolo (TV) 31011, which can be contacted via email at info@scarpa.net, certified email (PEC) at calzaturificioscarpaspa@legalmail.it or via telephone at +39 0423 5284.
Data categories and their sources
SCARPA processes general personal data (e.g. personal information, contact information, data related to IDs/recognition documents, data related to business and work activities, including certificates and professional qualifications) and/or, in some cases, specific data (e.g. data relating to suitability for work). This information can be collected from the data subject which it refers to and/or from third parties (e.g., other company employees and collaborators or the Office of Criminal Records).
Purpose and legal basis
A. Pre-contractual management: personal data are processed for all needs pertaining to the acquisition of information and/or quotes and estimates.
B. Collection of finalcial data: personal data are processed to gather information on and verify the economic/financial position and the assets/liabilities of the data subject, including their solidity, solvency and creditworthiness.
C. Contract manager: personal data are processed for all needs related to the management of the contractual relationship in all its phases (e.g., appointment management, logistical organization and compliance with the regulatory obligations of the Data Controller).
D. Legal defence: the Data Controller may need to process personal data for the management of disputes and litigation, in or out of court.
|
Purpose |
Legal basis (general data) |
Legal basis (specific data) |
|
A. |
Legitimate interest of the Data Controller related to searching for potential suppliers and the collection of information and/or estimates and quotes. |
/ |
|
B. |
Legitimate interest of the Data Controller related to the analysis and creation of business strategies and policies, the identification of individuals with whom to enter into or continue commercial relationships, the terms and conditions of payment and fraud prevention. |
/ |
|
C. |
Legitimate interest of the Data Controller to properly conduct business relations in compliance with applicable laws and regulations; Contract fulfilment; Compliance with legal obligations. |
Fulfilment of labour law obligations. |
|
D. |
Legitimate interest of the Data Controller to establish, exercise or defend a right. |
Establish, exercise or defend a right. |
Storage of data
|
Purpose |
Duration of storage |
|
A. |
The time period necessary to process requests submitted and all subsequent interactions. |
|
B. |
Time period required to carry out verifications. |
|
C. |
10 years from end of contract. |
|
D. |
10 years from the definitive resolution of the dispute. |
Nature of the data transfer and consequences of refusal
|
Purpose |
Nature |
Consequences |
|
|
A. |
Necessary |
Inability to request and obtain the necessary information. |
|
|
B. |
Not applicable |
/ |
|
|
C. |
Necessary |
Inability to enter into or continue the commercial relationship. |
|
|
D. |
Necessary |
Inability to manage disputes. |
|
Scope of disclosure
Data are processed by internal staff members who have been authorized to carry out specific tasks, and shared externally according to the following rules
|
Purpose |
External recipient categories |
|
A. |
External consultants. |
|
B. |
Business information companies. |
|
C. |
Credit institutions, external consultants, entities to which disclosure is obligatory by law, business partners (clients/suppliers). |
|
D. |
Law firms; Judicial authorities. |
Because data are processed with methods that include the use of computerized tools, they may also be accessed by individuals who provide assistance/maintenance for said systems.
Data transfers to third countries or international organizations
The Data Controller does not transfer personal data outside of the European Economic Area.
Rights of the Data Subject
The individual to whom the personal data refers to has the following rights:
Access: data subjects can find out whether or not their personal data are being processed and, when that is the case, access the personal data and obtain a copy.
Rectification: the data subject can request that their personal data be updated, corrected (if inaccurate) and completed (if incomplete).
Erasure: data subjects can obtain the erasure of their personal data when certain conditions are met (for more information, contact the Data Controller).
Restriction: data subjects can request that their data are marked so as to limit their future processing, when certain conditions are met (for more information, contact the Data Controller).
Objection: it is possible, on grounds relating to one’s individual situation, to object to the processing of personal data when said processing is necessary for the purposes of legitimate interests or for the completion of a task in the public interest or connected to the exercise of public powers vested in the Data Controller.
Portability: data subjects can receive, in a structured format, the personal data provided to the Data Controller and request that said data be transmitted to another data controller when the processing is based on consent or on a contract and is carried out by automated means.
Withdrawal of consent: it is possible to withdraw consent for the purposes for which it was requested, without prejudice to the lawfulness of the processing carried out before withdrawal.
The concrete rights which can be exercised relative to personal data processing which has been carried out are:
|
Purpose |
Right |
||||||
|
|
Access |
Rectification |
Erasure |
Restriction |
Objection |
Portability |
Withdrawal of consent |
|
A. |
X |
X |
X |
X |
X |
|
|
|
B. |
X |
X |
X |
X |
X |
|
|
|
C. |
X |
X |
X |
X |
X |
X |
|
|
D. |
X |
X |
X |
X |
X |
|
|
To exercise the aforementioned rights, please fill in the form found at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 and send it to privacy@scarpa.net. Data subjects can use that same email address to learn more about the information listed herein (e.g., the “balancing test” for legitimate interests or the list of data processors).
It is possible to submit a complaint to the Data Authority. In Italy, that authority is the Italian Data Protection Authority (Garante per la protezione dei dati personali)
