Privacy clients and suppliers
Source of data, kind of processing and purposes of processing
APLICACIÓN Y SUMINISTROS TEXTILES S.A. (“Asutex” or the “Controller”) will process the personal data by automated and non-automated means, also collecting such data from third parties, granting the confidentiality and security of the data.
The personal data collected is only the data which is strictly related to the commercial relationship among the parties, for instance, name, last name, email address and telephone number provided by the employer, information required to comply with the administration and accounting obligations and, where needed, data requested at the reception to guaranty the security of the access to our premises.
The personal data is processed for the following purposes: compliance with contractual obligations or, for ordinary administrative and accounting purposes; compliance with a legal obligation provided for by local or European laws, or decisions by the supervisory authority, to which the Controller is subject; making market statistic research and evaluation with anonymized data; Legal Legal Basis for the Processing.
The legal basis for the processing of the data for purposes under para. 1(a) is art. 6(1)(b) of the GDPR pursuant to which ([..] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).
The legal basis for the processing of the data for purposes under para. 1(b) is art. 6(1)(c) of the GDPR pursuant to which ([..] processing is necessary for compliance with a legal obligation to which the controller is subject).
The processing for the data for purposes under para. 1(c) can be made since the data, does no longer identify a natural person and therefore it does not fall within the definition of personal data pursuant to GDPR.
Nature of the provision of the data
The provision of the data under para. 1(a) is a contractual requirement and not a statutory requirement, however, the it is necessary for the execution of the agreement and for the contractual relationship. Lacking the provision of the data, Asutex might not be able to satisfy your requests or enter into an agreement with you.
If personal data have been provided for purposes under para. 1(a), the processing for purposes under para. 1(b) is statutory requirements to which the Controller is subject. Categories of recipients of the personal data in connection with the Controller’s business, and for the purposes provided above and for the limited time strictly necessary for the achievement of such purposes, data might be shared with:
- persons which typically act as data processors pursuant to art. 29 of the Privacy Code and art. 28 of the GDPR, and in particular:
i) individuals, companies or advisors which provide accounting, management, legal, tax and financing assistance to the Controller;
ii) person to in charge of the technical maintenance;
iii) banks, broker and insurance companies;
- persons, governmental entity and authorities which the Controller is under a statutory obligation to provide the data to pursuant to law or court’s or authorities’ order;
- the Controller representatives, which have been duly authorized pursuant to art. 30 Privacy Code and 29 of the GDPR, to the processing of the personal data, only to the extent required for the purposes stated in art. 1, and who undertake to keep the data strictly confidential;
- companies of Bozzetto Group, only for internal administrative purposes;
Data Subject rights
In accordance to art. 7 of the Privacy Code and of Chapter III of the GDPR, the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, and request the categories of personal data being processed, the source, verify the accuracy or request the integration, the update or the rectification of the data, the erasure of the data, the anonymization or block of the data processed in violation of the law and has the right to object to the processing for legitimate reasons.
From May 25, 2018 the data subject also has the right to access its data, to object to the processing pursuant to art. 21 of the GDPR, to restrict the processing pursuant to art. 18 of the GDPR if technically possible, to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format in the cases provided for under art. 20 of the GDPR.
The data subjects’ rights can be exercised by sending a written request to the Controller at the address indicated under art. 7 below. Your request will be processed by the Controller in a timely manner. Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with the Garante della protezione dei dati personali (or other supervisory authority) if the data subject considers that the processing of personal data relating to him or her infringes the applicable privacy law.
Personal data processed for the purposes referred to in par. 1 (a) will be kept for the time strictly necessary to achieve the purposes. In any case, since the data are provided in relation to the supply of products or services, the Data Controller will keep personal data for the period provided for by the Spanish legg. The processing of personal data for the purposes referred to in paragraph 1, letter b), will be kept as long as required by law.