PRIVACY NOTICE
Pursuant to the General Data Protection Regulation EU 2016/679 (the “GDPR”), we inform you that the personal data provided by you will be collected and processed by us in the manners and for the purposes stated below. This privacy policy applies to personal data suppliers and customers provide, personal data of agents, brokers, consultant and other natural person whose data are in any way processed by the data Controller (as defined in art. 1 below) in relation to the provision of services and products to the data Controller by them.
Source of data, kind of processing and purposes of processing
APLICACIÓN Y SUMINISTROS TEXTILES S.A. (“Asutex” or the “Controller”) will process the personal data by automated and non-automated means, also collecting such data from third parties, granting the confidentiality and security of the data.
The personal data collected is only the data which is strictly related to the commercial relationship among the parties, for instance, name, last name, email address and telephone number provided by the employer, information required to comply with the administration and accounting obligations and, where needed, data requested at the reception to guaranty the security of the access to our premises.
The personal data is processed for the following purposes: compliance with contractual obligations or, for ordinary administrative and accounting purposes; compliance with a legal obligation provided for by local or European laws, or decisions by the supervisory authority, to which the Controller is subject; making market statistic research and evaluation with anonymized data; Legal Legal Basis for the Processing.
The legal basis for the processing of the data for purposes under para. 1(a) is art. 6(1)(b) of the GDPR pursuant to which ([..] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).
The legal basis for the processing of the data for purposes under para. 1(b) is art. 6(1)(c) of the GDPR pursuant to which ([..] processing is necessary for compliance with a legal obligation to which the controller is subject).
The processing for the data for purposes under para. 1(c) can be made since the data, does no longer identify a natural person and therefore it does not fall within the definition of personal data pursuant to GDPR.
Nature of the provision of the data

The provision of the data under para. 1(a) is a contractual requirement and not a statutory requirement, however, the it is necessary for the execution of the agreement and for the contractual relationship. Lacking the provision of the data, Asutex might not be able to satisfy your requests or enter into an agreement with you.

If personal data have been provided for purposes under para. 1(a), the processing for purposes under para. 1(b) is statutory requirements to which the Controller is subject. Categories of recipients of the personal data in connection with the Controller’s business, and for the purposes provided above and for the limited time strictly necessary for the achievement of such purposes, data might be shared with:
- persons which typically act as data processors pursuant to art. 29 of the Privacy Code and art. 28 of the GDPR, and in particular:
i) individuals, companies or advisors which provide accounting, management, legal, tax and financing assistance to the Controller;
ii) person to in charge of the technical maintenance;
iii) banks, broker and insurance companies;
- persons, governmental entity and authorities which the Controller is under a statutory obligation to provide the data to pursuant to law or court’s or authorities’ order;
- the Controller representatives, which have been duly authorized pursuant to art. 30 Privacy Code and 29 of the GDPR, to the processing of the personal data, only to the extent required for the purposes stated in art. 1, and who undertake to keep the data strictly confidential;
- companies of Bozzetto Group, only for internal administrative purposes;
Data Subject rights

In accordance to art. 7 of the Privacy Code and of Chapter III of the GDPR, the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, and request the categories of personal data being processed, the source, verify the accuracy or request the integration, the update or the rectification of the data, the erasure of the data, the anonymization or block of the data processed in violation of the law and has the right to object to the processing for legitimate reasons.

From May 25, 2018 the data subject also has the right to access its data, to object to the processing pursuant to art. 21 of the GDPR, to restrict the processing pursuant to art. 18 of the GDPR if technically possible, to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format in the cases provided for under art. 20 of the GDPR.
The data subjects’ rights can be exercised by sending a written request to the Controller at the address indicated under art. 7 below. Your request will be processed by the Controller in a timely manner. Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with the Garante della protezione dei dati personali (or other supervisory authority) if the data subject considers that the processing of personal data relating to him or her infringes the applicable privacy law.
Retention

Personal data processed for the purposes referred to in par. 1 (a) will be kept for the time strictly necessary to achieve the purposes. In any case, since the data are provided in relation to the supply of products or services, the Data Controller will keep personal data for the period provided for by the Spanish legg. The processing of personal data for the purposes referred to in paragraph 1, letter b), will be kept as long as required by law.

Contacts of the data Controller The data Controller is APLICACIÓN Y SUMINISTROS TEXTILES S.A., with registered office at Ronda de Boada Vell, 43, 08184 Palau-solità i Plegamans, Barcelona, Spain
The Controller may be contacted for any issue related to the processing of the personal data at the following address: privacy@asutex.com