Privacy Policy for Suppliers-collaborators pursuant to art. 13 and 14 EU Regulation 2016/679 (ver 1.4)

Tempo di lettura: 14 minutes

Who is your personal data controller?

Engineering Ingegneria Informatica S.p.a., with its registered office in Rome, Piazzale dell’Agricoltura 24-00144, (hereinafter the “Data Controller”) which also operates in the name and on behalf of subsidiaries following an explicit joint controller agreement.

The Data Protection officer can be contacted via this email address:

According to the co-ownership agreement concluded between the aforementioned companies, as outlined in Article 26 of the Regulation, the respective roles and responsibilities regarding compliance with the obligations deriving from this Regulation have been determined. If you would like to read the main content of the agreement, please contact Engineering.

Which personal data will be processed by Engineering?

The Data Controller will process simple and financial data, directly related to the supplier or to data subjects such as its collaborators, employees and/or contacts, including, as an example: name, surname, mobile phone number, the e-mail address and in general your contact data as a person responsible for maintaining the existing business relationship for the supply in question.

Why will Engineering use your personal data?

For contract execution, to manage suppliers and their quality control, to perform data security audits.

  1. For performance of the contract and/or pre-contractual measures (“Performance of the Contract” purpose).
    The legal bases are:

    • Adoption of pre-contractual measures requested by the interested party, conclusion and execution of a contract [Art 6, par. 1, lit. b) of the GDPR]
    • The processing is necessary to fulfil a legal obligation to which the data controller is subject [Art 6 par. 1, lit. c) of the GDPR].
  2. For the management of suppliers, as well as control of their quality and performance (“Quality Control” purpose).
    The legal basis is a legitimate interest of the Data Controller to monitor the adequacy of the supplier, the fulfilment of the obligations undertaken as well as to be aware of suppliers close relations in order to prevent conflicts of interest and unethical personal use of job advantages, all with the purpose of respecting its internal procedures and its code of ethics [Art 6 para. 1, lett. f) of the GDPR].
  3. To verify the security of data, network and to prevent and fight any potential cybercrime. (“Cybercrime Defense and Prevention” purpose).
    The legal basis is the legitimate interest of the Data Controller to maintain the protection of internal IT systems and apply appropriate security measures as well as exercise or defend a right in court [Article 6 (1) (f) of the GDPR].
  4. To carry out market research, statistical analysis and related services (Statistical purposes).
    The legal basis is the legitimate interest of the Data Controller to ensure efficiency and improve its business [Art. 6(1)(f) GDPR].

The provision of your personal data for the purposes indicated above is optional, but in their absence, it may not be possible to establish business relations with the Supplier and/or perform the contract.

Who will your data be shared with?

Your Personal Data may be shared with natural or legal persons expressly authorized to process your personal data pursuant to art. 28 and 29 GDPR.

Moreover, your data will be shared with public authorities if it is mandatory to communicate personal data under the provisions of the law.

The complete and updated list of data recipients can be requested from the Data Controller or the DPO, at the addresses indicated above.

Will Engineering transfer your data out of the EU?

Some of your Personal Data is transferred to Recipients that may reside outside of the European Economic Area.

The Data Controller guarantees that the processing of your Personal Data by these Recipients is performed in compliance with the Regulations in force

How long will your personal data be stored?

Your Personal Data will be stored only for the time necessary in order to fulfill the purposes for which they are collected.

The principle of minimization referred to in Article 5, paragraph 1, letter c) of the GDPR will be respected.

The Data Controller may keep certain data even after the contractual relationship termination, for the time necessary to adhere to contractual or legal obligations. You can receive any additional information on the matter by contacting the Data Controller.

What are your privacy rights?

You have the right to access your data at any time. In particular, you can ask for rectification, erasure, restriction of data processing in certain cases, to obtain the portability of your personal data, as well as make a complaint to the competent supervisory authority (Data Protection Authority).

Furthermore, you can object to the processing of your personal data, where you should give evidence of the reasons that justify the objection.

With the signing of the Contract, the Supplier undertakes to provide this Privacy Policy to all data subjects whose data will be processed and, where necessary, to obtain their consent for personal data processing.

If you want to exercise your rights, please write to or to the Data Controller at the address mentioned above.

Switch The Language