Notice on personal data processing pursuant artt. 13 e 14 of Regulation 2016/679/UE (“GDPR”)
With referral to the GDPR C.T.I. S.R.L., based in ROMA (RM), VIA ARCHIMEDE N.10 – 00197 as "Data Controller" of
the processing provides some information regarding the use of personal data relating to contractual relationships
with its Suppliers, provided that pursuant to art. 1 of the GDPR are "personal data" only those referring to natural
persons.
Origin of data, purpose of processing and legal basis
The personal data in our possession are collected directly from the Suppliers and / or collaborators or through
agents and representatives in a bid and / or during a relationship or a supply proposal. The data may also be
collected from third parties, such as, for example, data acquired from external companies for the purposes of
commercial information or market research or by our other customers or suppliers.
These data will be used for the following purposes:
obligations related to the establishment of the contractual relationship, in terms of reliability evaluation
of the supplier as well as for statutory obligations, such as accounting and tax;
related to the performance of relationships with suppliers also in terms of the Customer satisfaction
survey;
protection of C.T.I. S.R.L.'s rights and prerogatives and historical data storage.
The provision of data by the Supplier is necessary for the stipulation and execution of contractual relationships or
to comply with legal obligations and in any case for the pursuit of the legitimate interest of C.T.I. S.R.L. to the
correct formation and execution of the contractual relationship, to fulfillment the obligations that arise from it
and, in any case, to the protection of its contractual reasons.
Methods of data processing and security measures
The data will be processed using appropriate tools to guarantee security and confidentiality and can be carried out
not only with manual tools but also through automated tools to store, manage and transmit the data. We also
inform you that any personal data referred to you will be processed in compliance with the manner indicated by
the GDPR, which provides, inter alia, that the data should be:
processed lawfully and correctly;
collected and registered for specific, explicit and legitimate purposes;
exact and, if necessary, updated;
adequate, complete and not excessive in relation to the purposes of the processing.
C.T.I. S.R.L. guarantees that the security and confidentiality of Customer data will be protected through
appropriate protection measures, based on the provisions of Articles 25, 32, 33, 34, 35 and 36 of the GDPR, to
reduce the risks of destruction or loss, even accidental, of data, unauthorized access, or processing not allowed or
not in accordance with the purposes of collection. With reference to the aspects of protection of personal data,
the Customer is invited, pursuant to art. 33 of the GDPR to report to C.T.I. S.R.L. any circumstances or events from
which a potential "breach of personal data (data breach)" may occur in order to allow an immediate evaluation
and the adoption of any actions aimed at combating such event by sending a communication to CRISTINA
MANNARA (cristinamannara@ctisrl.org) or contacting your contractual contact person.
Categories of subjects to whom data can be communicated and retention period
Your data may be communicated, for the purposes indicated, inter alia, to:
C.T.I. S.R.L.
VIA ARCHIMEDE N.10
00197 ROMA (RM)
Email segreteria@ctisrl.org
PEC ctisrl@pec.it
Tel. 0994725932
P. IVA 02136320732
a) to the Financial Administration, to social security and welfare agencies if necessary, to the Public Security
Authority;
b) to transporters or other third parties or entities for services ancillary to the supply;
c) to companies or professional bodies for fraud control and debt collection;
d) to banks and credit institutions in the context of the financial management of the company and insurance
companies;
e) to persons charged with auditing the financial statements and with administrative, tax and accounting
consultants.
They may also be disclosed to public or private legal entities, associative or corporate, to stipulating or executing
contracts, to the extent that said communication is a prerequisite for the submission of tenders in the awarding
procedures, or for the completion and execution of the contract. The personal data you provide may also be
communicated to other companies in our group for the coordination of management activities, including abroad,
both within the EU and extra-UE. Your data will not, subject to specific regulatory provisions, be disclosed.
Personal data will be processed by C.T.I. S.R.L. for the entire duration of the contract and also subsequently to
assert or protect its rights in compliance with the specific legal requirements on data retention. The subjects
belonging to the above categories treat personal data as separate Data Controllers or as Data Processor or
Persons in charge specifically appointed by C.T.I. S.R.L.. All employees, consultants, collaborators and / or any
other "natural person", pursuant to art. 29 of the GDPR, which, authorized for processing, carry out their activities
based on the instructions received from C.T.I. S.R.L. are appointed "Incaricati del trattamento". C.T.I. S.R.L. shall
issue appropriate operating instructions to the persons in charge or to the Data Processor who may be appointed,
with reference to compliance and / or adoption of appropriate security measures, to guarantee the confidentiality
and protection of data.
The right of the data subject
Finally, we inform you that, regarding any personal data, the GDPR recognizes the exercise of specific rights to
natural persons, as a data subject. In particular, the data subject may request confirmation that personal data is
being processed or not, access personal data concerning him and in relation to them he has the right to request
rectification, cancellation, notification of corrections and cancellations to those to whom the data were eventually
transmitted by C.T.I. S.R.L., the limitation of processing in the cases provided for by the law, the portability of
personal data - provided by him in the cases indicated by the law, to oppose the processing of his data and
specifically , has the right to object to decisions concerning him if based solely on automated processing of his
data, including profiling. If he considers that the treatments concerning him violate the rules of the GDPR, he has
the right to lodge a complaint with the Supervisory Authority pursuant to art. 77 of the GDPR.
Data Controller
Data Controller is C.T.I. S.R.L., VIA ARCHIMEDE N.10 – 00197 ROMA (RM) P.IVA: 02136320732 - CF: 02136320732.