PRIVACY POLICY - INFORMATION FOR CUSTOMERS, SUPPLIERS, PARTNERS AND OTHER PERSONS REFERRED TO IN ARTICLE 13 OF THE EUROPEAN REGULATION NO. 679/2016

 

The General Management as the Data Controller, of Caspian Strategies & IT Management (P.IVA :11275050968) based in Via Bagutta 13, Milan, 20121 (MI), hereby wishes to make an appropriate disclosure to the fixed persons acting on behalf of the suppliers, of the Client Company, involved in contractual or pre-contractual activities of the company Caspian Strategies & IT Management P.IVA 11275050968 pursuant to Article 13 GDPR 679/16 - "European Regulation on Personal Data Protection". Translated with www.DeepL.com/Translator (free version)

1. Data subject to processing

The personal data processed are master and contact data provided or received by the data subject in connection with:

- visits or phone calls or emails;

- direct contacts obtained as a result of participation in events, etc;

- business inquiries, proposing offerte even in the bidding process;

- requests through our website or through the website of suppliers, customers, partners, other parties;

- Transmissions and transactions following the order for the provision of the service or good (supplied/purchased);

2. Purpose of processing.

Personal data of fixed persons acting on behalf of the supplier/customer Company, and other individuals are processed for:

- Forward communications by various means of communication (telephone, cell phone, text message, email, fax, paper mail, etc.);

- Make requests or process requests received;

- Exchanging information financially related to the performance of the contractual relationship, including pre- and post-contractual activities, including servicing;

- execution of obligations provided for by laws, regulations or EU legislation, as well as to comply with measures issued by public authorities empowered to do so or by supervisory and control bodies to which the company is subject (e.g., think of tax assessments, etc.).

The data subject may refit to provide the Controller with personal data. However, the conferral of personal data is necessary for the proper and efficient management of the contractual relationship with the supplier, Client Company, and others involved in the activities of the Controller. Therefore, any refi rement to the provision may jeopardize all or part of the contractual relationship itself or pre and post contractual activities.

3. Legal basis

The processing is necessary for the performance of a contract to which each party is a party or for the performance of pre-contractual or post-contractual measures taken at the request of the supplier/customer Company, or the company pursuant to Art. 6.1(b) of the GDPR). or for the fulfillment of a legal obligation pursuant to Art. 6.1(c) of the GDPR).

4. Methods of processing

The data of the interested parties will be processed in accordance with the principles of lawfulness correctness and transparency, using manual or automated tools, including by means of inclusion in databases, lists and lists suitable for the storage, management and transmission of data, in the manner and to the extent necessary for the pursuit of the aforementioned finality. The company has provided adequate security measures in order to protect the data of fixed persons acting on behalf of suppliers, Client Companies. Data will be processed only by persons authorized to process it in relation to the finality of the processing. The company does not effect automated decision-making processes for the finality indicated.

5. Recipients of the data

The personal data processed by the Data Controller will not be diffused, that is, they will not be made known to unspecified parties, in any possible form, including making them available or simply consulting them. They may, on the other hand, be communicated to the Owner's workers and to some external subjects who collaborate with them, always in compliance with the finities indicated. In particular, these are employees/collaborators who, on the basis of the roles and work duties performed, have been legitimized to process personal data, trained to do so within the limits of their skills and in accordance with the instructions given to them by the Controller. They may, moreover, be disclosed, to the extent strictly necessary, to parties who, for finality of issuing our orders or requests for information and quotations or formulation of offerte, our services, must supply/deliver goods and/or perform/receive on our/your behalf performances or services. The data may be accessed (for fixed purposes of assistance on SW applications, computer networks and for connectivity) by our appointed technicians or external consultants or appointees of companies providing such services appointed as data processors. Infine, they may be communicated to subjects entitled to access them by virtue of provisions of the law, regulations, and EU standards.

6. Transfer of data

The Data Controller does not transfer personal data to third countries or to international organizations. Although at the moment all entities that process data on behalf of the Company as external data controllers are established within the European Union, in the future it may also be necessary to give such data to entities that may be established outside the European Union, in countries that do not guarantee personal data an adequate level of protection under the European Data Protection Regulation 679/2016. The company will, if necessary, transfer data outside the European Union only after taking the precautions established by the European Regulation and after obtaining the necessary guarantees from the indicated subjects and with the consent of the data subjects.

7. Retention of data

The Data Controller retains and processes personal data for the time necessary to fulfill the fixed purposes indicated and in any case for a time not exceeding 15 years, unless otherwise required by law or the need to exercise rights, including in court by the Company. When it is no longer necessary to keep personal data, they will be deleted or destroyed

8. Rights of the data subject

Under Articles 15 to 21 of the Regulations, you may exercise the following rights:

- the right of access i.e., the possibility to obtain confirmation as to whether or not a processing operation is taking place and to acquire information regarding: the finality of it, categories of personal data concerned, recipients of the data particularly if third countries, the retention period where possible and the manner in which they are processed,

- The right to rectification and supplementation of data,

the right to their deletion, whenever the data are not necessary with respect to the finality or if they decide to revoke their consent or object to the processing or if the data are processed unlawfully;

- the right to restriction of processing in the event that you dispute the accuracy of your personal data for the period necessary to effcarry out the relevant verifications, or the processing is unlawful, or if although the data controller no longer needs your data, you request storage for judicial finality;

- The right to data portability to another data controller if the processing is by automated means or based on consent;

- The right to object to the processing.

The same, where exercisable by you may be enforced by writing to a.vismara@caspian-strategies.com specifiing the subject of the request, the right the person intends to exercise, and attaching a photocopy of an identity document attesting to the legitimacy of the request.

9. Proposition of complaint

The data subject has the right to lodge a complaint with the supervisory authority of the state of residence.

10. Data Controller

The data controller is Caspian Strategies & IT Management (P.IVA 11275050968) based in Via Bagutta 13, Milan, 20121 (MI) which may

contact for any issues regarding personal data at the above address or at the following email address commerciale@caspian-strategies.com

You are therefore invited to give wide diffusion and knowledge of this notice to all persons (employees, collaborators, subcontractors, and how many others) whose names and/or personal data, in various capacities, will be provided to the writer in the regular execution of the contractual or pre-contractual relationships existing with Caspian Strategies &IT Management.

Place and Date Milan

Signature of the data controller : Caspian Strategies & IT Management