Customers and Suppliers
According to the Article 13 of the Legislative Decree No 196/2003 (after called “Codice Privacy”) and to the Article No 13 of the European Union Regulation 2016/679 (after called “GDPR”), we inform you that the personal data you provided, or acquired by us within our activities, will be processed in respect of the above-mentioned regulations and confidentiality obligations which underline our business activity.
1. Controller’s identification details (and any other entities)
The Controller is Oryza Srl domiciled in via Caduti di Nassiriya 7b, 13038 Tricerro VC, Italy.
2. Nature of Data processed
We process your biographical and fiscal data, as well as the economic ones, necessary for the performance of the contractual agreement, existing or future, with your company.
We could obtain personal identifying data from your personnel.
3. Processing purposes
These data will be processed by Oryza srl for the following purposes:
- execution of a contract;
- fulfilment of obligations provided for by laws linked to the contractual agreement;
- contract management, for example rapport with agents, representatives, principals and/or contractors;
- any external professional collaboration to fulfil law obligations;
- protection of contractual rights;
4. Processing modalities
The processing of your personal data is performed by activities specified in Article 4 of “Codice Privacy” and in Article 2 of “GDPR”, precisely: collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The personal data will be processed in paper, computerised and telematic form, by suitable instruments to guarantee security and privacy, and entered in the relevant databases which can be accessed by specific trained personnel.
The personal data processing you provided can be performed, by our company, with the above-mentioned modalities and with the same security and privacy standards, from companies, institutions or consortia that provide us specific elaborated services, as well as bodies (public or private) that perform complimentary activities such as our company, which is necessary to the operations or services performance you requested immediatly or you’ll request in the future.
5. Data retention period
The personal data will be stored for 30 years form the last contractual relation, afterwards they will be deleted and/or destroyed. The legal data will be stored according to law.
6. Scope of data communication and distribution
We won’t spread your data, intended as giving them to undetermined subjects, also providing and consulting them. We can communicate your data, intended as giving them to one or more determined subjects, to:
- Subjects who can access the data by legislative provisions, regulation or Community legislation, within the limits set by those rules (Legal Authorities);
- Subjects who need to access your data for auxiliary purposes, linked to our contract, within strictly necessary limits to perform auxiliary duties;
- Our consultants subjects, within the necessary limits to perform their assignment in our enterprise, previous our assignement letter requiring the duty of security and privacy (insurance company for the provision of insurance services).
7. Scope of data access
Your data can be made accessible to (according to the Article 3):
Controller’s formed employees and assistants and/or system administrators;
third parties (indicatively and not exhaustively, credit institutions, professional firms, consultants, insurance companies for the provison of insurance services, etc.) that will perform outsourcing activities on the behalf of the controller.
8. Rights referred to the Article 7 of the Legislative Decree No 196/2003 and to the Articles 15, 16, 17, 18, 20, 21 and 22 of the European Union Regulation 2016/679
We inform you that, as data subject, you have the right to complain to the supervisory authority the rights listed below, and you can assert them by submitting the request to the Controller and/or to the Processor, as referred to in point 1.
Article 15- Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the processing information.
Article 16 – Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Article 17 – Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
Article 18 Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the
data subject, for a period enabling the controller to verify the accuracy of
the personal data;
- the processing is unlawful and the data subject
opposes the erasure of the personal data and requests the restriction of their
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
Article 20 – Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Article 21 – Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
Article 22 Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
9. Procedure for the exercise of any right
You may exercise your rights anytime by sending an e-mail to firstname.lastname@example.org .
10. Withdrawing of the consent to processing
Please note that, according to the Article 7 of the European Union Regulation, you have the right to withdraw, on paper, your consent to processing your personal data.
Place and date
The processing Controller