Privacy Policy

Privacy Policy

ATTACHMENT 15E
INFORMATION NOTICE TO CUSTOMERS, SUPPLIERS, PARTNERS AND OTHER DATA SUBJECTS,
PURSUANT TO ART. 13 OF EU REGULATION NO. 679/2016

1. Processed Data

The personal data being processed refer to personal or contact details provided or received by the Data Subject in the following occurrences:
– visits, telephone calls or e-mails;
– direct contacts through attendance in events etc.;
– business enquiries and proposals, quotations and tender bids;
– queries submitted via our Website or our suppliers’, customers’, partners’ and other Data Subjects’ Websites;
– communications and transactions following a purchase order for the supply of goods or services (whether supplied or procured).

 

2. Purposes of Data Processing

The personal data of any individuals operating on behalf of suppliers or customer companies as well as other Data Subjects are processed for the following purposes:
– forwarding communication via various media (landline, mobile, text, e-mail, fax, regular mail etc.);
– placing enquiries or responding to enquiries being received;
– exchanging information aiming at contract performance, including pre- and post-contract activities as well as support services;
– fulfilment of legal and regulatory obligations and compliance with EC standards, or abiding by orders issued by duly authorized public authorities or supervisory and governance bodies that the Company is subject to (such as tax assessments and the like).
Data Subjects may refuse to submit their personal data to the Data Controller. However, providing personal data is required for the proper and effective management of contracts with suppliers, customer companies as well as other Data Subjects involved in the Data Controller’s business activities. Therefore, failure to provide personal data may fully or partly prevent the proper performance of contracts or pre- and post-contract activities.

 

3. Legal Grounds for Data Processing

The personal data submitted to the Company shall be processed in the performance of the pre- and post-contract activities arising from the execution of the existing contracts and agreed upon with suppliers and customer companies, or requested by the company pursuant to Art. 6.1, para. b) of GDPR, or the fulfilment of legal obligations pursuant to Art. 6.1, para. c) of GDPR.

 

4. Data Processing Method

The personal data submitted by Data Subjects shall be processed fully abiding by lawfulness, fairness and transparency principles, by means of manual or automated systems, including recording said data in suitable databases, lists and files with a view to data retention, management and transfer, with the methods and restrictions required to achieve the aforesaid purposes. The Company has the proper data security measures in place to protect the personal data of any individuals operating on behalf of suppliers and customer companies. Data shall exclusively be processed by authorized personnel with a view to the purposes of data processing. The Company does not perform automated decision-making processes for said purposes.

 

5. Data Recipients

The personal data processed by the Data Controller shall not be transferred or disclosed to undetermined individuals in any form whatsoever, including their availability or simple reference. However, said data can be communicated to the Data Controller’s personnel as well as their contractors, still in full compliance with the stated purposes.
Namely, data can be processed by those employees/contractors whose positions and tasks involve their being authorized to process personal data, trained to do so within the scope of their capacity and in compliance with the instructions provided by the Data Controller. Furthermore, as strictly required, said data may be communicated to any individuals or entities that must supply/deliver goods and or perform/be provided services upon our/your request, for purposes connected to order issuing or business enquiries and quotations or proposals as well as our services. For purposes connected to IT network, SW application and connection support services, said data might be accessed by our duly authorized engineers or consultants or operators from companies provided the aforesaid services and appointed as Data Processors. Finally, said data may be communicated to any individuals or entities whose access is authorized by virtue of law provision, regulations or EC standards.

 

6. Data Transfer

The Data Controller does not transfer any personal data to foreign countries or international organizations. Even though all entities processing data on behalf of the Company as third-party Data Processors are located within the European Union, in the future said data may be required to be transferred to extra-European entities located in countries where ad adequate personal data protection level is not guaranteed to comply with the European Data Protection Regulation 679/2016. If necessary, the company will only transfer data to extra-European countries after adopting all the applicable measures required by the European Regulation and obtaining the required guarantees by data processors as well as the consent of Data Subjects.

 

7. Data Retention

Personal data shall be processed and retained by the Data Controller for as long as required for the aforesaid purposes, and in any case no longer than 15 years, unless otherwise required for the Company to abide by legal obligations or exercise its rights, including in legal proceedings.
Personal data shall be destroyed or deleted when their retention is no longer required.

 

8. Rights of the Data Subject

In your position as data subject, you can exercise the following rights, as provided for by Articles 15 through 21 of the GDPR:
– right to access, that is, to obtain confirmation as to whether or not personal data concerning you exist and are processed, and be provided information as to processing purposes, personal data categories being involved, Data Recipients, especially if located in foreign countries, data retention period, where possible, and data processing method;
– right to amendment or integration of the data;
– right to data erasure, should data processing not be required for the relevant purposes or if the Data Subjects should decide to withdraw their consent or oppose data processing, or should data be processed unlawfully;
– right to request the restriction of data processing in the event that the correctness of personal data is challenged, for as long as required to perform the relevant assessment or if said data are processed unlawfully, or if you request the retention of your personal data for judicial purposes though the Data Controller no longer needs them;
– right to request Data portability to another Controller, should data processing be performed by automated means or is based on the Data Subject’s consent;
– right to oppose data processing.
Where applicable, you can exercise the aforesaid rights by writing to amb_engineering@ambgroup.it, specifying the reason for your request, the right that the Data Subject intends to exercise and attaching a copy of your proof of ID to prove the lawfulness of your request.

 

9. Right to Claim

Data Subjects have the right to put forward a complaint to the Data Protection Authority in their country of residence.

 

10. Data Controller

The Data Controller shall be A.M.B. ENGINEERING S.P.A. – from A.M.B. ENGINEERING S.P.A. (01380910032), a company located at Via Aldo Moro 2, Novara, 28100 (NO), that you may contact for any queries on your personal data processing, to be sent to the aforesaid address or the following e-mail address: amb_engineering@ambgroup.it
As a consequence, would you please disseminate and communicate this information notice to any and all individuals (whether employees, contractors, sub-suppliers and the like) whose names and/or personal data are submitted to our Company for various reasons, within the scope of the proper performance of contract or pre-contract activities with A.M.B. ENGINEERING S.P.A.

 

A.M.B. ENGINEERING S.P.A.
Novara, 25/10/2022