Privacy

Dear client,
hereby we send the information on the processing of personal data of clients of the Company pursuant to articles 13 and 14 of the (UE) Regulation 2016/679 (the “General Data Protection Regulation” or “GDPR”).

The GDPR, directly applicable in each Member State of the European Union as of 25 May 2018, has introduced new provisions concerning the protection of individuals, with regard to the processing of personal data and the free movement of such data.

The Company will continue to ensure that the processing of personal data of clients is carried out in compliance with fundamental rights and freedoms, as well as in respect of the dignity of the data subjects, as required by the current regulatory provisions, including the GDPR.

We therefore invite you to acknowledge the document.

Best Regards.

POLICY REGARDING THE PROCESSING OF PERSONAL DATA OF CLIENT PURSUANT TO ARTICLES 13 AND 14 OF EU REGULATION 2016/679 (GDPR)

DATA PROCESSING CONTROLLER
Esperia Aviation Services S.p.A.
Via Salaria 825 00138Rome – Italy
Tax ID, and registration number in the Register of Companies of Rome
05119920584
VAT 01358601001
telephone number +39 06 8870 0801
e-mail address.esperia.aviation@pec.it,
Certified Public e-mail address
(“Company”).

Cav. Lav. Franco Pecorini
tel +39 06 8870 0801
e-mail franco.pecorini@esperia-aviation.it

PERSONAL DATA PROCESSED (COMMON DATA)
Data means those relating to natural persons processed by the Company for the stipulation and execution of the contractual relationship with its vendors, such as those of the legal representative of the supplier that signs the contract in the name and on behalf of the latter, as well as the employees/consultants of the supplier involved in the activities referred to in the contract. In the latter case, the source of the Data is the supplier. The Data could also include any judicial data reported in public databases.

SOURCE OF DATA AND CATEGORIES OF DATA COLLECTED AT THIRD PARTIES
Data are collected from the data subject (i.e. directly provided by you) or, during the contractual relationship, acquired from third parties (for example, a company which, check the reliability of suppliers by public databases).

Part 1

PROCESSING PURPOSES
Purposes related to the establishment and execution of the contractual relationship between the supplier and the Company, including:

  • master data management that includes a supplier database;
  • management of supplier qualification;
  • management of purchase order;
  • management of contract;
  • management of inspections and performance evaluation.

LEGAL BASIS OF PROCESSING
Execution of the contract for the Data of the legal representative of the Supplier
Legitimate interest in the Data of the employees/consultants of the supplier involved in the activities referred to in the contract

DATA RETENTION PERIOD
Contractual duration and, after termination, for the period of 10 years.

Part 2

PROCESSING PURPOSES
Fulfilment of administrative-accounting obligations – such as the management of accounting and treasury, as well as invoicing (for example, the verification and registration of invoices), in compliance with the requirements of current legislation.

LEGAL BASIS OF PROCESSING
Need to fulfil a legal obligation to which the Company is subject

DATA RETENTION PERIOD
Contractual duration and, after termination, for the period of 10 years.

Part 3

PROCESSING PURPOSES
If necessary, to ascertain, exercise and/or defend the rights of the Company in front of the court.

LEGAL BASIS OF PROCESSING
Legitimate interest (defence in front of the court)

DATA RETENTION PERIOD
In the case of judicial litigation, for the entire duration of the same, until the exhaustion of the terms of practicability of appeals

Part 4

PROCESSING PURPOSES
Purposes related:

  • to the management of internal and external controls.

LEGAL BASIS OF PROCESSING
Legitimate interest (Protection of the company and corporate assets. Security)

DATA RETENTION PERIOD
Until the end of the employment relationship and, after termination, for the period of 10 years.

Part 5

PROCESSING PURPOSES
Check, through specialized companies, if the supplier is included in an international restricted list, using information in public databases.

LEGAL BASIS OF PROCESSING
Legitimate interest (better management of work activity)

DATA RETENTION PERIOD
For common data: contract duration
For data relating to criminal convictions and offenses: 6 months from the moment the informative file is received

Part 6

PROCESSING PURPOSES
Purposes related to ascertaining the moral suitability of the top managers of suppliers

LEGAL BASIS OF PROCESSING
Legitimate interest (Protection of the company and better management of work activity)

DATA RETENTION PERIOD
For common data: contract duration
For data relating to criminal convictions and offenses: 6 months from the moment the informative file is received

Part 7

PROCESSING PURPOSES
Purposes related to the control of logical access to corporate information systems, in order to guarantee the security of people and goods (for example: log management, management of system administrator logs);

LEGAL BASIS OF PROCESSING
Legitimate interest (Protection of the company and corporate assets. Security)

DATA RETENTION PERIOD
2 years from the moment in which logical access was detected
6 months for system administrator access logs

Once the retention terms indicated above have elapsed, the Data will be destroyed or made anonymous, consistent with th technical procedures for deletion and backup.

DATA SUPPLY
Mandatory for the stipulation of the contract and/or its execution.
The refusal to provide the Data shall therefore not allow the establishment of the contractual relationship and/or the fulfilment of the consequent obligations.

CATEGORIES OF DATA RECIPIENTS
The Data may be disclosed to third parties acting as data processing controllers, for example, banks and credit institutions, insurance companies, freelance (law, notary and accounting firms), supervisory and control authorities and bodies and in general public or private parties entitled to request the Data.
The Data may be processed, on behalf of the controller, by external parties designated as data processors that perform specific activities on behalf of the controller, including in particular companies that deal with legal, accounting, tax and insurance obligations, manage the collections and payments, IT asset and mailing services.

PARTIES AUTHORIZED FOR PROCESSING
The Data may be processed by employees and collaborators of the Company belonging to departments responsible for the pursuit of the aforementioned purposes that have been expressly authorized for processing and have received adequate operating instructions.

TRANSFER OF PERSONAL DATA IN COUNTRIES NOT BELONGING TO THE EUROPEAN UNION
The Data will be stored in a database shared among legal entities belonging to the Compnaie’s Group that are also resident in non-European countries.
The Data may be transferred to non-European countries to legal entities belonging to the Companie’s Group or to other subjects by virtue of a contractual or commercial relationship or for specific business requirements. Transfers are occasional for the stipulation or execution of a contract of with the Company or other natural or legal person in favour of the data subject and therefore admitted pursuant to article 49.1 c) of the GDPR.

RIGHTS OF DATA SUBJECT – COMPLAINTS TO THE CONTROL AUTHORITY
By contacting the address mentioned in first page above the data subjects can ask the Company to have access to their data, deletion, the correction of inaccurate data, the integration of incomplete data, the deletion of data, the limitation of processing in the cases provided for by article 18 GDPR, and oppose the processing carried out for legitimate interest of the controller.
Furthermore, if processing is based on consent or on the contract and is carried out using automated tools, the data subject shall have the right to receive the Data in a structured and commonly used format that can be read on automatic devices, and, if technically feasible, to send them to another controller without impediments.
The data subject shall have the right to file a complaint with the competent Supervisory Authority in the Member State of European Union where they normally reside or work or in the State where the alleged violation has occurred.

Personal data processing form