Dear Customer,
we hereby transmit the information regarding the processing of personal data of the Company’s customers in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (the “General Data Protection Regulation”, hereinafter also “GDPR”).
The GDPR, which is directly applicable in each member state of the European Union as of May 25, 2018, introduced new provisions on the protection of natural persons with regard to the processing of personal data as well as the free movement of such data.
The Company ensures that the processing of its customers’ personal data is carried out with respect for the fundamental rights and freedoms, as well as the dignity of the data subjects, as provided for in the applicable laws and regulations, including the GDPR.
We therefore invite you to take a look at the document.
With best regards
INFORMATIVE CONCERNING THE PROCESSING OF PERSONAL DATA IN THE CONTEXT OF CONTRACTS WITH CUSTOMERS
PURSUANT TO ARTICLES. 13 AND 14 OF REGULATION (EU) 2016/679 (“GDPR”)”
DATA CONTROLLER
Esperia Aviation Services S.p.A.
Via Salaria 825 00138 Rome – Italy
Tax Code and Registration Number in the Register of Companies of Rome 05119920584
VAT Number 01358601001
telephone number +39 06 8870 0801
PEC address esperia.aviation@pec.it
(“Company“).
Cav. Lav. Franco Pecorini
Phone number +39 06 8870 0801
E-mail address franco.pecorini@esperia-aviation.it
PERSONAL DATA PROCESSED
By “Data” is meant those relating to individuals processed by the Company for the purpose of entering into and executing the contractual relationship with its suppliers, such as those of the legal representative of the supplier who signs the contract in the name and on behalf of the latter, as well as of the supplier’s employees/consultants, involved in the activities referred to in the contract. In the latter case, the source of the Data is the supplier. The Data could also include any judicial data reported in public databases.
SOURCE OF DATA AND CATEGORIES OF DATA COLLECTED FROM THIRD PARTIES
Data are either collected from the data subject (thus directly provided by you) or, during the course of the contractual relationship, acquired from third parties (by way of example, companies that, by accessing public databases, verify the reliability of suppliers).
Item 1
PURPOSES OF THE PROCESSING
Purposes related to the establishment and execution of the contractual relationship between the supplier and the Company, including:
- Master data management as well as Supplier Register;
- Supplier qualification management;
- order management;
- Management of the contractual relationship;
- Management of inspection visits and performance evaluation.
LEGAL BASIS OF THE PROCESSING
Performance of the contract for the Data of the Supplier’s legal representative.
Legitimate interest for the Data of the Supplier’s employees/consultants, involved in the activities under the contract.
DATA STORAGE PERIOD
Contractual term and, after termination, for the period of 10 years.
Item 2
PURPOSE OF THE PROCESSING
Carrying out administrative-accounting tasks-such as accounting and treasury management, as well as invoicing (e.g., verifying and recording invoices), in accordance with the requirements of current regulations.
LEGAL BASIS FOR PROCESSING
Need to fulfill a legal obligation to which the Company is subject.
DATA STORAGE PERIOD
Contractual term and, after termination, for the period of 10 years.
Item 3
PURPOSE OF THE PROCESSING
If necessary, to ascertain, exercise and/or defend the Company’s rights in court.
LEGAL BASIS FOR PROCESSING
Legitimate interest (defense in court).
PERIOD OF DATA STORAGE
In the case of court litigation, for the duration of the litigation, until the time limits for appeal actions are exhausted.
Item 4
PURPOSES OF PROCESSING
Related purposes:
- To the management of internal and external controls;
LEGAL BASIS OF TREATMENT
Legitimate interest (Protection of the company and company assets. Security).
PERIOD OF DATA STORAGE
Until the end of employment and, after termination, for the period of 10 years.
Item 5
PURPOSE OF PROCESSING
- verify, through specialized companies the reliability of the supplier using information in public databases.
LEGAL BASIS OF TREATMENT
Legitimate interest (better management of work activity).
DATA STORAGE PERIOD
For common data: contractual duration.
For data on criminal convictions and offenses: 6 months from the time of receipt of the information file.
Item 6
PURPOSES OF THE PROCESSING
Purposes related to the control of logical access to the company’s information systems in order to ensure the security of people and property.
LEGAL BASIS OF TREATMENT
Legitimate interest (Protection of the company and company assets. Security).
DATA STORAGE PERIOD
1 year from the time logical access was detected.
After the above retention periods have expired, the Data will be destroyed or anonymized, consistent with the technical procedures for deletion and backup.
PROVISION OF DATA
The provision of Data is mandatory for the conclusion of the contract and/or its execution. Therefore, the refusal to provide the Data does not allow the establishment of the contractual relationship and/or the fulfillment of the resulting obligations.
RECIPIENTS OF DATA
Data may be communicated to external parties operating as data controllers, by way of example, banks and credit institutions, insurance companies, self-employed professionals (legal, notary and accountant firms), authorities and supervisory and control bodies, and in general subjects, public or private, entitled to request the Data.
Data may also be disclosed to European and non-European legal entities of the Group to which the Company belongs as well as, for contractual and commercial purposes, to clients and partners.
The Data may be processed, on behalf of the owner, by external parties designated as external data processors, who carry out specific activities on behalf of the owner, for example, companies dealing with legal, accounting, tax and insurance compliance, management of collections and payments, management of IT assets, companies dealing with the dispatch of correspondence.
PERSONS AUTHORIZED TO PROCESS
Data may be processed by employees of the Company Functions assigned to the pursuit of the above purposes, who have been expressly authorized to process and have received appropriate operating instructions.
TRANSFER OF PERSONAL DATA TO NON-EUROPEAN UNIONCOUNTRIES
Data may be transferred to non-European countries to other entities pursuant to a contractual or commercial relationship or for specific business needs. The transfer is occasional in order to conclude or perform a contract between the company or other natural or legal persons for the benefit of the data subject and, therefore, permitted under Article 49.1(c) of the GDPR.
RIGHTS OF THE DATA SUBJECT – COMPLAINTS TO THE CONTROL AUTHORITY
By contacting the Data Controller by e-mail at the address indicated in the epigraph, the data subject may request from the Company access to the Data concerning him/her, their deletion, the rectification of inaccurate Data, the integration of incomplete Data, the deletion of Data, the limitation of processing in the cases provided for by Article 18 GDPR, as well as object to the processing carried out for legitimate interests of the Data Controller.
In addition, the data subject, in the event that the processing is based on consent or contract and is carried out by automated means, has the right to receive in a structured, commonly used and machine-readable format the Data, as well as, if technically feasible, to transmit it to another data controller without hindrance.
The data subject has the right to lodge a complaint with the competent supervisory authority in the Member State where he or she normally resides or works or in the State where the alleged violation occurred.
