Privacy Policy Customer-Supplier

Information notice for Customers and Suppliers
Pursuant to EU Regulation 679/2016

We hereby advise you that, in order to manage and perform relations with its partners, Polynt Spa needs to acquire, through its website, verbally, directly, indirectly or through third parties, some data qualified as “personal data” pursuant to Legislative Decree No. 196/2003 and later amendments and additions thereto (Hereinafter the “Privacy Code”) and EU Regulation 2016/679 (hereinafter “GDPR” and collectively Privacy Code and GDPR “Applicable Regulations”).
To this end, pursuant to Art. 13 of the GDPR, we invite you to view this information notice.

Identity and contact data of the Data Controller

The Data Controller is Polynt S.p.A. with headquarters in Scanzorosciate (BG), via Enrico Fermi, 51, (hereinafter the “ Data Controller”). Their contact data are:

Purpose of the processing and Legal Grounds: obligation and right of data provision

The personal data are processed by our organisation for the following purposes:
a) Fulfilment of pre-contract and contract obligations and management of the contract (e.g. activities for concluding the contract, billing, managing complaints, pre- and after-sales service, etc.);
b) Performing the contract;
c) Exercise of the legitimate rights and interests of the Data Controller, by way of example and not limitation: economic-financial assessment, requesting documentation proving the possession of certain requirements, right of defence in court, administration and accounting operations connected to in-house organisation needs and to in-house accounting, to controls;
d) fulfilment of obligations under current regulations towards Public Administrations, also related to the contract.

The legal grounds for processing are: fulfilment of pre-contract and contract between the parties, fulfilment of legal obligations and the legitimate interest consisting of the need to guarantee proper operation of the in-house organisation. Therefore processing of the personal data under letters a), b), c), d) is legitimate and does not require prior consent as provided for by Art. 6 GDPR.
Provision of your data for the purposes under a) b) c) d) above is optional, however failure to do so will make it impossible to conclude the contract or provide the services you requested.

Manner of processing and retention time

Data processing will be carried out using tools which guarantee security and confidentiality, and will be carried out both using paper and using electronic and computer tools able to record, manage and transmit the data.
The data will be retained for the time necessary to achieve the purpose for which they were collected and later processed. After conclusion of the contract, the Data Controller may retain certain data for the period of time needed to fulfil legal obligations, and in any case for no less than the ordinary statute of limitation for rights.

Categories of addressees. Parties who may become aware of the data

The personal data you provide or which we may have acquired during the pre-contract period and as a consequence of the contract may be communicated to the following parties who carry out functions strictly connected or instrumental to our business:
– Staff of Polynt S.p.A. as parties appointed to carry out the processing to handle the procedures for the contract between the parties; the staff has been duly instructed concerning security of personal data pursuant to the Applicable Regulations;
– Parties whose activity is necessary to execute the contracts which you are a party to, or to carry out checks before conclusion of the contract (e.g.: Banks for collection and payment operations; Institutes providing business information; Postal delivery companies or legal offices to safeguard rights. These parties act as autonomous Data Controllers.
– Third parties to whom our company, in order to perform the above purposes, may outsource certain activities involving processing your personal data, for example: Companies or consultants who may provide services for book keeping or proper performance of tax and legal obligations, administrative services, auditing, IT system management, cloud computing, credit recovery, mass storage. These parties operate on behalf of our company and for this reason are specially appointed from time to time as External Processors pursuant to Art. 28 GDPR.
– Public Administrations fulfilling legal obligations, state entities assigned to check proper accounting and tax performance according to the law, security authorities and, more in general, parties who have a right to access the data recognised by specific laws or by a measure issued by an authority with the legitimacy to do so.

The personal data you provide may also be communicated to Companies belonging to the company Group (holding, subsidiary or related pursuant to Art. 2359 of the Civil Code, i.e. to companies subject to shared control, as well as parties belonging to consortia, business networks and temporary groups and associations of businesses) which, considering our international nature, may be located abroad, also outside the European Union.
Personal data mainly mean contact data (i.e. Company email, first and family name of the legal representative as well as of the signatory of the contract) and that any communication of personal data will be strictly related to execution of the contract.
Your data will not be disseminated, that is they will not be made known to undetermined parties.

Your rights

Pursuant to the Applicable Regulations, the data subject is entitled to demand from Polynt Spa, at any time, access to their Personal Data, rectification or erasure, or to object to their processing, to limit the processing, to request data portability and to receive in a structured format, of common use and readable from an automatic device, the personal data which concern them, except for such Personal Data as may be essential for Polynt Spa to fulfill its legal obligations. The data subject may obtain this by a request in writing addressed to the Data Controller at the postal address or by email, as specified under item a) above.
Pursuant to Applicable Regulations, the data subject will enjoy the right to lodge complaint with the relevant controlling authority (Authority for the Protection of Personal Data) should he believe his Personal Data have been processed in a manner contrary to current regulations, or sue in court.


Document: Edition No. 3, June 27, 2019.