IPI Headquarter

Address

Via Giuseppe Piermarini 19 
06132 San Sisto (PG)
Perugia - Italy

 

Contacts

  1. INFO@IPI-SRL.COM
  2. +39 075 528521

Do you want more information?

Country

(“Privacy Policy”)
Version May 2023                                                                                                                                                           

SUMMARY

1. INTRODUCTION
2. CONTROLLER AND CONTACT DETAILS
3. DATA SUBJECTS
4. PURPOSE OF PROCESSING, CATEGORIES OF DATA AND LEGAL BASIS
5. DATA RETENTION PERIOD
6. OPTIONAL/MANDATORY PROVISION OF PERSONAL DATA
7. PERSONS ACTING UNDER THE AUTHORITY OF THE CONTROLLER AND OTHER RECIPIENTS
8. TRANSFER OF DATA TO THIRD COUNTRIES (EXTRA EU OR EEA)
9. RIGHTS OF THE DATA SUBJECT

10. RIGHT TO OBJECT
11. COMPLAINT

1. INTRODUCTION

This Privacy Policy, in accordance with the General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data(“GDPR”), aims at providing our customers and suppliers (also potential ones) with all the information related to the processing of their personal data (“Data”) carried out in order to enter into, manage and terminate contractual relationships with IPI S.r.l.

2. CONTROLLER AND CONTACT DETAILS

IPI S.r.l. (“IPI”), with registered office in Italy, San Sisto (ZIP 06132 - PG), Via Giuseppe Piermarini n.19;

3. DATA SUBJECTS

Natural persons who establish relationships with IPI as:

  • Customers, also potential ones;
  • Suppliers, also potential ones (e.g., consultants, contractors and sub-contractors);
  • Representatives/Contact persons of legal persons (e.g., of customers, contractors and sub-contractors);
  • Personnel of Suppliers;

4. PURPOSE OF PROCESSING, CATEGORIES OF DATA AND LEGAL BASIS

PURPOSES OF PROCESSING:

CATEGORIES OF DATA:

LEGAL BASIS:

a. to enter into and perform contractual relationships with Customers and Suppliers (also potential ones), as well as to comply with the related legal obligations (for instance, the obligations provided for by the law concerning the protection of health and safety in the workplace (as per Legislative Decree 81/2008), with particular reference to the assessment of the technical/administrative suitability of Suppliers).

- data collected through the contact form available on the Website

- data concerning the assessment of financial reliability

-identification data (name and surname, tax code);

contact data (phone number, email/certified email and address);

- data concerning professional qualifications and working/job positions;

- billing data(VAT, business/company name)

payment data (for instance, bank account details or details related to credit cards);

- data obtained in the context of technical interventions, including evolutionary maintenance.

- performance of contractual obligations or pre-contractual requests (article 6.1.b. GDPR);

- compliance with a legal obligation (article 6.1.c. GDPR)

b. to verify that Personnel of Suppliers hold the necessary qualifications and certificates showing the suitability for carrying out certain activities/jobs, as required by the by the laws concerning the protection of health and safety in the workplace and to verify the regularity of fulfilment of remuneration, social security contribution as well as regularity of fulfilment of insurance and/or fiscal obligations and however the compliance with legal obligations by contractors and sub-contractors, also with a view to protecting IPI having regard to its joint liability.

identification data of Personnel of Suppliers

- data concerning qualifications and working/job positions related to Personnel of Suppliers;

- data concerning remuneration, social security contribution, insurance and/or fiscal aspects related to Personnel of Suppliers;

- data concerning professional qualifications and skills to carry out certain jobs/activities related to Suppliers and Personnel of Suppliers.

As regards to common data:

- compliance with a legal obligation (article 6.1.c. GDPR);

legitimate interest of the controller (article 6.1.f. GDPR).

As regards to special categories of data (health data):

- - carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law (article 9.2.b GDPR);

- reasons of substantial public interest (article 9.2.g GDPR).

c. to verify and check the absence of any conduct that could represent as potentially or actually a crime under the Italian Legislative Decree n. 231/2001 concerning the corporate liability, as well as to verify the absence of potential related risks (e.g., criminal convictions and/or disqualifications measures referred to Suppliers).

data already processed by IPI by virtue of existing relationships with Customers and Suppliers (also potential or former ones);

further data collected by IPI as a consequence of controls, inspections and/or audits to the extent permitted by law.

As regards to common data:

legitimate interest of the controller (article 6.1.f. GDPR);

purposes compatible with the purpose for which personal data have been collected (article 6.4. GDPR).

As regards to special categories of data:

- - reasons of substantial public interest(article 9.2.g GDPR).

As regards to data relating to criminal convictions and offencesthe processing is carried out in accordance with the provisions set forth in article 10 GDPR and article 2-octies of the Italian Legislative Decree n.196/2003.

d. except where the right of objection has been exercised by Customers(“Opt-out”, see paragraph 10 of the Privacy Policy), to send - within the framework of a previous sale of a product or service - general informational, promotional and advertising communications concerning the goods and/or services provided by IPI or the corporate group of which IPI is part similar to the ones previously purchased by the Customers (c.d. “Soft Spam”).

email address of Customers and/or the relevant Representatives/Contact persons.

- legitimate interest of the controller (article 6.1.f. GDPR).

e. to send marketing, promotional and adverting communications and materials concerning the products and/or services provided by IPI or by the corporate group of which IPI is part.

contact data(name and surname);

-Company of belonging and related Country;

email address of Customers and/or the relevant Representatives/Contact persons;

phone number of Customers and/or the relevant Representatives/Contact persons;

data collected through the contact form available on the Website, whenever the data subject has given its consent to the processing of its data for marketing purposes.

consent(article 6.1.a GDPR).

 

5. DATA RETENTION PERIOD

Data of Suppliers, Customers and the related Representatives/Contact persons and Data of Personnel of Suppliers are processed by IPI for the entire duration of the contractual relationship and, without prejudice to Data that must be retained to comply with legal obligations (e.g. invoices, transport/shipping documents and other documents required for the accounting records), are erased after the termination of the contractual relationship, once expired the periods of limitation from time to time applicable, as provided by the applicable law, usually corresponding to ten years from the termination of the relationship.

Data of Personnel of Suppliers, processed by IPI by virtue of its joint liability as required by law, are retained until the expiration of the joint liability period pertaining to IPI and/or the related periods of limitation as established by the applicable laws.

In order to pursue the purposes related to fulfilment of legal obligations concerning the protection of health and safety in the workplace regarding the assessment of suitability of contractors/sub-contractors (paragraph 4a of the Privacy Policy) and verifications of Personnel of Suppliers (paragraph 4b of the Privacy Policy), IPI – as a mean of the processing activities - relies on a supplier portal.

Data processed for the purposes of verifications, controls and/or inspections carried out under the scope of the Italian Legislative Decree n. 231/2001 are retained for no longer than it is necessary in order to perform the related activities and are erased once expired the period of limitation set forth by the applicable law, usually corresponding to five years, without prejudice to reports made by the Supervisory Committee of IPI as a consequence of verifications, controls and/or inspection activities.

The above-mentioned data retention criteria/periods could be extended in the event a lawsuit has been filed before courts/ judicial authorities or in the event of any out-of-court negotiations/settlements. In such cases, Data shall be processed until the dispute has been settled.

Data processed for Soft Spam purpose (paragraph 4d of the Privacy Policy) are processed until the Customers’ exercise of the right to object Opt-out and, in any case, such data are erased once the term of 24 (twenty-four) months has elapsed from the previous commercial relationships with IPI.

Data of Customers and/or the Representatives/Contact persons which are processed for marketing purposes (paragraph 4e of the Privacy Policy) are processed until withdrawal of the related consent, provided however that such data are erased after 24 (twenty-four) months, unless a consent renewal is collected or the Data are anonymized.

6. OPTIONAL/MANDATORY PROVISION OF PERSONAL DATA

Except for the purpose described in point 4e, in relation to which the provision of Data is optional and the related consent can be withdrawn at any time, the provision of Data is essential to IPI in order to comply with legal obligations to which IPI is subject as well as to fulfil its contractual obligations or to take steps at the request of data subjects prior to entering into a contract. The failure of providing such Data, wholly or partially, will prevent IPI from replying to the above-mentioned requests, to perform its contractual obligations and/or to comply with the relevant legal obligations.

7. PERSONS ACTING UNDER THE AUTHORITY OF THE CONTROLLER AND OTHER RECIPIENTS

a) persons acting under the authority of IPI(in particular, employees and collaborators), also including the members of the Supervisory Committee, specifically authorized and instructed on the processing of Data;

b) external recipients(also including other suppliers), belonging to the following categories (i) entities/persons performing shipping and/or delivery activities of IPI’s products; (ii) parent company and other companies belonging to the corporate group of which IPI is part, (iii) service providers for the IT infrastructure’s implementation, development, management, assistance and maintenance, with particular reference to the management software and portals/platforms used to manage relationships with Suppliers and the CRM used for marketing purposes; (iv) providers of management software, applications, hardware and the related assistance and maintenance services; (v) providers of connectivity and email services and the related assistance and maintenance services; (vi) legal, accounting, tax, environmental and health and safety consultants; (vii) banks/credit institutions and insurance companies; (viii) public authorities/entities, even for purposes different from the ones for which Data have been originally collected.

8. TRANSFER OF DATA TO THIRD COUNTRIES (EXTRA EU OR EEA)

In principle, Data are not transferred to third countries outside the European Union or the European Economic Area. If such a circumstance should occur, the transfer, in any case, shall take place upon verification of compliance with articles 44 and following of the GDPR.

In particular, the transfer of Data – if any - from IPI to other group companies, located outside the EU or the EEA will take place on the basis of intercompany agreements and after having signed the applicable standard contractual clauses.

Exclusively for products to be delivered to recipients located outside the EU or the EEA, the relevant transfers of Data, will take place according to art. 49 lett. b of the GDPR as it will be necessary for the performance of a contract entered into by the Customer and IPI.

9. RIGHTS OF THE DATA SUBJECT

The data subjects, using the contact details provided in paragraph 2, can exercise the following rights:

- right to obtain information on the processing and access to the Data (articles 12, 13, 14 and 15 GDPR);

- right to rectification (article 16 GDPR);

- right to erasure (article 17 GDPR);

- right to restriction and to object the processing (articles 18 e 21 GDPR);

- right to be notified in case of rectification or erasure of personal data or restriction of processing (article 19 GDPR);

- right to data portability (article 20 GDPR).

10. RIGHT TO OBJECT

According to the same modalities set out in the paragraph above, the data subjects can object, wholly or partially, to the processing of the Data where the relevant legal base is represented by the legitimate interest of IPI, in accordance with article 21 GDPR.

11. COMPLAINT

Every data subject who believes that the Data concerning him or her are processed in violation of the GDPR, shall have the right, according to article 77 GDPR, to lodge a complaint with a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement. For more information, here’s the link to the Italian Supervisory Authority: https://www.garanteprivacy.it/web/garante-privacy-en/home_en.

 

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.