General information

We inform all customers/suppliers (interested in the process) and their contact persons (hereinafter "interested", ex Art.4, c.1 of the GDPR) that the professional relationships established with the undersigned owner may involve the processing of personal data, in compliance with the following general principles:

  • all data are processed in a lawful, fairly and in a transparent manner in relation to the data subject, in compliance with the general principles established by Art. 5 of the GDPR; specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access;
  • the Data Controller is the undersigned Company Cosmed srl, via Bruno Buozzi 77 - 00197 Rome (RM)
  • You can contact the Data Controller to exercise all the rights provided for by Article 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), as well as revoke a previously agreed consent or propose a complaint to the Data Protection Authority.

Object of the treatment

The Data Controller processes personal identification data of the customer/supplier (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and of its operational contact persons (name surname and data contact information) acquired and used in the provision of services provided by the Data Controller.

Purpose and legal basis of the processing

Data are processed:

  1. to conclude contractual/professional relationships;
  2. to fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
  3. to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority
  4. to exercise a legitimate interest as well as a right of the Owner (for example: the right of defense in court, the protection of credit positions, the ordinary internal needs of an operational, managerial and accounting nature).
  5. to define your commercial profile.
  6. to use your commercial profile for marketing or advertising purposes.
  7. for necessary accounting procedures, such as emailing commercial invoices.
  8. to provide information to the selected business partners needed to supply your service.

Failure to provide the aforementioned data at letters a,b,c,d,e will make it impossible to establish the relationship with the Owner. The aforementioned purposes represent, pursuant to Article 6, paragraph b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes, a specific consent will be required from the interested parties.

Method of treatment

The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which it was collected and related legal obligations.

Scope of treatment

The data are processed by internal subjects regularly authorized and instructed according to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects operating as managers or independent data controllers (consultants, technicians, banks, transporters, etc.). We also inform you that personal data may be the subject of intercompany communication between Group companies. The data are not subject to diffusion or transfer to non-EU countries. If it becomes necessary, in the context of tenders/contracts or in the performance of regulatory obligations (eg joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.) acquire personal data of their employees from customers / suppliers, it is agreed between the parties that the undersigned company will be entitled to the processing as external manager (Art.28 GDPR) or authorized subject (Art.29 GDPR). As part of this report, the undersigned company undertakes to process such data in compliance with the compliance requirements established by the GDPR, guaranteeing any communication to other parties exclusively within the scope of specific legal obligations.