Information to be provided to suppliers pursuant to article 13 of Regulation (EU) 2016/679 and the Privacy Code (Legislative Decree 196/2003) as amended by Legislative Decree 101/2018 and subsequent decrees relating to the protection of personal data processing.
In accordance with Article 13 of the Regulation (EU) 679/2016 (Regulation) and the Privacy Code (Legislative Decree 196/2003) as amended by Legislative Decree 101/2018 and subsequent decrees, hereinafter for the sake of brevity, Privacy, Starhotels S.p.A. (hereinafter “Starhotels”), as the Data controller, informs that the Supplier’s personal data will be processed in a way that is both transparent and relevant and in accordance with the principles of lawfulness, and necessity under the current applicable provisions.
Purposes of the processing
Data are collected and processed in order to:
1. fulfil all transactions required by regulatory obligations;
2. carry out the transactions strictly connected and instrumental to the starting of the relationship between Starhotels and the Supplier, including the acquisition of information preliminary to the signing of the contract;
3. manage the relationships related to administrative and accounting activities, orders, shipping, invoicing, services and any disputes;
4. carry out the assessment, where necessary, based on ISO 9001:2015 specifications, Legislative decree no. 196/03 and the GDPR EU 2016/679;
and will be processed in accordance with the principles of correctness, lawfulness, transparency and protection of your confidentiality and your rights.
The contractual, product and service purchase, trade and other disputes and promotional purposes cover the processing of the Supplier’s data only. The Supplier’s data will be processed throughout the entire term of the contracts agreed and also subsequently to fulfil all legal obligations and for future trade purposes.
Means of processing
The treatment of data for the above purposes will take place through both automated, electronic or magnetic and non-automated, paper-based means in accordance with the rules of confidentiality and security provided by the law, the related regulations and internal policies.
Place of data processing
The data are currently processed and stored at the Data controller’s administrative office in Viale Belfiore 27, 50144, Florence. Furthermore, personal data are processed on behalf of the Data controller, by professionals and/or companies which can provide technical, development, management and administrative/accounting activities.
Mandatory or optional nature of the data provision
Some data are necessary to commence the contractual relationship or to execute it, while other data can be considered as ancillary for those purposes. The provision of data is mandatory only to the extent of the data which are subject to a legislative or contractual obligation.
Consequences of refusing consent to the provision of data
Where the provision of data is required by a regulatory or contractual obligation, any refusal to do so would prevent the Supplier from performing or continuing the contract as it would result in unlawful processing. Where the provision of data is not subject to any regulatory obligation, the refusal to do so would not result in the above consequences, however, it would prevent the performance of ancillary transactions.
Without prejudice to the communication and dissemination of data required by regulatory obligations, your personal data may be communicated in Italy and/or abroad to:
- Professionals and consultants, advisory companies, factoring companies, credit institutions, credit collection companies, credit insurance companies, commercial information companies and transport companies;
- Public or private bodies, including as a result of inspections and audits, such as: the tax authorities, the tax police, judicial authorities, the Italian foreign exchange office, the Labour inspectorate, ASL (Italy’s local healthcare authorities), social security institutions, ENASARCO (Italy’s social security institution for agents), the Chamber of commerce, etc.;
- Other Starhotels companies, including those based abroad;
- Parties with access to your data as per the provisions of the law.
The data provided will be stored in our archives in accordance with the following:
- With respect to administrative, accounting and order-related activities and the management of quotes and the entire production, support, maintenance, shipping, invoices, services and dispute flows: 10 years as per the article 2220 of the Italian Civil Code, without prejudice to late payment of the fees which justify the extension;
- For marketing purposes: 24 months.
The personal data shall be stored for no longer than is necessary for the purposes for which the personal data are processed, in accordance with article 5.e of the Regulation (“Data Retention”).
At Starhotels’ choice, the Supplier shall delete or return all the personal data after the end of the provision of services relating to processing, and delete existing copies, in accordance with article 28.f, of the Regulation.
In the case of a personal data breach, which results in a risk to the rights and freedoms of natural persons, the Supplier (as the external data processor, where appointed) shall without undue delay notify the Data controller of the personal data breach, in accordance with article 33 of the above Regulation (“Data breach”).
Rights of the data subject
With respect to personal data, the data subject may exercise their rights pursuant to article 15 and following articles of Regulation within the limits and conditions laid down in the relevant articles. The data subject may revoke any consent to data processing given to Starhotels S.p.A. at any time, though without prejudice to the mandatory obligations required by the legislation in force when the request for revocation was made, by contacting the Data controller via the contact details below.
The Data controller you may contact to exert the rights covered by the above article is Starhotels S.p.A., with administrative office in Viale Belfiore 27, 50144 Florence.