Suppliers and Resellers Privacy Policy

Dear Supplier/Reseller,
pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter, GDPR) on the protection of personal data, the processing of personal data will be based on the principles of correctness, lawfulness and transparency, as well as the protection of confidentiality and the rights of data subjects. 
In relation to this, we inform you of the following. 

Data Controller, pursuant to Articles 4 and 24 GDPR, is Cavalleria Toscana SPA with registered office in Via Celio Bottai 11, 51015, Monsummano Terme (PT).
e-mail: privacy@cavalleriatoscana.it
phone: +39 0572 1906490

Joint Controllers, pursuant to Article 26 GDPR, are the Companies of RG Italia Group (RG Italia S.r.l e Event Design S.r.l.), with registered office in Via Celio Bottai 11 – 51015, Monsummano Terme (PT) - e-mail privacy@cavalleriatoscana.it and CT Academy S.a.r.l., with registered office in Monaco (Principality of Monaco), Les Abeilles 7-9, Boulevard d'Italie e-mail privacy@ctacademy.mc

Type of data

The information processed relates to your personal data, identification and contact data, such as first name, last name, tax code/ VAT, telephone, address, e-mail, bank details, payment and billing data and any other data you have provided for the execution of the contract with the Data Controller.

Purpose and legal basis of the processing

Personal data will be processed for the following purposes: 

  • to carry out agreed activities, based on pre-contractual and contractual agreements (legal basis of processing: performance of the contract or pre-contractual measures, Art. 6, lett. b, GDPR);
  • to provide assistance, respond effectively to requests and improve its services (legal basis of processing: legitimate interest, Art. 6, lett. f, GDPR);
  • to comply with legal obligations or requests of judicial authorities, or to ascertain, exercise or defend a right in court (legal basis of processing: legal obligation, art. 6, lett. c, GDPR).

Provision of data

The provision of personal data is mandatory, any refusal, in whole or in part, to the transmission of information may result in the total or partial impossibility for the Controller to execute the contract.

Communication of personal data

The personal data collected may be communicated

  • to third parties to which the Controller outsources some activities and which consequently provide specific functional services, in any case related to the processing and purposes described above, such as administrative, accounting, fiscal and consulting services. These external subjects will process the data as data controllers or data processors duly appointed. The complete list of the data processors is available upon request.

  • to third parties to respect legal obligations, to comply with orders from public authorities or to comply with requests from judicial authorities.

Data Transfer

Any transfer to third countries that may be necessary, in order to execute the agreement in place will be carried out in accordance with Articles 44 et seq. of the GDPR, providing appropriate tools to ensure adequate guarantees of data protection.

Data retention

The data are stored, in accordance with the principles of necessity and proportionality, for the entire duration of the contractual or pre-contractual relationship in place, and possibly for longer periods of time provided for by current legislation in accounting, tax, civil and judicial.

Modalities and place of processing 

The processing of personal data, for the purposes indicated above, takes place at the operational headquarters of the Controller and the Joint Controllers using paper and/or telematic supports and tools and is carried out by internal subjects, specifically authorized to the processing. In any case, it is guaranteed the adoption of appropriate security measures and confidentiality in order to reduce the risk of destruction, loss, modification, disclosure or unauthorized access to data or processing not allowed or not in accordance with the purposes of collection.

Rights

At any time, you may exercise, pursuant to Art. 15 et seq. GDPR, the right to:

  1. access your processed data, obtain information on certain aspects of the processing and receive a copy.
  2. verify the fairness of your data and request its updating or rectification.
  3. obtain the deletion or removal of your personal data.
  4. obtain the limitation of the processing of your data, when certain conditions are met.
  5. to receive your data in a structured, commonly used and machine-readable format and, where technically possible, to obtain its transfer to another data controller.
  6. object to the processing of your data when it is done on a legal basis other than consent.
  7. to lodge a complaint with the competent Data Protection Authority (for Italy, data Protection Authority, www.garanteprivacy.it).

To exercise the above rights, except for letter g), it is possible to send a request to the following e-mail address privacy@cavalleriatoscana.it

By Logic One Srl