Notice on personal data processing pursuant artt. 13 e 14 of Regulation 2016/679/UE (“GDPR”)

With referral to the GDPR C.T.I. S.R.L., based in ROMA (RM), VIA ARCHIMEDE N.10 – 00197 as "Data Controller" of the processing provides some information regarding the use of personal data relating to contractual relationships with its Suppliers, provided that pursuant to art. 1 of the GDPR are "personal data" only those referring to natural persons.

Origin of data, purpose of processing and legal basis The personal data in our possession are collected directly from the Suppliers and / or collaborators or through agents and representatives in a bid and / or during a relationship or a supply proposal. The data may also be collected from third parties, such as, for example, data acquired from external companies for the purposes of commercial information or market research or by our other customers or suppliers. These data will be used for the following purposes:

obligations related to the establishment of the contractual relationship, in terms of reliability evaluation of the supplier as well as for statutory obligations, such as accounting and tax;

related to the performance of relationships with suppliers also in terms of the Customer satisfaction survey;

protection of C.T.I. S.R.L.'s rights and prerogatives and historical data storage.

The provision of data by the Supplier is necessary for the stipulation and execution of contractual relationships or to comply with legal obligations and in any case for the pursuit of the legitimate interest of C.T.I. S.R.L. to the correct formation and execution of the contractual relationship, to fulfillment the obligations that arise from it and, in any case, to the protection of its contractual reasons.

Methods of data processing and security measures The data will be processed using appropriate tools to guarantee security and confidentiality and can be carried out not only with manual tools but also through automated tools to store, manage and transmit the data. We also inform you that any personal data referred to you will be processed in compliance with the manner indicated by the GDPR, which provides, inter alia, that the data should be:

processed lawfully and correctly;

collected and registered for specific, explicit and legitimate purposes;

exact and, if necessary, updated;

adequate, complete and not excessive in relation to the purposes of the processing.

C.T.I. S.R.L. guarantees that the security and confidentiality of Customer data will be protected through appropriate protection measures, based on the provisions of Articles 25, 32, 33, 34, 35 and 36 of the GDPR, to reduce the risks of destruction or loss, even accidental, of data, unauthorized access, or processing not allowed or not in accordance with the purposes of collection. With reference to the aspects of protection of personal data, the Customer is invited, pursuant to art. 33 of the GDPR to report to C.T.I. S.R.L. any circumstances or events from which a potential "breach of personal data (data breach)" may occur in order to allow an immediate evaluation and the adoption of any actions aimed at combating such event by sending a communication to CRISTINA MANNARA (cristinamannara@ctisrl.org) or contacting your contractual contact person.

Categories of subjects to whom data can be communicated and retention period Your data may be communicated, for the purposes indicated, inter alia, to:

C.T.I. S.R.L.
VIA ARCHIMEDE N.10
00197 ROMA (RM)
Email segreteria@ctisrl.org
PEC ctisrl@pec.it
Tel. 0994725932
P. IVA 02136320732

a) to the Financial Administration, to social security and welfare agencies if necessary, to the Public Security Authority;

b) to transporters or other third parties or entities for services ancillary to the supply;

c) to companies or professional bodies for fraud control and debt collection;

d) to banks and credit institutions in the context of the financial management of the company and insurance companies;

e) to persons charged with auditing the financial statements and with administrative, tax and accounting consultants.

They may also be disclosed to public or private legal entities, associative or corporate, to stipulating or executing contracts, to the extent that said communication is a prerequisite for the submission of tenders in the awarding procedures, or for the completion and execution of the contract. The personal data you provide may also be communicated to other companies in our group for the coordination of management activities, including abroad, both within the EU and extra-UE. Your data will not, subject to specific regulatory provisions, be disclosed. Personal data will be processed by C.T.I. S.R.L. for the entire duration of the contract and also subsequently to assert or protect its rights in compliance with the specific legal requirements on data retention. The subjects belonging to the above categories treat personal data as separate Data Controllers or as Data Processor or Persons in charge specifically appointed by C.T.I. S.R.L.. All employees, consultants, collaborators and / or any other "natural person", pursuant to art. 29 of the GDPR, which, authorized for processing, carry out their activities based on the instructions received from C.T.I. S.R.L. are appointed "Incaricati del trattamento". C.T.I. S.R.L. shall issue appropriate operating instructions to the persons in charge or to the Data Processor who may be appointed, with reference to compliance and / or adoption of appropriate security measures, to guarantee the confidentiality and protection of data.

The right of the data subject Finally, we inform you that, regarding any personal data, the GDPR recognizes the exercise of specific rights to natural persons, as a data subject. In particular, the data subject may request confirmation that personal data is being processed or not, access personal data concerning him and in relation to them he has the right to request rectification, cancellation, notification of corrections and cancellations to those to whom the data were eventually transmitted by C.T.I. S.R.L., the limitation of processing in the cases provided for by the law, the portability of personal data - provided by him in the cases indicated by the law, to oppose the processing of his data and specifically , has the right to object to decisions concerning him if based solely on automated processing of his data, including profiling. If he considers that the treatments concerning him violate the rules of the GDPR, he has the right to lodge a complaint with the Supervisory Authority pursuant to art. 77 of the GDPR.

Data Controller Data Controller is C.T.I. S.R.L., VIA ARCHIMEDE N.10 – 00197 ROMA (RM) P.IVA: 02136320732 - CF: 02136320732.