Articles 13 and 14 of Regulation (UE) 2016/679 (GDPR)


Information on processing of personal data pursuant to articles 13 and 14 of Regulation (UE) 2016/679 in relation to Suppliers Individual Companies.

Introduction Regulation (UE) 2016/679 (“General Data Protection Regulation”, hereinafter referred to as GDPR) provides for the protection of individuals with reference to the processing of personal data. According to this regulation, the processing of personal data referring to an individual, “the person concerned”, is based not only on principles of fairness, lawfulness and transparency, but also on the protection of privacy and rights of the data subject.

In compliance with the above mentioned rule, this is to inform you that connected with the relation you have with our Company as a Supplier, we own some data relating to you, which are also verbally acquired either directly or via third party processing operations concerning you or collecting and providing information to fulfill a request.

This information related to you is “personal data” and must enjoy protection according to the GDPR. In particular, under that regulation, you are the person who shall benefit from the rights aimed at protecting your personal data.

Pursuant to articles 13 and 14 of GDPR, our Company as the Owner will process the personal data you have provided in compliance with the regulation, with upmost care, through effective procedures and processes to protect your personal data. Our Company is committed to protecting the information provided through procedures to safeguard the data collected, so that no access or unauthorized disclosure can happen. Our commitment is also to keep accurate data and to ensure a proper use of these data.

Pursuant to this introduction the following information are given:

Personal data collected

This Company, as the Owner, uses your personal data to work at its best.
Even if only in part, you may be asked the following data:

  • personal details, tax code, VAT number, name, registered office, residence, domicile and contact details;
  • data relating to the contractual relationship describing the type of contract, and also information on its performance, which are necessary to the fulfilment of the agreement itself;
  • accounting data relating to the economical relationship, to the amounts due and to payments, to their periodic performance, to the drafting of accounting relationship;
  • data to better define the relationship with our Company and make more effective our cooperation and our operational efficiency;
  • data concerning: your employees and/or collaborators, information on your job or on your Company.

Retention of your data

The data collected must be kept for the entire relationship or cooperation with our Company and for a period of 10 years following the date of termination of business relationship. When data not concerning administrative and accounting requirements are processed during a contract, these data are stored for no longer than the time needed to the achievements they were collected for. When these data are collected, you shall be informed about their retention through specific information.

Compulsory or optional authorization on the data provided and consequences on denial Data which are essential to the implementation of contractual relationship must be provided to this Company, as well as data needed to comply with obligations required by laws, regulations, Community legislation, or provisions issued by Authorities empowered to this by law and by supervisory and control bodies. Data which are not essential to the implementation of contractual relationship must be considered as additional information and its provision, when required, is optional. Any refusal to provide these data will bring our structure to work less efficiently in relationships with third parties. Should sensitive data be essential or should their processing bring to specific risks in the implementation of the contract or in the discharge of specific services and law obligations, the provision of these data must be compulsory. And as their processing is not possible without prior written authorization of the Subject (articles 9 and 10 GDPR), you must consent to their processing.

Method of processing Pursuant to and as an effect of articles 13 and 14 of the GDPR, we inform you that the personal data you provide are registered, processed and stored in our archives, both hardcopy and electronic, in accordance with technical and organizational measures as in art.32 of the GDPR. The processing of your personal data can happen by any operation or series of operations prescribed by art.4, paragraph 1, point 2 of the GDPR.

Personal data shall be processed using tools and procedures that guarantee security and confidentiality and may be, either directly or through a third party, both manually on paper and on computer or electronically. In order to correctly manage the work relationship and in compliance with legal obligations, these data shall go into the Manager’s internal documentation and if necessary also in the record required by law. Tip Tap srl staff involved in the processing is trained and appointed, and shall take into account organizational and behavioural measures in line with the GDRP.

Outsourced activities The information you provide will be processed only in Italy. If during the period of a contract your data are processed in a non-EU country, you will be guaranteed your rights under European legislation and you will be immediately informed.

Purposes of the processing for which the data are intended

The main purpose of the processing of your personal data is to provide a relation and/or evolution, and a correct administration of the above mentioned relationship.

In particular, the purposes of the processing are the following:

Administrative/accounting purposes, in particular:

  • Execution of tax or accounting fulfillments;
  • Management of suppliers (finding the right suppliers, their management, administration of contracts, orders, shipments and invoices; efficiency control);
  • Litigation management (contractual default; warnings; transactions; credit recovery; arbitrations; legal disputes);
  • Internal monitoring services (of security, productivity, quality of services, integrity of the assets);

Personal data shall be processed for the performance of legal obligations and to fulfill administrative, insurance and tax obligations set forth by the law in force, and also to regularly comply with contractual and law obligations arising from the legal relationship with the party concerned.

The data provided may be used to contact the party concerned for market research on products or services or for sales offers and marketing campaigns.

The party concerned may in any case not give his consent to these purposes and moreover can inform on how he prefers to be contacted or receive marketing materials.

Your data may be communicated by this Company to:

  • individuals who require to access these data for legal reasons and for conformity with EU Regulations, within the limits prescribed by the relevant legislation;
  • individuals who require to access your data for reasons that do not relate directly to the ongoing relationship between you and us, yet are strictly necessary to carry out auxiliary duties (for example, credit companies and couriers);
  • consultants and or professionals working for us on a freelance basis in order to carry out the tasks requested in our or their organization, on condition that these individuals have been made aware of the need to ensure that your details are processed confidentially and securely.

In any event, your details may be communicated only to individuals working on the implementation of acts concerning the fulfillment of relationships with the party concerned to whom these data refer to.

Data dissemination – This Company shall not communicate indiscriminately your data, or in other words, your details shall not be communicated to undefined individuals, not even making them available for consultation.

Trust and confidentiality – This Company considers to be valuable the trust the parties concerned show by consenting the processing of their data and therefore undertakes not to sell, lease or rent these personal information to any third party.

Rights referred to in art.15 et seq. GDPR

Pursuant to art.15 GDPR, you have the right to obtain confirmation of any processing of your personal data, even though these are not registered yet. The exercise of these rights is subjected to the verification of the identity of the party concerned by presenting an identity document that shall not be kept by this Company but only consulted in order to verify whether or not the request is legitimate.

You have the right to access personal data and the following information that have been collected:
a) purposes of the processing;
b) the categories of personal data undergoing processing;
c) the recipients or categories of recipients to whom personal data have been or will be disclosed, in particular the recipients in third countries or international organizations;
d) when applicable, the intended storage period for personal data or, if not applicable, the criteria used for determining such period;
e) when data are not collected from the data subject, all the information available on their origin;
f) the existence of an automated decision-making process, including profiling according to article 22, paragraphs 1 and 4, and, at least in such cases, relevant information on the rule followed, and the importance and consequences of this processing for the party concerned.

When data are transferred to a third country or to an international organization, you have the right to be informed that adequate safeguards exist under art.46 of the GDPR.

You have the right to ask the Data Controller for correction or deletion, even partially, of personal data or the restriction of the processing of your personal data or you can refuse the processing of your data, in whole or in part.

To exercise these rights you shall contact our Company “Owner of personal data treatment” sending an email to or calling the telephone number +39.0734.969460 or sending a letter to the Privacy Office at Tip Tap srl, via Marche, 19 – 23- 63815 Monte San Pietrangeli (FM). The Owner shall reply within 30 days of receiving your formal request. Please note that, in the case of a personal data breach, you can lodge a complaint before the competent authority: “Authority for Privacy”.

Owner of personal data treatment
Owner of personal data treatment is this Company: Tip Tap srl, via Marche, 19 – 23- 63815 Monte San Pietrangeli (FM), Italy, tel.: +39.0734.969460.

Data controllerso
Data controllers are external service providers with an existing contractual relationship that need to receive your personal data to fulfill it. These providers are, including but not limited to: Business Consultants, Law Firms, Trade Union Organizations, ecc.

To know who the data controllers are, should they be appointed, and to know who will be appointed in the future, all the parties concerned may send a letter requesting information to the data controller at the above mentioned address.

Please note that the above mentioned controllers do not execute the requests of the parties concerned to exercise their rights under article 15 et seq. of the GDPR. This is carried out only by this Company as the owner of personal data treatment.

Processing without the need to obtain consent from the party concerned
Without your consent, this Company shall process your personal data only in order to:

  • comply with legal obligations, rules and norms of the European Union;
  • comply with obligations under a contract you are part of or, prior to the conclusion of the contract, to satisfy your requests.

Moreover, your consent is not expressly required when the processing:

a) is about data from public registers, lists, acts and documents accessible to anyone, as limited by and in the manner prescribed by law, rules and norm of the European Union on knowability and disclosure of data or data concerning economic activities, processed in compliance with the current business and industrial secrecy law;

b) is necessary for the safety of life or the physical integrity of a third party (in such case, the owner must inform the party concerned about the processing of personal data through the information note also later than the processing, but without delay. In this case, then, consent is given following the submission of the information);

c) except for disclosure, is necessary in pursuit of defensive investigations pursuant to law no.397 dated 7 December 2000 or to invoke or defend legal claims, provided that the data are processed only for such purposes and for the period strictly necessary to satisfy them and in compliance with the current business and industrial secrecy law;

d) is necessary, except for disclosure and only in cases detected by the Guarantor on the basis of principles legally enshrined, to pursue a legitimate interest of the Owner or a third recipient of the data, also relating to banking groups and subsidiaries or associated activities, when the interests for rights and fundamental freedom, dignity and legitimate interest of the party concerned are not overridden.


Tip Tap srl