PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 (GDPR) (European regulation on the protection of personal data)

Dear Customer, this notice is provided to individual customers and to natural persons acting on behalf of corporate customers, pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR).

1) DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS:
The Data Controller is Comer S.r.l. – Via Oroboni, 26/28 – 27029 Vigevano (PV) – VAT No. / Tax Code 00174100180 – Tel. +39 0381 42661 – privacy@comergroup.it.

2) PURPOSES AND LEGAL BASIS OF PROCESSING:

a. Processing necessary for the performance of a contract to which the data subject is a party (Article 6(1)(b))

Processing is necessary to fulfill obligations arising from a contract/assignment to which you are a party or to comply, before and after the execution of the contract, with your specific requests. For this purpose, your prior consent is not required, as the legal basis is the necessity to perform a contract or to take steps at your request.

b. For the purposes of the legitimate interests pursued by the Data Controller (Article 6(1)(f) GDPR)

Where necessary, we also process your data beyond contractual obligations to safeguard our legitimate interests or those of third parties. For this purpose, your prior consent is not required.

c. To comply with a legal obligation (Article 6(1)(c) GDPR)

For purposes related to obligations established by laws, regulations, and provisions issued by authorities, your prior consent is not required, as the legal basis is the need to process such personal data to comply with legal obligations to which the Data Controller is subject.

d. Based on the data subject’s consent (Article 6(1)(a) GDPR)

For marketing purposes, including receiving our newsletters, and for publication in the reference list on our website (only if the logo refers to a natural person). You may give or deny your consent by selecting the appropriate options in the dedicated form. Consent may be withdrawn at any time. Withdrawal applies to future processing and does not affect processing already carried out. You may request a list of the consents given at any time.

3) METHODS OF PROCESSING:
Data will be processed using paper and electronic means. We confirm that all organizational, physical, and logical measures deemed necessary and/or appropriate have been implemented to ensure the integrity, confidentiality, and availability of the data.

4) RECIPIENTS OF PERSONAL DATA:
The processed personal data will not be disclosed (except that your company name, together with references to your location and activity, may appear in the reference list on the website www.comergroup.it), but may be communicated to specific parties. Based on roles and job responsibilities, internal and external personnel are authorized to process the data within the limits of their competencies and in accordance with the instructions provided by the Data Controller. The data may also be communicated to parties entitled to access them under legal provisions, regulations, and laws, including mail delivery companies, banks and credit institutions, debt collection agencies, law firms, insurance companies, IT maintenance providers (hardware, software, web), accounting, fiscal and tax service providers, freelancers or occasional workers, agents, testing inspectors, transport companies, subcontractors, and entities/companies collaborating with the Data Controller.

5) DATA TRANSFER:
The Data Controller does not transfer personal data to third countries, and the management and storage of personal data will take place on servers located within the European Union. However, the Data Controller reserves the right, if necessary, to relocate servers or use non-EU cloud services. In such cases, the Data Controller ensures that any transfer of data outside the EU will be carried out in compliance with applicable legal provisions, including, where necessary, by entering into agreements ensuring an adequate level of protection and/or adopting the standard contractual clauses approved by the European Commission.

6) DATA RETENTION:
The Data Controller retains and processes personal data for the time strictly necessary to fulfill the stated purposes or for the period required by applicable civil and tax laws.

7) DATA SUBJECT RIGHTS:
Pursuant to Articles 15 (right of access), 16 (right to rectification), 17 (right to erasure), 18 (right to restriction of processing), 20 (right to data portability), and 21 (right to object) of the GDPR, the data subject may exercise their rights by writing to the Data Controller at the address indicated above or by email at privacy@comergroup.it.

8) WITHDRAWAL OF CONSENT:
Pursuant to Article 7 of the GDPR, the data subject may withdraw their consent at any time.

9) RIGHT TO LODGE A COMPLAINT:
The data subject has the right to lodge a complaint with the supervisory authority of their country of residence.

10) PROVISION OF DATA:
The provision of complete personal details and an email address for sending administrative documents is mandatory in order to comply with legal, regulatory, and contractual obligations. Failure to provide such data will make it impossible to properly fulfill contractual obligations. Consent to receive marketing materials, conduct market research, carry out promotional activities, and publish your name on the website is optional.

11) AUTOMATED DECISION-MAKING:
The Data Controller does not carry out processing that involves automated decision-making based on the processed data.

PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 (GDPR) (European regulation on the protection of personal data)

Dear Supplier, this notice is provided to individual suppliers and to natural persons acting on behalf of corporate suppliers, pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) (European regulation on the protection of personal data).

1) THE DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS
The data controller is Comer S.r.l. – Via Oroboni, 26/28 – 27029 Vigevano (PV) – VAT No. / Tax Code 00174100180 01669490037 – Phone +39 0384 295237 – privacy@comergroup.it.

2) PURPOSES AND LEGAL BASIS OF PROCESSING:

– performance of obligations arising from a contract to which you are a party or to comply, before and after the execution of the contract, with your specific requests;

– compliance with legal obligations of an administrative, accounting, civil, tax nature, as well as regulations and EU and non-EU legislation;

– supplier management (supplier administration, management of contracts, orders, deliveries, invoices, selection based on company needs, quality management);

– dispute management (contractual breaches; formal notices, settlements, debt collection, arbitration, legal disputes);

The legal bases for processing are Articles 6(1)(b), 6(1)(c), and 6(1)(f) of the Regulation.

3) METHODS OF PROCESSING:
Data will be processed using paper and electronic means. We confirm that all measures deemed necessary and/or appropriate have been implemented to ensure data integrity, prevent loss (including accidental loss), and prevent unauthorized access.

4) RECIPIENTS OF PERSONAL DATA:
The processed personal data will not be disclosed but may be communicated to specific parties. Based on roles and job responsibilities, internal and external personnel are authorized to process the data within the limits of their competencies and in accordance with the instructions provided by the Data Controller. The data may also be communicated to parties entitled to access them under legal provisions, regulations, and laws, including mail delivery companies, banks and credit institutions, law firms, insurance companies, IT maintenance providers, accounting and tax service providers, freelancers or occasional workers, agents, transport companies, and entities/companies providing services on behalf of the Data Controller.

5) DATA TRANSFER:
The Data Controller does not transfer personal data to third countries, and the management and storage of personal data will take place on servers located within the European Union. However, the Data Controller reserves the right, if necessary, to relocate servers or use non-EU cloud services. In such cases, the Data Controller ensures that any transfer of data outside the EU will be carried out in compliance with applicable legal provisions, including, where necessary, by entering into agreements ensuring an adequate level of protection and/or adopting the standard contractual clauses approved by the European Commission.

6) DATA RETENTION:
The Data Controller retains and processes personal data for the time strictly necessary to fulfill the stated purposes or for the period required by applicable civil and tax laws.

7) DATA SUBJECT RIGHTS:
Pursuant to Articles 15 (right of access), 16 (right to rectification), 17 (right to erasure), 18 (right to restriction of processing), 20 (right to data portability), and 21 (right to object) of the GDPR, the data subject may exercise their rights by writing to the Data Controller at the address indicated above or by email at privacy@comergroup.it.

8) RIGHT TO LODGE A COMPLAINT:
The data subject has the right to lodge a complaint with the supervisory authority of their country of residence.

9) PROVISION OF DATA:
Providing data is mandatory in order to comply with legal, regulatory, and contractual obligations; therefore, any refusal to provide such data will make it impossible to fulfill contractual obligations.

10) AUTOMATED DECISION-MAKING:
The Data Controller does not carry out processing that involves automated decision-making based on the processed data.

PRIVACY POLICY PURSUANT TO ARTICLE 13 OF THE GENERAL DATA PROTECTION REGULATION (EU) 2016/679 (GDPR) (European regulation on personal data protection)

This information is provided to natural persons pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 (GDPR) (European regulation on personal data protection).

1) THE DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS
The data controller is Comer S.r.l. – Via Oroboni, 26/28 – 27029 Vigevano (PV) – VAT No. / Tax Code 00174100180 01669490037 – Phone +39 0384 295237 – privacy@comergroup.it.

2) PURPOSES OF AND LEGAL BASIS FOR THE DATA PROCESSING
The personal data processed are those you provide voluntarily when you send us your curriculum vitae, during job interviews, and/or in person at fairs, exhibitions, etc.

Personal data submitted voluntarily and/or collected during recruitment and selection processes are processed exclusively for purposes related to candidate evaluation and selection, or to propose other job opportunities consistent with the data subject’s professional profile.

The legal basis for processing is Article 6(1)(b) of the GDPR (performance of pre-contractual measures taken at the request of the data subject).

Within the curriculum vitae or during interviews, special categories of personal data may also be revealed and therefore collected (such as data revealing racial or ethnic origin, religious, philosophical or other beliefs, trade union membership, health status, disability or belonging to protected categories, as well as information about political positions held). The legal basis for processing such data is consent, in accordance with Articles 7 and 9(1)(a) of the GDPR. If consent is not provided, it will not be possible to fully assess your application.

3) METHODS OF PROCESSING:
Data will be processed using paper and electronic means. We confirm that all organizational, physical, and logical measures deemed necessary and/or appropriate have been implemented to ensure the integrity, confidentiality, and availability of the data.

4) RECIPIENTS OF PERSONAL DATA:
The processed personal data will not be disclosed but may be communicated to specific parties. Based on roles and job responsibilities, internal and external personnel are authorized to process the data within the limits of their competencies and in accordance with the instructions provided by the Data Controller. The data may also be communicated to parties entitled to access them under legal provisions, regulations, and laws, as well as to law firms, IT maintenance companies, professional firms/companies providing consultancy services on our behalf, and freelance or occasional workers.

5) DATA TRANSFER:
The Data Controller does not transfer personal data to third countries, and the management and storage of personal data will take place on servers located within the European Union. However, the Data Controller reserves the right, if necessary, to relocate servers or use non-EU cloud services. In such cases, the Data Controller ensures that any transfer of data outside the EU will be carried out in compliance with applicable legal provisions, including, where necessary, by entering into agreements ensuring an adequate level of protection and/or adopting the standard contractual clauses approved by the European Commission.

6) DATA RETENTION:
The Data Controller retains and processes personal data related to applications for a period not exceeding 12 months.

7) DATA SUBJECT RIGHTS:
Pursuant to Articles 15 (right of access), 16 (right to rectification), 17 (right to erasure), 18 (right to restriction of processing), 20 (right to data portability), and 21 (right to object) of the GDPR, the data subject may exercise their rights by writing to the Data Controller at the address indicated above or by email at privacy@comergroup.it.

8) WITHDRAWAL OF CONSENT:
Pursuant to Article 7 of the GDPR, the data subject may withdraw their consent at any time.

9) RIGHT TO LODGE A COMPLAINT:
The data subject has the right to lodge a complaint with the supervisory authority of their country of residence.

10) PROVISION OF DATA:
Providing data is optional; however, failure to provide such data may make it impossible to proceed with the evaluation/selection of the application.

11) AUTOMATED DECISION-MAKING:
The Data Controller does not carry out processing that involves automated decision-making based on the processed data.

CONFIDENTIALITY NOTICE CONFIDENTIALITY NOTICE This message is intended solely for the designated recipient(s). All information contained herein, including any attachments, is to be considered strictly confidential and privileged. Any disclosure, distribution, and/or copying of the contents of this message by any party is strictly prohibited pursuant to the Italian Criminal Code, in particular Article 616, as well as applicable Italian data protection legislation, including Legislative Decree 196/2003 as amended (Privacy Code), and European legislation, including Regulation (EU) 2016/679 (GDPR), as well as Legislative Decree 30/2015 (Industrial Property Code), particularly with regard to trade secrets.
If you have received this message in error, you are not authorized to use, distribute, print, or copy it, in whole or in part, directly or indirectly, including any attachments. You are requested to immediately delete this message, all attachments, and any copies thereof from your systems, and to promptly notify the sender by replying to this email.
The sender shall not be held liable for any adverse consequences and/or damages arising from the transmission or receipt of this email. This message has been checked for the presence of computer viruses; however, no liability is accepted for any damage caused by undetected viruses.
For any information regarding the processing of personal data contained in this communication, you may contact the Data Controller, Comer S.r.l. – Via Oroboni, 26/28 – 27029 Vigevano (PV) – VAT No. / Tax Code 00174100180, via email at privacy@comergroup.it.