Pursuant to art. 13 EU Regulation no. 2016/679 (hereinafter, "GDPR") and in relation to the data provided by the Supplier or acquired by the Data Controller during the contractual relationship or, in any case, with reference to it, the Supplier is informed that its data will be processed in the manner and for the following purposes:
The data controller is RINA S.p.A., with registered office in Genoa (GE), via Corsica 12, Tax Code and VAT number 03794120109, as well as the companies of RINA Group with which you have stipulated and/or may stipulate a service contract (hereinafter the "Data Controller"). The Data Controller can be reached via the contacts indicated on the website www.rina.org, as well as at the e-mail of the Data Protection Officer rina.dpo@rina.org.
The Data Controller processes personal data (hereinafter, "personal data" or even "data") that concern you or that refer to your contact persons or legal representatives, as well as, more generally, to company representatives, communicated by you for the following purposes:
- to proceed with the qualification of the Supplier according to the procedures of the Data Controller:
- to conclude the supply contracts of the Supplier's services and/or goods:
- to fulfil the pre-contractual, contractual and tax obligations deriving from ongoing relationships with the Supplier:
- to fulfil the obligations established by law or by an order of the competent Authority:
- to exercise the rights of the Data Controller, for example the right of judicial defence.
It should be noted that your data may be processed as part of the management of whistleblowing reports. Rina Group companies have adopted a platform for receiving and managing whistleblowing reports which can be found at the following link https://www.rina.org/it/about-us/whistleblowing-reports, where it will also be possible to view the updated privacy notice, as well as the related procedure.
The data processed are identifiers data (name, surname, date and place of birth, tax code), contact details (residential address, e-mail address, telephone number), as well as any additional data that will be necessary to process for the correct establishment of the contract such as declarations regarding the 'absence of conflict of interest, any personal data contained in the Chamber of commerce company registration, financial statements, consolidated financial statements and income tax returns.
The provision of data and the related processing for the aforementioned purposes is necessary for the signing and execution of the contract and for any pre-contractual obligations (Article 6, paragraph 1, letter b) of the GDPR). In addition, the processing of the aforementioned data is necessary to fulfil legal obligations (Article 6, paragraph 1, letter c) of the GDPR). Any refusal to provide data may result in the impossibility of performing the services covered by the contract.
Personal data is processed by the Data Controller in compliance with the principles of lawfulness, correctness, and transparency.
The processing of your personal data is carried out by means of the following operations: collection, registration, organization, structuring, conservation, consultation, adaptation or modification, use, communication, extraction, comparison, interconnection, limitation, deletion, and destruction of data. Your personal data is subjected to both paper and electronic processing.
The Data Controller will process personal data for the time necessary to fulfil the purposes and in any case no later than 10 years from the termination of the contractual relationship.
If the Data Controller needs to keep the data for a period exceeding 10 years (for example in the event that the cancellation could compromise its legitimate right of defence or, in general, for the protection of its corporate assets) the further conservation may take place by limiting access to the data only to the head of the legal function, to guarantee the legitimate exercise of the right of defence of the Data Controller.
Your data may be made accessible for the purposes referred to in art. 2 to the following recipients:
- to affiliates or subsidiaries of RINA Group, in Italy and abroad, to the extent that this is necessary to carry out the processing, in compliance with the binding corporate rules adopted by RINA Group.
- to companies or other third parties (credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, statutory auditing companies, supervisory institutions, etc.) who carry out outsourced activities on behalf of the Data Controller.
- to its customers, private or public, if this is necessary for the performance of the activities covered by the related contract.
- to public entities, for the fulfilment of legal obligations.
The Data Controller may communicate your data for the purposes referred to in art. 2 to supervisory bodies (such as ANAC), judicial authorities, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the purposes.
Furthermore, your personal data will be communicated to the subjects appointed as Data Processors and to the Subjects Authorized who need to process them for the performance of the tasks and functions entrusted to them and who carry out the processing by adapting to the instructions provided by the Data Controller.
The complete list of external Data Processors can be requested by writing to rina.dpo@rina.org.
Personal data is stored on servers located within the European Union. It is understood that your personal data may be transferred to companies both inside and outside the Group, also based in non-EU countries. In these cases, the transfer of non-EU data will take place in compliance with the applicable legal provisions, also through the provision of Standard Contractual Clauses issued by the European Commission and the adoption of Binding Corporate Rules for intra-group transfers.
As Data Subject, you may exercise the following rights at any time:
a) Right of access to personal data (art. 15 GDPR): you may obtain confirmation of the existence or otherwise of processing of your personal data, as well as obtain a copy of the data.
b) Right to rectification (art. 16 GDPR): you may obtain, without unjustified delay, the rectification of your inaccurate personal data and the integration of incomplete personal data or deletion.
c) Right to erasure (art. 17 GDPR): you may obtain from the Joint Controllers the deletion, without unjustified delay, of your personal data, in the cases provided for by the GDPR.
d) Right to restriction of processing (art. 18 GDPR): you may obtain from the Joint Controllers the limitation of processing, in the cases provided for by the GDPR.
e) Right to data portability (art. 20 GDPR): you may receive, in structured format, in common use and readable by an automatic device, your personal data, provided by the Joint Controllers and you may obtain that the same are transmitted to another controller without impediments, in the cases provided for by the GDPR.
f) Right to object (art. 21 GDPR): object at any time to the processing of your personal data, for reasons related to your situation.
g) Right to lodge a complaint with a supervisory authority (art. 77 GDPR): make a claim with the appropriate Authorities pursuant to Art. 77 GDPR.
The Joint Controllers have appointed a Data Protection Officer, who can be contacted for all questions relating to the processing of your personal data and the exercise of the related rights. Therefore, you may contact the Data Protection Officer at any time by sending an email to rina.dpo@rina.org.