Information on the processing of personal data of suppliers

SUPPLIER DISCLOSURE Pursuant to Articles 13 and 14 of EU Regulation 2016/679 - GDPR Labware SpA with registered office in Via Enzo Ferrari, 3 - Zona Ind.le A, 62012 Civitanova Marche (MC), C.F and P.IVA 01424730438, as the Data Controller hereby renders the information pursuant to Articles 13 - 14 of the EU Regulation 2016/679 - General Data Protection Regulation (GDPR), hereinafter also just “GDPR”.   1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER Labware SpA informs that for the establishment and management of the relationship, it is the Holder of your data qualified as personal data according to the EU Regulation 2016/679. For any information inherent to the processing of personal data, including the list of Data Processors who process data, we invite you to contact the Data Controller via: Mail: Via Enzo Ferrari, 3 - Zona Ind.le A, 62012 Civitanova Marche (MC), Italy E-mail:   privacy@labware.it   2. CATEGORIES OF PERSONAL DATA The Personal Data that are processed by the Data Controller include, but are not limited to: first name, last name, social security number, VAT number, residential address, place of work location, telephone number, mailing address, bank details, etc.   3. PURPOSE OF PROCESSING Personal data, are processed by the Data Controller for the following purposes: (a) Execution of contracts The provision of Personal Data is necessary to fulfill contractual and pre-contractual obligations. (b) Administrative and management purposes and for compliance with national regulatory requirements and community The processing of Personal Data to comply with regulatory requirements is mandatory, for example, when it is prescribed by anti-money laundering, tax, accounting, anti-corruption regulations or by orders and requests of the Supervisory and Control Authority, to which the Controller is subject; (c) Holder's defense The processing of Personal Data is necessary to pursue a legitimate interest of the Data Controller, i.e.: to establish, exercise or defend a right in court or whenever judicial authorities exercise their jurisdictional functions;   4. LEGAL BASIS. The legal basis for the processing of personal data for the purposes referred to in 3. lett. a) above. is the performance of pre-contractual and contractual obligations with respect to legal relationships established and/or being established with you (Art.6 paragraph 1, lett. b), GDPR). The legal basis for the processing of personal data for the purposes referred to in item 3. lett. b). above is the fulfillment of a legal obligation to which the Data Controller is subject (Art.6 paragraph 1, lett. c), GDPR), while for the purposes referred to in item 3. lett. c). above. is the pursuit of the legitimate interest of the Data Controller (Art.6 paragraph 1, lett. f), GDPR). 5. RECIPIENTS Without prejudice to communications performed in fulfillment of legal and contractual obligations, all data collected and processed may be shared, exclusively for the purposes specified above, with the following categories of authorized persons and/or internal and external data processors identified in writing and to whom specific written instructions about data processing have been provided: Authorized internal staff - employees and collaborators of the Data Controller, in their capacity as persons authorized to process personal data, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality; Managers - persons, companies, professional firms or other third parties with whom the Data Controller has relationships necessary to carry out its activities for the purposes specified above or by legal obligation, who have been entrusted with specific mandates and for the time necessary to achieve the purposes for which the data were collected, who typically act as Data Processors of Labware SpA. By way of example, the Data Controller may need to communicate the data to the following categories: subjects who provide professional consulting services and fiscal, legal and judicial assistance; subjects who provide services for the management of the computer system; Third-party Recipients - Jurisdictional or supervisory authorities, administrations, public bodies and entities (by way of example but not limited to: Inland Revenue Agency, Police Forces, Judicial Authorities, Territorial Authorities, Ministries and their collaborators/auxiliaries), insurance and banking companies. 6. STORAGE AND TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY Your Personal Data is stored on servers within the European Union. In any case, it is understood that the Data Controller, if it becomes necessary, for technical or operational reasons, will have the right to transfer Personal Data to countries outside the European Union for which there are “adequacy” decisions of the European Commission, i.e. on the basis of appropriate safeguards or specific derogations provided for in the Regulations. 7. PROCESSING METHODS AND STORAGE TIME OF PERSONAL DATA The processing of Personal Data will take place, in compliance with the provisions of the GDPR, by means of paper, computer and telematic tools, with logics strictly related to the purposes for which the personal data have been collected and, in any case, in such a way as to ensure their security and confidentiality in accordance with the provisions of Article 32 GDPR. All of the aforementioned data and others constituting your employment status will be retained even after the termination of the employment relationship for the fulfillment of all possible obligations related to or arising from the termination of the employment relationship itself for the next ten years from the date of their acquisition. More information regarding the period of retention of personal data and the criteria used to determine this period may be requested by writing to the Data Controller.   8. RIGHTS OF THE DATA SUBJECT In connection with the processing operations described in this policy statement, as a data subject you may, under the conditions set forth in the GDPR, exercise the rights enshrined in Articles 15 to 21 of the GDPR and in particular the following rights:

• Right of access - Right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data, including a copy thereof (Art. 15, GDPR);
• Right of rectification - Right to obtain, without undue delay, rectification of inaccurate personal data concerning you and/or supplementation of incomplete personal data (Art. 16, GDPR);
• Right to cancellation - Right to obtain, without undue delay, the deletion of personal data concerning you (Art.17, GDPR);
• Right to limitation of treatment - Right to obtain from the Controller the limitation of processing, in the cases provided for by the GDPR (Art. 18, GDPR);
• Right to data portability - The right to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without hindrance, in the cases provided for in the GDPR (Art. 20, GDPR);
• Right of opposition - Right to object, at any time on grounds relating to your particular situation, to the processing of personal data concerning you, unless there are legitimate grounds for the Controller to continue the processing (Art. 21, GDPR);
• Right to withdraw consent - right to revoke consent to the processing of your data at any time, without prejudice to the lawfulness of processing based on consent before revocation;
• Right to file a complaint To the Data Protection Authority, Square of

Montecitorio n.121, 00186, Rome (RM). The above rights may be exercised, vis-à-vis the Holder, by contacting the references indicated in point 1 above.   9. PROVISION OF DATA The provision of data is compulsory for all that is required by legal and contractual obligations, and therefore any refusal to provide it in whole or in part may result in the inability of the Data Controller to execute the contract or to properly carry out all the obligations related to the contractual relationship.