x
1.0
07 August 2025

Privacy policy regarding the processing of personal data in the context of supplier contracts

PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA IN THE CONTEXT OF SUPPLIER CONTRACTS, PURSUANT TO REGULATION (EU) 2016/679 (GDPR)

 

Beghelli S.p.A. Sole Shareholder Company, with regard to the processing of the personal data you have provided within the framework of the contract entered into with the company, wishes to provide you, as the data subject (the “Data Subject”), with the following information pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”).

 

DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)
The data controller is Beghelli S.p.A. Società Unipersonale (hereinafter, the “Controller”, the “Company”, “Beghelli S.p.A.” or “Beghelli”), with registered office at Via Mozzeghine no. 13/15, 40053, Monteveglio, Valsamoggia (BO).


The Controller can be contacted at the following email address: privacy@beghelli.it.


The Company has appointed a Data Protection Officer (“DPO”), who can be contacted at the following email address: dpo@beghelli.it.


As part of its organizational structure, the Controller appoints Authorized Persons to process personal data by assigning them specific duties and functions through a formal appointment.

 

CATEGORIES OF PERSONAL DATA PROCESSED
The personal data (the “Data”) subject to processing are “Common Data”, as further specified below:
•    Name and surname, personal details and contact information of the Data Subject;
•    Name and surname, contact details of the supplier’s collaborators.

 

PURPOSES AND LEGAL BASIS OF PROCESSING
The Data will be processed by the Controller for the following purposes:

a) Establishment and execution of the contractual relationship between the supplier and Beghelli;
b) Fulfillment of administrative and accounting obligations – such as the management of accounting and treasury, and invoicing (e.g., verification and registration of invoices), in accordance with applicable legislation.

 

The legal bases for processing the Data by the Controller for the above purposes are:

­    For the purposes referred to in point a) above, the legal basis is the performance of a contract to which the Data Subject is a party pursuant to Article 6(1)(b) of the GDPR;
­    For the purposes referred to in point b) above, the legal basis is the need to comply with a legal obligation to which the Controller is subject, pursuant to Article 6(1)(c) of the GDPR.


METHODS OF PERSONAL DATA PROCESSING
Personal Data will be processed by the Controller both in paper and electronic format. The Controller may carry out operations such as collection, recording, organization, storage, consultation, processing, modification, extraction, comparison, use, interconnection, communication, erasure and destruction, and any other appropriate operation, in compliance with legal provisions necessary to ensure confidentiality and data security, as well as the accuracy, updating and relevance of the Data in relation to the stated purposes.


PERSONAL DATA RETENTION PERIOD
The Data will be retained based on the specific purposes for which they are processed, and in particular, for the entire duration of the contractual relationship and, in any case, for 10 years from the date of contract termination. In the event of legal disputes, the Data will be retained for the entire duration of the same, until the expiry of the deadlines for appeal actions. After the aforementioned retention periods have elapsed, the personal data will be destroyed, deleted or anonymized, in line with the technical deletion and backup procedures implemented by the Company.


NATURE OF DATA PROVISION
Providing the Data is mandatory for the conclusion and/or execution of the contract. Refusal to provide the Data will therefore prevent the establishment of the contractual relationship and/or the fulfillment of the resulting obligations.


CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The Data collected by the Controller, for the above-mentioned purposes, may be disclosed to one or more of the following categories of processors, such as:

- External companies providing accounting and tax services;
- External companies providing insurance services and correspondence delivery;
- External companies providing IT and software maintenance and management services;
- Companies belonging to the same Group.

 

The Data may be disclosed to external parties acting as independent data controllers, such as supervisory and control authorities, other Group companies, and, in general, public or private entities legally entitled to request the Data.


TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES
The Data Controller does not transfer your personal data outside the European Economic Area without adequate safeguards. Any transfers to third countries will be subject to appropriate safeguards such as, for example, adequacy decisions or the signing of standard data protection clauses adopted by the European Commission. Further information is available from the Data Controller.


DATA SUBJECT’S RIGHTS – COMPLAINT TO THE SUPERVISORY AUTHORITY
By contacting the Controller at the email address privacy@beghelli.it, you may request, at any time, access to your personal data, their rectification or integration, deletion, restriction of processing in the cases provided for by Article 18 of the GDPR, as well as object to processing based on your particular situation, in cases where the legal basis is the legitimate interest of the Controller.

Where processing is based on consent or a contract and is carried out by automated means, you also have the right to receive your personal data in a structured, commonly used and machine-readable format, and, if technically feasible, to transmit them to another controller without hindrance.

 

Finally, you have the right to lodge a complaint with the competent Supervisory Authority, pursuant to Article 77 of the GDPR, if you believe that the processing of your personal data violates applicable law.