This privacy notice has been drawn up pursuant to art. 13 of EU Regulation 2016/679 (hereinafter the “Regulation“) in order to allow you to learn about our policies in relation to the processing of your personal data (including but not limited to, name, surname, mobile phone number, e-mail address and in general the contact details of your representatives) collected within the performance of the contract stipulated between your company and Unieuro S.p.A., with registered office in Via Piero Maroncelli n. 10, 47121 – Forlì (FC), at Palazzo Hercolani, Tax Code and VAT number 00876320409 (hereinafter “Unieuro” or the “Company” or the “Data Controller“).
Pursuant to the Regulation, the processing activities carried out by Unieuro will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data retention, data minimization, accuracy, integrity and confidentiality.
The Data Controller of personal data is Unieuro, as defined above. For more information concerning the processing of personal data carried out by Unieuro, you can write to the following e-mail address: privacy@unieuro.com.
Unieuro, as Data Controller of the personal data collected, wishes to inform you of the following.
The processing activities that Unieuro carries out have following purposes:
-
- management and execution of the existing contract between your company and Unieuro;
- fulfillment any legal, accounting and tax obligations;
- fraud prevention purposes and to allow Unieuro to protect itself in the event of a dispute or a judicial proceeding;
- collection, through specific questionnaires, of the opinions of its business partners and suppliers with regard to sustainability issue, and performance of surveys on the economic, environmental and social impacts of the Company, in order to fulfill the reporting obligations to which Unieuro, as a listed company, is subject.
The legal basis for the processing of your personal data is the following:
- for the purposes referred to in point 1. above, the legal basis is art. 6 (1) (b) of the Regulation (“[…] the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; […]”), since the processing of your data allows your company and Unieuro to perform the contract that they have stipulated. Providing your personal data for this purpose is optional, but failure to do so will make it impossible for Unieuro to perform the contract or to provide the services covered by the contract;
- for the purpose referred to in point 2. above, the legal basis is art. 6 (1) (c) of the Regulation ([…] the processing is necessary for compliance with a legal obligation to which the controller is subject; […]), since your personal data may be processed in order to fulfill legal obligations to which Unieuro is subject;
- for the purposes referred to in point 3. above, the legal basis is art. 6 (1) (f) of the Regulation (“[…] the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party“); personal data collected for this purpose will be processed in order to prevent and / or identify any fraudulent activities or abuses and non-compliant behaviors, in relation to tax and labor law obligations in the context of procurement contracts, as well as to allow Unieuro to protect itself in case of a legal proceeding. We believe that the balancing test between this interest and the fundamental rights and freedoms of the data subjects has already been carried out by the legislator (see recital No. 47 of the Regulation: “[c] constitutes […] legitimate interest of the data controller concerned to process data personal data strictly necessary for fraud prevention purposes”);
- for the purposes referred to in point 4. above, the legal basis is art. 6 (1) (f) of the Regulation (“[…] the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party“); the personal data collected for this purpose will be processed by Unieuro in order to demonstrate and document its commitment to support, as a listed company, sustainability issues.
For the purposes described above, your personal data will be shared with:
-
- subjects who usually act as Data Processors or autonomous Data Controllers, such as: consultants, companies or professional firms that provide assistance and advice to Unieuro in accounting, administrative, legal, tax, financial and debt collection matters;
- subjects, entities or authorities to whom it is mandatory to communicate personal data, pursuant to the provision of applicable law or to orders of the authorities;
- natural persons authorized by Unieuro to process personal data necessary to carry out activities strictly related to the performance of the contract, who are committed to confidentiality or are legally obliged to maintain confidentiality (e.g. Unieuro’s employees and / or external contractors or collaborators).
The processing of your personal data will be carried out both in an automated and manual form. In any case, your personal data will not be disclosed.
Unieuro does not usually transfer your personal data outside the European Economic Area. Any transfers to third countries will be subject to adequate guarantees such as, by way of example, the existence of adequacy decisions or the adoption of Standard Contractual Clauses approved by the European Commission. For additional information on this matter, you can contact the Data Controller.
Personal data processed for the purposes referred to in point 1. above, will be kept for the time strictly necessary to achieve purposes described. In any case, since the processing activities are carried out for the performance of a contract, Unieuro will process your personal for the time allowed by Italian law to protect its interests (art. 2946 of the Italian Civil Code and subsequent amendments).
Personal data processed for the purposes referred to in point 2. above, will be kept for the time required by the specific obligation or applicable law.
Personal data processed for the purposes referred to in point 3. above, will be kept for the time necessary to prevent fraud and to protect Unieuro’s interests in court in the event of a dispute.
The data processed for the purposes referred to in point 4. above, will be kept for the time necessary to document the Company’s commitments and activities, in relation to sustainability issues.
Further information regarding the data retention period can be requested by writing to Unieuro at the following address: privacy@unieuro.com.
Pursuant to art. 15 and following of the Regulation, you have the right to request from Unieuro, at any time, to access your personal data, to correct or delete them. Furthermore, you have the right to request the restriction of processing in the cases provided for by art. 18 of the Regulation, as well as to request your data in a structured, commonly used and machine-readable format, in the cases provided for by art. 20 of the Regulation. Finally, you have the right to object to the processing of your personal data in the cases provided for by art. 21 of the Regulation.
Requests to exercise the rights described above should be sent in writing to Unieuro at the following e-mail address privacy@unieuro.com or to the physical address indicated above.
Unieuro has also appointed a Data Protection Officer (“DPO“), who can be contacted at the following e-mail address dpo@unieuro.com.
In any case, you always have the right to lodge a complaint with the competent Supervisory Authority (“Garante per la protezione dei dati personali”), pursuant to art. 77 of the Regulation, if you believe that your personal data have been unlawfully processed.
Privacy notice – v. 4 of 12/11/2021