INFORMATION ON THE PROCESSING OF PERSONAL DATA– SUPPLIERS
(Information pursuant to Articles 13 and 14 of Regulation (EU) 679/2016, known as the GDPR)
Below we provide you with some information that you need to be aware of, not only to comply with legal obligations, but also because transparency and fairness towards those concerned is a fundamental part of our business.
This information is intended for suppliers and collaborators of T2 WEDLING SRL.
Who is the data controller?
The Data Controller ofyour personal data is T2 WELDING SRL (VAT number IT05632850284), with registered office in Via Bacchiglione, 22/1 – 35030, Cervarese Santa Croce (PD) – Italy, which is responsible for the legitimate and correct use of your personal data and which you can contact for any information or requests at the following addresses: info@t2welding.com, t2welding@pec.it
Where is the data collected?
The data is communicated by you and/or by third parties such as other suppliers and/or collected from publicly accessible sources.
What data processing is carried out?
Your personal data is collected and processed, using automated and non-automated methods, as specified below.
Supplier management
| Purpose and legal basis | Establishment and management of the contractual relationship, based on the execution of a contract and/or pre-contractual measures, legal obligation |
| Categories of data | Personal details, Contact details, Address details, Payment details |
| Storage time* | 10 years from the year in which the last contract ceased to have effect |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, Banks, authorities, and public administrations with respect to which there is a legal obligation to communicate data. |
Purchasing management
| Purpose and legal basis | Purchasing products or services, based on the execution of a contract and/or pre-contractual measures |
| Categories of data | Personal details, Contact details, Address details, Payment details |
| Storage time* | 10 years from the relevant year |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, Banks, Data processors appointed pursuant to Art. 28 of EU Reg. 2016/679 (see register of data processors), other subjects for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, Authorities and public administrations with respect to which there is a legal obligation to communicate data. |
Activity planning and control
| Purpose and legal basis | Planning of activities, based on the legitimate interest of the Data Controller in carrying out business activities |
| Categories of data | Personal details, Contact details, Data relating to work activities, Data relating to purchases or use of services |
| Storage time* | 10 years from the year the data was acquired |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes stated by the data controller. |
Accounting
| Purpose and legal basis | – Keeping accounting records, based on a legal obligation – Tax compliance, based on a legal obligation |
| Categories of data | Personal details, Contact details, Address details, Payment details, Work-related details, Details relating to purchases or use of services |
| Storage time* | 10 years from the year in which the last contract ceased to have effect |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, Authorities and public administrations with respect to which there is a legal obligation to communicate, Data processors appointed pursuant to Art. 28 of EU Reg. 2016/679 (see register of data processors), other subjects for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, Banks |
Management control
| Purpose and legal basis | Internal management control, based on legitimate interest in the exercise of business activities |
| Categories of data | Personal details, Contact details, Work-related details |
| Storage time* | 10 years from the relevant year |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, banks, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other parties for whom the communication of data is necessary for the purposes stated by the data controller. |
Receipt and acceptance of goods
| Purpose and legal basis | Acceptance of goods, based on the execution of a contract and/or pre-contractual measures |
| Categories of data | Personal details, Contact details, Address details, Payment details |
| Storage time* | 10 years from the relevant year |
| Recipients of the data | Authorized data processors appointed pursuant to Article 29 of EU Regulation 2016/679, Banks, Data processors appointed pursuant to Art. 28 of EU Reg. 2016/679 (see register of data processors), other subjects for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, Authorities and public administrations with respect to which there is a legal obligation to communicate data. |
*In addition to the time required for the limitation periods relating to mutual rights to expire and the backup retention period.
In addition to the above, as part of activities functional to the proper management of the organization, your personal data will also be processed by duly authorized internal or external personnel for:
1) the management and maintenance of the network and IT systems, when the processing is carried out using even partially automated methods (e.g., when the data passes through the IT systems of T2 WELDING SRL), based on the legitimate interest in protecting them and for obligations relating to information security; the data is stored in accordance with security implementations and the provisions for the main processing referred to above;
2) managing compliance activities, including personal data protection requirements, as required by law, in accordance with the storage times provided for the main processing referred to;
3) to prevent and detect abuse and to defend the rights and interests of the Data Controller, storing them until the expiry of the limitation periods, except in the event of litigation (in which case, the data will be stored until the final resolution of the dispute), based on the legitimate interest of the Data Controller in protecting its rights and interests;
4) to verify compliance with procedures and quality standards based on the legitimate interest of the Data Controller in pursuing control and efficiency within the Organization, in accordance with the retention periods provided for by applicable regulations, including voluntary ones, and internal procedures.
Are there any automated processes?
The processing is not based on automated decision-making.
Is it mandatory to provide data?
Except for purposes based on consent, the provision of your data is a necessary requirement: failure to provide the data indicated as mandatory could entail legal and contractual consequences. Therefore, in case of failure to provide such data, you may not obtain the expected result or obtain it only partially.
Are data transferred outside the European Union?
The processing of personal data (e.g., storage, archiving, and retention of data on our servers or in the cloud) will be limited to the circulation and processing of personal data within countries belonging to the European Economic Area, with an express prohibition on transferring them to non-EU countries that do not guarantee (or lack) an adequate level of protection, i.e., in the absence of the safeguards provided for in EU Regulation 2016/679 (third country deemed adequate by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).
What are your rights?
● You have the right, in accordance with Articles 15 et seq. of EU Regulation 2016/679, to request access to your personal data from the Data Controller, as well as their correction and deletion or erasure;
● You also have the right to request data portability or restriction of processing;
● You have the right, for reasons related to your particular situation, to object to the processing of your personal data based on legitimate interest;
● You have the right to view the essential contents of any joint controller agreements signed;
● For processing based on consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal;
● You may also lodge a complaint with the Italian Data Protection Authority, located at Piazza Venezia 11, 00187 – Rome – protocollo@pec.gdpd.it.
To exercise your rights or request additional information, you may contact the Data Controller using the contact details provided above.
Can the information in this policy change?
We reserve the right to update our Personal Data Processing Policy. Any changes will be communicated in the manner deemed most appropriate and we will update the date in this Privacy Policy. Therefore, we recommend that you consult our Personal Data Processing Policy periodically, including by requesting a copy from the Data Controller.
Last update: December 29, 2025
