Information Notice Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) for Suppliers
Dear Data Subject (Supplier)
With this document, GEDA S.R.L. provides you with information regarding the features and methods of processing your personal data, pursuant to the provisions of the GDPR and the applicable national privacy legislation.
Any processing of your personal data will be carried out in accordance with the principles of lawfulness, fairness, and transparency.
Identity and Contact Details of the Controller.
The Data Controller, hereinafter also the “Controller”, is GEDA S.R.L., represented by its Sole Director, Mr. Stefano Macchion, VAT No. 01018780930, with registered office at Via Maestri del Lavoro 16/18 - 33080 - Porcia (PN). The Controller may be contacted at the above address or at the following details: Tel. +39 0434 923077, email: info@gedanextage.com, certified email (PEC): geda1@legalmail.it.
Categories of Personal Data Processed. Purposes and Legal Basis of Processing.
The Controller collects and processes personal data that may directly or indirectly identify you, including identification data, contact details, economic and banking information. The Controller processes such data for the following purposes:
• Establishment and performance of a contract to which the data subject is a party, or performance of pre-contractual measures adopted at the request of the data subject (“contractual purposes”).
• Compliance with legal obligations arising from laws, regulations, orders issued by authorised bodies or supervisory authorities (“legal purposes”).
The legal bases for processing are:
• For pre-contractual and contractual purposes: the necessity to ensure proper management and performance of contractual or pre-contractual obligations (Art. 6(1)(b) GDPR), which does not require your explicit consent.
• For legal purposes: the necessity to comply with obligations established by national or EU legislation (Art. 6(1)(c) GDPR), which does not require your consent.
Providing the requested personal data is necessary to fulfil contractual and legal obligations. Failure to provide such data, in whole or in part, may make it impossible for the Controller to perform the contract and comply with legal requirements.
Methods of Data Processing.
The Data will be processed using both manual and electronic tools (such as company IT devices, internet and intranet networks, management software, corporate email, access control systems, etc.) with methods ensuring maximum security.
Processing will be carried out according to the principles of fairness, lawfulness, transparency, necessity, and confidentiality.
The Data will not be subject to automated decision-making processes.
Data Retention Period.
Purpose: Management of contractual and pre-contractual relationship
Categories: Identification and contact data, contractual data, service-related data
Retention: For the entire duration of the contractual relationship and until its full completion
Legal basis: Contract performance (Art. 6(1)(b) GDPR)
Purpose: Compliance with legal obligations (administrative, accounting, tax)
Categories: Identification and contact data, invoicing data, payment data, and all data contained in accounting documentation
Retention: 10 years from the last accounting entry, pursuant to Art. 2220 of the Italian Civil Code
Legal basis: Legal obligation (Art. 6(1)(c) GDPR)
Purpose: Protection of rights in legal proceedings
Categories: Data strictly necessary to establish, exercise or defend a legal claim
Retention: 10 years from termination of the contractual relationship (limitation period pursuant to Art. 2946 Italian Civil Code). In case of litigation, data will be retained until all legal remedies are exhausted.
Legal basis: Legitimate interest of the Controller (Art. 6(1)(f) GDPR) and necessity of defence in court (Art. 17(3)(e) GDPR)
Categories of Data Recipients.
Processing is carried out by authorised personnel and by Data Processors appointed in writing, acting according to the Controller’s instructions and adopting appropriate security measures. The list of Data Processors is available upon request.
Data may be communicated to:
a) Subjects, bodies, or authorities acting as autonomous data controllers by virtue of legal obligations or orders issued by authorities;
b) Trade associations to which the company adheres;
c) Banks, financial institutions, and credit intermediaries;
d) Software support companies, cloud service providers, and IT service providers;
e) Supervisory bodies and certification entities, where required.
Data Transfer Outside the EU.
Data will not be transferred by the Controller to countries outside the European Economic Area or to international organisations.
Some data may be shared with recipients located outside the EEA. Should such transfer become necessary, the Controller guarantees compliance with applicable legislation by implementing appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or other legal instruments.
Data Subject Rights.
The data subject may exercise the rights provided by Articles 15–22 GDPR, including the right to access personal data, obtain rectification or erasure, restrict processing, object to processing for legitimate reasons, withdraw consent at any time (where applicable), request data portability, and obtain data updates.
The data subject may also request information on the origin of data, processing purposes and methods, logic applied to processing, identification details of the Controller, and recipients of data.
The data subject may request anonymisation, restriction, or blocking of data processed unlawfully, and may lodge a complaint with the Italian Data Protection Authority via the modalities indicated on its website (www.garanteprivacy.it).
Requests regarding rights may be addressed to the Controller using the contact details indicated above, without formalities, or using the model provided by the Italian Data Protection Authority.
Contact details of the Italian Data Protection Authority: Piazza Venezia 11, Rome, Fax +39 06.69677.3785, Tel. +39 06.696771, email: garante@gpdp.it, PEC: protocollo@pec.gpdp.it.
Right to Lodge a Complaint.
If you believe that your personal data have been processed in violation of the Regulation, you have the right to lodge a complaint with the Italian Data Protection Authority (via email at garante@gpdp.it or by post at Piazza Venezia 11, 00187 Rome) pursuant to Art. 77 GDPR, or to seek judicial remedy pursuant to Art. 79 GDPR.
Changes to This Privacy Notice.
This privacy notice may be amended over time due to legislative updates, new services, or technological changes.
Veuillez noter
Qu’à compter du 1er janvier 2026, les collections de robinetterie précédemment commercialisées sous le nom “ZOE” porteront désormais le nom “ZOEOS”.