Privacy Policy

Pursuant to Article 13 of European Regulation No. 2016/679 on the protection of personal data, for the use of data from the SO.GE.M.I. SPA website and related services.

Pursuant to Article 15 et seq. of the EU Regulation, data subjects (natural persons to whom the data refer) may exercise their rights at any time, and in particular the right to access their personal data, request its rectification or restriction, update them if they are incomplete or incorrect, and delete them if they have been collected in violation of the law, as well as to object to their processing, unless there are legitimate reasons on the part of the Data Controller.

To this end, you may contact the Data Controller or the Data Protection Officer.

Finally, please note that it is possible to lodge a complaint with the Italian Supervisory Authority - Garante per la protezione dei dati personali (Data Protection Authority) - Piazza Venezia, 11, IT - 00187, Rome (www.garanteprivacy.it).

Finally, interested parties are informed that if they believe that the processing of their data violates EU Regulation 2016/679 (Art. 77), they may lodge a complaint with the Italian Supervisory Authority - Garante per la protezione dei dati personali (Data Protection Authority) - Piazza Venezia, 11, IT-00187, Rome (www.garanteprivacy.it).

Pursuant to Article 13 of EU Regulation No. 2016/679 (General Data Protection Regulation), the following information is provided.

Definitions

‘Personal data’ (pursuant to Article 4(1) of EU Regulation 2016/679): any information relating to an identified or identifiable natural person (‘data subject’); a natural person is considered identifiable if they can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

'Processing' (pursuant to Article 4(2) of EU Regulation 2016/679) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing or destroying.

Identity and contact details of the Data Controller

Company name: SO.GE.M.I. S.p.A.

Registered office address: Via Lombroso, n. 54, 20137 Milan (MI)

Telephone number: +(39). 02.550051

Email address: info@foodymilano.it

Contact details of the Data Protection Officer (DPO)

Name and surname: Alessia La Camera

Address for the role: Via Lombroso 54, 20137 Milan (MI)

Telephone number: +(39). 02.55005483

Email address: dpo@foodymilano.it

Processing of supplier data

Type of personal data collected

The personal data collected mainly concerns:

Identification data (name and surname of the legal representative, address, telephone number, fax number, e-mail address, tax data, etc.);

Personal details (identity document, etc.);

Data necessary for establishing the legal relationship (e.g. any data relating to criminal convictions and offences requested, in accordance with existing laws and regulations). This data is provided directly by the data subject (in the broadest sense).

Personal data may be collected from public registers and/or registers accessible by the public administration for the purpose of conducting market surveys. Personal data may be processed and the registers and computerised records of the A.N.A.C. (Italian National Anti-Corruption Authority) may be consulted for anti-corruption and anti-Mafia checks.

Purpose of processing

The purposes of personal data processing are as follows:

the fulfilment of obligations under laws, regulations, EU legislation, or provisions issued by Authorities and Supervisory and Control Bodies in relation to or in any way connected with existing and/or future legal relationships;

the preparation, execution and completion of all stages and procedures of the tender;

management and execution of the relevant supply contracts, as well as, in general, the preparation, conclusion, management and execution of legal relationships with the data subject;

protection of contractual rights and management of disputes;

any external professional collaborations for the fulfilment of legal obligations;

The following table specifies the legal basis, data categories, personal data categories and relevant retention period for each of the purposes identified above:

Pursuant to Article 13 of EU Regulation No. 2016/679 (General Data Protection Regulation), the following information is provided.

Definitions

‘Personal data’ (pursuant to Article 4(1) of EU Regulation 2016/679): any information relating to an identified or identifiable natural person (‘data subject’); a natural person is considered identifiable if they can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

'Processing' (pursuant to Article 4(2) of EU Regulation 2016/679) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing or destroying.

Identity and contact details of the Data Controller

Company name: SO.GE.M.I. S.p.A.

Registered office address: Via Lombroso, n. 54, 20137 Milan (MI)

Telephone number: +(39). 02.550051

Email address: info@foodymilano.it

Contact details of the Data Protection Officer (DPO)

Name and surname: Alessia La Camera

Address for the role: Via Lombroso 54, 20137 Milan (MI)

Telephone number: +(39). 02.55005483

Email address: dpo@foodymilano.it

Processing of supplier data

Type of personal data collected

The personal data collected mainly concerns:

Identification data (name and surname of the legal representative, address, telephone number, fax number, e-mail address, tax data, etc.);

Personal details (identity document, etc.);

Data necessary for establishing the legal relationship (e.g. any data relating to criminal convictions and offences requested, in accordance with existing laws and regulations). This data is provided directly by the data subject (in the broadest sense).

Personal data may be collected from public registers and/or registers accessible by the public administration for the purpose of conducting market surveys. Personal data may be processed and the registers and computerised records of the A.N.A.C. (Italian National Anti-Corruption Authority) may be consulted for anti-corruption and anti-Mafia checks.

Purpose of processing

The purposes of personal data processing are as follows:

the fulfilment of obligations under laws, regulations, EU legislation, or provisions issued by Authorities and Supervisory and Control Bodies in relation to or in any way connected with existing and/or future legal relationships;

the preparation, execution and completion of all stages and procedures of the tender;

management and execution of the relevant supply contracts, as well as, in general, the preparation, conclusion, management and execution of legal relationships with the data subject;

protection of contractual rights and management of disputes;

any external professional collaborations for the fulfilment of legal obligations;

The following table specifies the legal basis, data categories, personal data categories and relevant retention period for each of the purposes identified above:

Personal data is processed in compliance with the conditions set out in EU Regulation 2016/679 and, in particular, Article 6(1)(e) and Article 2-ter of Legislative Decree 196/2003 ‘Personal Data Protection Code’, for the performance of a task carried out in the public interest and connected to the exercise of public powers vested in the Municipality, in accordance with Legislative Decree no. 82/2005 ‘Digital Administration Code’.

Subscription to the selected services may be revoked at any time independently using the same method of subscription. Revocation does not affect the lawfulness of processing carried out on the basis of the subscription expressed prior to revocation.

Processing methods

Processing is carried out in compliance with fundamental rights and freedoms and is based on principles of fairness, lawfulness, transparency and protection of confidentiality, ensuring the relevance and proportionality of the information collected and used in relation to the purpose described.

Personal data will be processed in paper, computerised and telematic form and entered into the relevant databases (suppliers, etc.) which may be accessed, and therefore become known to, by personnel expressly designated by the Data Controller as Data Processors and authorised to process personal data, who may consult, use, process, compare and carry out any other appropriate operations in compliance with the provisions of the law necessary to guarantee, among other things, the confidentiality and security of the data as well as the accuracy, updating and relevance of the data with respect to the stated purposes.

Communication and dissemination

Personal data will not be disseminated or communicated, except in cases where specific legal provisions require the latter (e.g. judicial authorities).

Categories of data recipients

Data processing is carried out by authorised persons who are committed to confidentiality and responsible for the related activities in relation to the purposes pursued.

In relation to the purposes indicated, the data may be communicated to the following subjects and/or categories of subjects indicated below, or may be communicated to companies and/or persons in EU countries that provide services, including external services, on behalf of the Data Controller. For greater clarity and by way of example only, the different types of subjects are indicated below:

·  Accounting management consultants;

· IT service companies;

· Control and supervisory bodies;

· Lawyers;

· Professional firms;

· Accountants;

· Public administrations for their institutional purposes;

· Consulting firms.

(**) The list of external Recipients/Data Processors with additional data useful for identification is available from the Data Controller.

Data retention

The data will be retained for the time necessary to achieve the purposes for which it was collected and, in any case, for the maximum period indicated in Table 1, column 4 (retention period). After this period, the data will be deleted.

Transfer of data to third countries

The data processed for the aforementioned purposes will not be transferred to third countries outside the European Union or the European Economic Area (EEA) or to international organisations.

Rights of data subjects

With regard to the personal data covered by this policy, data subjects have the right to exercise the rights provided for in the EU Regulation, as listed below:

· right of access by the data subject [Article 15 of the EU Regulation];

· right to rectification of their Personal Data [Art. 16 of the EU Regulation];

· right to erasure of their Personal Data without undue delay (‘right to be forgotten’) [Art. 17 of the EU Regulation];

· right to restriction of processing of their Personal Data [Art. 18 of the EU Regulation];

· right to data portability [Art. 20 of the EU Regulation];

· right to object to the processing of one's Personal Data [Art. 21 of the EU Regulation];

· right not to be subject to automated decision-making processes [Art. 22 of the EU Regulation].

The above rights may be exercised in accordance with the provisions of the Regulation by sending an email to alessia.lacamera@foodymilano.it.

SO.GE.M.I. S.p.A., in compliance with Article 19 of the EU Regulation, shall inform the recipients to whom the personal data have been disclosed of any corrections, cancellations or restrictions on processing requested, where possible.

If the legal basis for the processing pursued by SO.GE.M.I. S.p.A. is consent, the data subject has the right to withdraw consent at any time by sending an email to alessia.lacamera@foodymilano.it.

Pursuant to Article 7 of the EU Regulation, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Further information on the rights of the data subject can be found in the relevant section.

The Company does not use any automated decision-making processes.

Right to lodge a complaint

Finally, we inform you that if you believe that the processing of your personal data violates the provisions of EU Regulation 2016/679 (Art. 77), you have the right to lodge a complaint with the Data Protection Authority or to take appropriate legal action (Art. 79 of the Regulation).

Information pursuant to Article 13 of EU Regulation No. 2016/679

Pursuant to Article 13 of EU Regulation No. 2016/679 (General Data Protection Regulation), the following information is provided.

Data controller

The Data Controller is Company Name: SO.GE.M.I. S.p.A. Via Lombroso, No. 54, 20137 Milan (MI).

Data Protection Officer

The Data Protection Officer (DPO) of SO.GE.M.I. SPA can be contacted at the following e-mail address: dpo@foodymilano.it.

Purpose and legal basis

The purpose of data processing is to enable the effective exercise of the right of access to administrative documents and activities connected with and instrumental to the management of the relevant administrative procedure.

Personal data is processed, pursuant to and for the purposes of Law No. 241/90 and the relevant Municipal Regulation governing access to administrative documents, in compliance with the conditions set out in EU Regulation 2016/679 and in particular:

· to fulfil a legal obligation to which the data controller is subject (Art. 6 – para. 1 letter c)

· for the performance of a task carried out in the public interest (Art. 6, paragraph 1, letter e).

Types of data processed

The procedure for accessing documents involves the collection of personal data requested in the form for requesting access to documents available at the following link: https://amministrazione-trasparente.sogemispa.it/amministrazione-trasparente/altri-contenuti/accedere-agli-atti.

Methods of processing

The processing is carried out in compliance with fundamental rights and freedoms and is based on the principles of fairness, lawfulness, transparency and protection of confidentiality. It is also carried out with the aid of electronic tools in accordance with the operations indicated in Article 4, point 2, of EU Regulation 2016/679.

Nature of processing

The provision of data requested in the form for requesting access to documents is mandatory and failure to provide such data will preclude the possibility of exercising the right of access and fulfilling the consequent obligations relating to the proceedings/procedure.

Communication and dissemination

Personal data will not be disclosed to third parties, unless this is necessary to comply with relevant regulatory provisions, such as disclosure to the parties concerned if the conditions are met. Personal data will not be disseminated.

Categories of data recipients

The processing is carried out by authorised persons who are committed to confidentiality and responsible for the related activities in relation to the purposes pursued.

Data retention

The data will be retained for the time necessary to achieve the purposes for which it was collected and for the period necessary to complete the administrative procedure referred to in Law No. 241/90 and, in any case, for the time provided for by the provisions on the retention of administrative records and documents.

Transfer of data to third countries

The data processed for the aforementioned purposes are not transferred to third countries outside the European Union or the European Economic Area (EEA) or to international organisations.

Data Subjects’ Rights

Data subjects may exercise the rights provided for under Articles 15 et seq. of EU Regulation 2016/679, and in particular the right to access their personal data, to request its rectification or restriction, to update it if incomplete or inaccurate, and to obtain its erasure where the conditions are met. Data subjects may also object to the processing of their data by submitting a request to: SO.GE.M.I. S.p.A., as Data Controller, or to the Data Protection Officer (DPO).

Right to Lodge a Complaint

Data subjects are also informed that, should they believe that the processing of their personal data is in breach of the provisions of EU Regulation 2016/679 (Article 77), they have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or to seek redress before the competent judicial authorities (Article 79 of the Regulation).

Privacy Notice pursuant to Article 13 of EU Regulation No. 2016/679

Pursuant to Article 13 of EU Regulation No. 2016/679 (General Data Protection Regulation – GDPR), the following information is provided.

Data Controller

The Data Controller is: SO.GE.M.I. S.p.A., Via Lombroso 54, 20137 Milan (MI), Italy.

Data Protection Officer (DPO)

The Data Protection Officer (DPO) of SO.GE.M.I. S.p.A. can be contacted at the following email address: dpo@foodymilano.it.

Purpose and Legal Basis of Processing

The processing of personal data is aimed at enabling the effective exercise of the right to generalised civic access and/or the activities connected with and instrumental to the management of the related administrative procedure, including requests for review.

Personal data are processed pursuant to and for the purposes of Article 5 of Legislative Decree No. 33/2013, in compliance with the conditions set out in EU Regulation 2016/679 and, in particular:

· to comply with a legal obligation to which the Controller is subject (Art. 6(1)(c));

· for the performance of a task carried out in the public interest (Art. 6(1)(e)).

Types of Data Processed

The generalised civic access procedure involves the collection of personal data requested through the application form available at the following link:

https://amministrazionetrasparente.sogemispa.it/amministrazione-trasparente/altri-contenuti/accedere-agli-atti

Processing Methods

Processing is carried out in compliance with fundamental rights and freedoms and is based on the principles of fairness, lawfulness, transparency, and the protection of confidentiality. It is also performed with the aid of electronic tools, in accordance with the operations referred to in Article 4(2) of EU Regulation 2016/679.

Nature of Data Provision

The provision of the data indicated in the access request form is mandatory. Failure to provide such data will prevent the effective exercise of the right to generalised civic access and the fulfilment of the related procedural obligations.

Communication and Disclosure

Personal data are not disclosed to third parties, except where such communication is necessary to comply with legal obligations. Personal data are not subject to dissemination.

Categories of Data Recipients

Processing is carried out by authorised personnel who are bound by confidentiality and entrusted with the relevant activities in relation to the purposes pursued.

Data Retention

Data will be retained for the time necessary to achieve the purposes for which they were collected and for the duration required to complete the administrative procedure referred to in Article 5 of Legislative Decree No. 33/2013, and in any case for the period provided for by the regulations governing the retention of administrative records and documents.

Transfer of Data to Third Countries

Data processed for the aforementioned purposes are not transferred to third countries outside the European Union or the European Economic Area (EEA), nor to international organisations.

Data Subjects’ Rights

Data subjects may exercise the rights set out in Articles 15 and following of EU Regulation 2016/679, in particular the right to access their personal data, request rectification or restriction, update them if incomplete or inaccurate, and request erasure where the legal conditions are met. Data subjects may also object to processing by submitting a request to SO.GE.M.I. S.p.A., as Data Controller, or to the Data Protection Officer (DPO).

Right to Lodge a Complaint

Data subjects are informed that, should they believe that the processing of their personal data violates the provisions of EU Regulation 2016/679 (Article 77), they have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or to seek redress before the competent judicial authorities (Article 79 of the Regulation).

Privacy Notice pursuant to Article 13 of EU Regulation No. 2016/679

Pursuant to Article 13 of EU Regulation No. 2016/679 (General Data Protection Regulation – GDPR), the following information is provided.

Data Controller

The Data Controller is: SO.GE.M.I. S.p.A., Via Lombroso 54, 20137 Milan (MI), Italy.

Data Protection Officer (DPO)

The Data Protection Officer (DPO) of SO.GE.M.I. S.p.A. can be contacted at the following email address: dpo@foodymilano.it.

Purpose and Legal Basis of Processing

The processing of personal data is aimed at enabling the effective exercise of the right to civic access and/or the activities connected with and instrumental to the management of the related administrative procedure.

Personal data are processed pursuant to and for the purposes of Article 5 of Legislative Decree No. 33/2013, in compliance with the conditions set out in EU Regulation 2016/679, and in particular:

· to comply with a legal obligation to which the Controller is subject (Art. 6(1)(c));

· for the performance of a task carried out in the public interest (Art. 6(1)(e)).

Types of Data Processed

The civic access procedure involves the collection of personal data requested through the access request form available at the following link:

https://amministrazionetrasparente.sogemispa.it/amministrazione-trasparente/altri-contenuti/accedere-agli-atti

Processing Methods

Processing is carried out in compliance with fundamental rights and freedoms and is based on the principles of fairness, lawfulness, transparency, and the protection of confidentiality. It is also performed with the aid of electronic tools, in accordance with the operations referred to in Article 4(2) of EU Regulation 2016/679.

Nature of Data Provision

The provision of data marked with an asterisk is mandatory. Failure to provide such data will prevent the effective exercise of the right to civic access and the fulfilment of the related procedural obligations.

Communication and Disclosure

Personal data are not disclosed to third parties, except where such communication is necessary to comply with legal obligations. Personal data are not subject to dissemination.

Categories of Data Recipients

Processing is carried out by authorised personnel who are bound by confidentiality and entrusted with the relevant activities in relation to the purposes pursued.

Data Retention

Data will be retained for the time necessary to achieve the purposes for which they were collected and for the duration required to complete the administrative procedure referred to in Article 5 of Legislative Decree No. 33/2013, and in any case for the period provided for by the regulations governing the retention of administrative records and documents.

Transfer of Data to Third Countries

Data processed for the aforementioned purposes are not transferred to third countries outside the European Union or the European Economic Area (EEA), nor to international organisations.

Data Subjects’ Rights

Data subjects may exercise the rights set out in Articles 15 and following of EU Regulation 2016/679, in particular the right to access their personal data, request rectification or restriction, update them if incomplete or inaccurate, and request erasure where the legal conditions are met. Data subjects may also object to processing by submitting a request to SO.GE.M.I. S.p.A., as Data Controller, or to the Data Protection Officer (DPO).

Right to Lodge a Complaint

Data subjects are informed that, should they believe that the processing of their personal data violates the provisions of EU Regulation 2016/679 (Article 77), they have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or to seek redress before the competent judicial authorities (Article 79 of the Regulation).

Last Updated: 10 January 2023