Supplier policy


Dear supplier,
as required by the laws in force, we share with you the policy regarding the processing of data transmitted by you and/or in any case collected by the writer or by other companies of the Serioplast Group.

Data Controller’s Identity and contact information

The data controller is Serioplast Global Services S.p.A., with registered office in Seriate (BG), in via Comonte n. 15, Tax code and VAT number n. 04256350168, in the person of its pro tempore legal representative, part of the Serioplast Group (hereinafter also the "Group").
The updated list of the companies that are part of the Group can be viewed at the following web address: "". Said companies may manage the data as joint data controllers, as indicated in the joint ownership agreement pursuant to art. 26 of the EU Reg., available at the headquarters of Serioplast Global Services S.p.A..
To contact the Data Controller, and / or the individual Joint Controllers, it is also possible to write to the following e-mail address:

Type of data: personal and common

The Data Controller, and the other companies of the Group, undertake to process the data transmitted by you, with particular reference to the data of the personnel assigned to the execution and management of the contracts in place with the Data Controller and / or with the other companies of the Group – among which name, surname, contact details, e-mail addresses and professional qualifications, if needed, for the staff employed; any data concerning wages, contributions, and the regularity of contributions to the staff used for the provision of services to the Data Controller or other Group companies, when such data are necessary to conduct checks in compliance with worker safety regulations, indicated in tender contracts -, any data of the legal representatives, including any judicial data required by law, as well as those provided at the premises of the Data Controller and/or other Group companies by your employees (hereinafter indicated as " Interested subjects" or, individually, “Interested subject"), as well as those collected by the Data Controller (e.g. for video surveillance needs), for the purposes that will be indicated below and in compliance with privacy laws in force, both Community (e.g. EC Reg. 679/16) and national ones (e.g. Legislative Decree 196/03 in Italy).
The Data Controller and the other companies of the Group may also process, only for the purposes indicated below and always in compliance with the aforementioned legislation, common data such as: personal data, telematic and telephone references, office/responsibility held within the supplier company/body, together with economic and financial data, company name, registered offices and bank references.
Potentially personal data of the interested parties will also be collected through the video surveillance systems present in the access and/or exit areas of the premises of the Data Controller or, possibly, of other Group companies, within the premises themselves (where the interested parties are present on the premises) as highlighted in the policy concerning data processing for video surveillance purposes, available at the sites where a video surveillance system is installed.

Relations between Data Controller and Group companies when processing common data

The Data Controller has a legitimate interest in sharing the aforementioned data with the other Group companies (and vice versa), also by including them in centralized databases: common data in particular may be made accessible to all Group companies and to the subjects authorized by them to process data in compliance with reciprocal data processing agreements.

Data Processing Purpose and legal basis

The collection and processing of data are carried out to:

  • execute and manage contractual or pre-contractual relationships
  • execute obligations of managerial, administrative and accounting nature
  • protect the rights of the Data Controller and/or of other Group companiesv

Personal and common data will be processed in compliance with principles of correctness, lawfulness, transparency, for the aforementioned purposes, as well as to follow up on requests submitted by you, also in the name and on behalf of the interested parties.
The provision of data is optional yet necessary for the execution of the contractual relationship, in particular to fulfill related obligations of administrative and accounting nature.

Potential recipients and categories of data recipients

Both personal and common data may be disclosed to the following subjects:

  • customers, suppliers of products or services for the execution of the contractual relationship or for related obligations
  • public administrations or public bodies for obligations related to legal obligations
  • insurance companies and credit institutions
  • internal resources of the Data Controller, or of the Joint Controllers, who have received specific instructions;
  • external subjects appointed as Data Processors (for example: IT consultants, companies specializing in software);
  • professionals and business administration and management companies

The data processed are not subject to disclosure: i.e., they will not be made available to subjects who have not been previously identified. However, they may be shared with certain subjects who are involved in the fulfillment of contractual and / or pre-contractual obligations, such as (by way of example and not limited to) the companies of the Group, both located in Italy and abroad.

Processing methods

All data collected by the Data Controller, as well as those shared / collected by other Group companies, will be processed through the use of paper and IT and telematic tools, in a lawful manner and with the utmost confidentiality and compliance with the provisions of the law.
The Data Controller and the other companies of the Group do not in any way use automated decision-making processes concerning the data referred to in this statement.

Duration of data retentio


The data will be processed for the period of time allowed, or imposed, by regulations applicable to the employment or collaboration relationship and for the time necessary to ensure legal protection to you, to all interested parties, to the owner and to the other companies of the Group, in both contractual and extra-contractual terms.
This period, except for demonstrated needs, cannot exceed 10 years from the termination of the commercial relationship.

Supplier’s and Interested Parties’ Rights

At any time, you and / or each individual interested party have the right to request from the Data Controller and / or each of the Joint Controllers:

  • access to their data
  • updating, rectification and integration of the same
  • the cancellation and / or transformation into anonymous form of the data collected, if technically possible
  • certification that the above operations have been brought to the attention of those to whom they have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right
  • the limitation of the processing or to oppose it.
  • You and / or the individual interested parties also have the right to lodge a complaint with the Supervisory Authority, competent for the protection of personal data, if you believe that your rights have been violated.

Please inform all interested parties (e.g. directors, employees and collaborators whose data the Data Controller and / or the other companies of the Group are in possession of for the purposes described above) about the content of this policy.