Suppliers Privacy Policy




TEMPESTIVE S.p.A. Sole-Shareholder Company, as the data controller, informs its suppliers that personal data will be processed in accordance with EU Regulation 679/2016 “General Data Protection Regulation” (hereinafter “GDPR”) and provides the following information under Art. 13 GDPR.

Data Controller

1.1 The data controller is TEMPESTIVE S.p.A. Sole-Shareholder Company, represented by its legal representative pro tempore, with legal headquarters at the Pordenone Technology Park, via Roveredo n. 20/b, 33170 Pordenone, VAT No. 01352100935, Phone 0434.570305, email – PEC (hereinafter also referred to as “Tempestive” or the “Controller”).

Data Protection Officer

2.1 TEMPESTIVE S.p.A. Sole-Shareholder Company has appointed a Data Protection Officer (DPO) as required by Art. 37 GDPR, in the person of lawyer Anna Perut, who can be contacted at the following addresses: – PEC

Purpose and Legal Basis of Processing

3.1 Personal data (name and surname, company name, tax code/VAT number, addresses/headquarters, contact data, payment data) will be processed by TEMPESTIVE S.p.A. Sole-Shareholder Company exclusively for the following purposes:

a) conducting pre-contractual negotiations and fulfilling all activities related to the management and execution of the contractual relationship (e.g. contract execution, administrative and accounting management, payment of dues). The legal basis for processing is the execution of a contract to which the data subject is party, or the execution of pre-contractual measures taken at the data subject’s request (Art. 6, para. 1, letter b) GDPR);

b) fulfilling fiscal and regulatory obligations incumbent on the Controller (Art. 6, para. 1 letter c) GDPR);

c) protecting Tempestive’s rights arising from the contract. The legal basis for processing is the pursuit of the legitimate interest of the Controller (Art. 6, para. 1, letter f) GDPR);

d) based on the legitimate interest of TEMPESTIVE S.p.A. Sole-Shareholder Company or its parent company Alfa Sistemi S.p.A., appropriately evaluated and balanced (Art. 6, para. 1, letter f) GDPR), personal data may be transmitted to the parent company if necessary for internal administrative purposes, for the management of integrated processes or for purposes related to the direction and coordination action.

Methods of Personal Data Processing

4.1 The processing operations will be carried out using computerized and telematic tools as well as paper-based methods, in compliance with the principles of legality, correctness, transparency, relevance, accuracy, with organization and processing logics related to the pursued purposes. The data will be protected from risks of destruction, alteration, deletion, and unauthorized access through adequate physical, logical, and organizational security measures. The data may be processed, for the purposes referred to in point 3, by subjects operating within the internal organizational structure of the Data Controller, specifically authorized and trained according to their respective duties, as well as by external subjects appointed as data processors under Art. 28 GDPR.

4.2 There are no automated profiling processes.

Nature of Data Provision and Consequences of Non-Provision

5.1 The provision of personal data is necessary for pre-contractual negotiations, for the conclusion and execution of the contract, and for complying with legal obligations. The refusal to provide data, in whole or in part, may result in the inability to pursue the aforementioned purposes.

Personal Data Retention Period

6.1 Personal data related to the contract will be stored for the duration of the contractual relationship and subsequently for the duration prescribed by the applicable civil and tax laws, and in any case no longer than 10 years from the end of the contractual relationship. Further retention periods, also related to the protection of the rights of the Data Controller, are reserved where provided by the legal system; subsequently, the data will be deleted or made anonymous.

Recipients of Data

7.1 Personal data may be communicated, for the purposes referred to in point 3, to individuals authorized to process data operating within the internal organizational structure of the Data Controller who have committed to confidentiality or have an adequate legal obligation of confidentiality.

7.2 Personal data may also be communicated to the parent company and to all those public and private entities whose communication is necessary to pursue the purposes referred to in point 3 (e.g., Tempestive’s legal and fiscal consultants, statutory auditor, external companies of trust for the provision of services, including IT services, banking institutions, financial administration, etc.) or is provided for by legal or regulatory provisions, as well as in case of requests from Public Authorities. These entities will operate as data processors, by virtue of a specific appointment, or as independent data controllers, depending on the specific case.

7.3 Personal data will not be disseminated or transferred to Third Countries or international organizations.

Rights of the Data Subject

8.1 In accordance with Arts. 15-21 GDPR, data subjects have the right to:

  • obtain confirmation as to whether or not personal data concerning them are being processed and, if so, access to the data and information as per Art. 15 GDPR (right of access);
  • obtain the rectification of inaccurate personal data without undue delay or the integration of incomplete personal data (right to rectification – Art. 16 GDPR);
  • obtain the erasure of data without undue delay, where applicable (right to erasure – Art. 17 GDPR);
  • obtain the restriction of processing (right to restriction of processing – Art. 18 GDPR);
  • object to processing at any time for reasons related to their particular situation (right to object – Art. 21 GDPR);
  • lodge a complaint with the Data Protection Authority under Art. 77 GDPR.

8.2 The rights can be exercised by contacting TEMPESTIVE S.p.A. Sole-Shareholder Company , using the specific form prepared by Tempestive, sending an e-mail to the following addresses: email – PEC, or by submitting a written request or registered letter to the legal headquarters of Tempestive S.p.A. Sole-Shareholder Company, c/o the Pordenone Technology Park, via Roveredo n. 20/b, 33170 Pordenone, or by contacting the DPO at the following addresses: – PEC

Last updated: Wednesday, 21st February 2024

Contact us for more information

Tell us what you need, together we will find the best solution for your business.