1. Activation services
  2. Contact Us
  3. Info & Utility
    1. Fuel
    2. Download
    3. Weight and volume control
    4. Web Links & Utilities
    5. News
    6. ISTAT
Login to
SUSA online services
 
 
 
Lost Password? Request it Not registered yet? Sign up
  1. Home
  2. Services
    1. Transport services
    2. Import - Export Europa CEE
    3. FTL Service
    4. Additional Services
    5. Logistics
    6. Online Services
    7. Automotive
  3. About Us
    1. About us
    2. Why SUSA
    3. Certifications
  4. Network
    1. Network - Distribution
    2. Logistics Centers
    3. Headquarter
  5. My Susa
REQUEST A QUOTE
Home Info & Utility News SUSA PRIVACY POLICY SUPPLIER

SUSA PRIVACY POLICY

SUPPLIER VERSION

SUSA SPA, with registered office at Via J. Gagarin Ellera (PG), as the data controller pursuant to EU Regulation 679/2016, applicable from May 25, 2018 - General Data Protection Regulation ("GDPR") (hereinafter referred to for convenience as the GDPR or "Applicable Law"), invites you, before providing any personal data, to carefully read this policy, which contains important information on the protection of your personal data and the security measures adopted to ensure its confidentiality in full compliance with the Applicable Law. The processing of your personal data will be based on the principles of accountability, lawfulness, fairness, transparency, purpose and retention limitation, data minimization, accuracy, integrity, and confidentiality, in accordance with the legislative provisions of the Applicable Law and the confidentiality obligations set forth therein.
1. DATA CONTROLLERThe data controller is SUSA SPA. The data controller determines the purposes and means of processing personal data. SUSA SPA, as the data controller, collects your data for the purposes specified below in point 4, related to the provision of its services. Privacy email address: dpo@susa.it
2. DATA PROTECTION OFFICER (DPO)SUSA SPA has appointed Mr. Alfredo Chieffo as Data Protection Officer (hereinafter "DPO"), with address at the SUSA SPA offices, Via J. Gagarin 39, Ellera, Perugia. Pursuant to Article 38, paragraph 4, you may contact the DPO for all matters relating to the processing of your personal data and the exercise of your rights under the GDPR at the following address: dpo@susa.it 2.1. - DATA PROCESSORS. The complete list of Data Processors is available at the SUSA SPA headquarters.
3. NATURE OF PERSONAL DATA"Personal data" means any information relating to a natural person (the data subject). The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation is prohibited unless the data subject has given explicit consent to the processing of such personal data for one or more specific purposes (Article 9, paragraph 1, letter a of RUE 2016/679), and none of the other grounds set forth in letters b-j of the aforementioned article apply.
4. PURPOSE OF DATA PROCESSINGYour personal data collected will be processed by SUSA SPA, including with the aid of IT tools, for the following purposes: 1. To satisfy pre-contractual requirements (e.g., processing offers or orders, credit checks), fulfillment of contractual obligations (supply of goods and/or services, including management of delivery obligations and related logistics and transportation) and legal obligations (e.g., bookkeeping, tax formalities, administrative and accounting management); supplier management for aspects other than those specified in subsections 1-2: internal organization of activities related to the active and passive supply of products and/or services, such as credit management and risk control (fraud, insolvency, etc.), litigation management and credit assignment, management of financial and insurance services, management of electronic payment instruments, management of telephone directories, statistical processing). The legal basis for the processing is Articles 1337 and 1338 of the Italian Civil Code. as well as any subsequent contract signed between the Data Controller and the recipient of this privacy policy (data subject), as well as the legislation relating to accounting, tax, regulatory obligations, or orders from an authority. Processing is necessary for the pursuit of the Data Controller's legitimate interest in complying with pre-contractual obligations arising from applicable legislation (Articles 1337 and 1338 of the Italian Civil Code) and contractual obligations entered into between the parties, and therefore does not require explicit consent [Article 6, paragraph 1, letter b, GDPR]. 2- compliance with legal obligations, regulations, EU legislation, orders, and requirements of the competent authorities to which SUSA SPA is subject. Processing for the above-mentioned purpose does not require consent as it constitutes legitimate processing, constituting compliance with legal obligations. 3- the pursuit of our legitimate interest, as the Data Controller, such as managing complaints and disputes, recovering debts, and preventing fraud and illegal activities. The legal basis in this case is SUSA SPA's legitimate interest, including the right to exercise and/or defend, where necessary, its rights in the appropriate forums. 4- to carry out communications, including commercial and promotional communications, to the email address you provide us, as the interested party, regarding SUSA SPA's services and activities. Consent to the processing of your personal data for this purpose is optional, but failure to provide it may make it impossible to respond to a request or fulfill a request from SUSA SPA, or to provide a service you have requested.
5. DATA PROCESSING METHODSYour data is processed in accordance with the law and in compliance with professional and official secrecy. The data is stored in such a way as to ensure its confidentiality, prevent its destruction or use by unauthorized third parties, and in full compliance with the security measures required by current legislation. Your data is processed, using paper and electronic media, only by authorized personnel.
6. CONSEQUENCES OF REFUSAL TO PROVIDE DATAYour refusal to provide data may make it impossible for SUSA SPA to provide the service, order, or other services you have requested or to complete the administrative tasks associated with the service itself. You will therefore be asked to provide your written consent to the processing of your data as described in this privacy policy.
7. DATA RETENTION PERIODSThe personal data you provide will be retained for the time strictly necessary for the purposes for which it is collected and based on the criteria defined internally by SUSA SPA. The duration of these periods is indicated, along with the purposes, in an internal document, which may be made available to you following your specific request. After this period, your data will be permanently deleted or otherwise irreversibly anonymized.
8. CATEGORIES OF PARTIES TO WHOM THE DATA MAY BE DISCLOSEDThe personal data collected may be disclosed to the following categories of parties who perform activities related and instrumental to the provision of the services provided: * public security authorities, judicial authorities (upon specific request), and other entities required by laws and regulations; * consultants, accountants, or lawyers who provide services related to the purposes indicated above; * banking and insurance institutions who provide services related to the purposes indicated above; * companies providing services related to our activities, freight forwarders, carriers, and couriers (only the data necessary for deliveries); Your personal data may also be accessed by internal and/or external parties (employees and consultants) as authorized and/or responsible for processing in order to fulfill the duties and responsibilities assigned to them in accordance with the purposes stated above. You may contact us at any time for updated information on the scope of disclosure of your data. Your data is not intended for dissemination.
9. DATA TRANSFER TO NON-EU COUNTRIESSUSA SPA does not voluntarily transfer personal data abroad. However, some third-party service providers may have their servers physically located abroad (such as email providers). In such cases, some of your personal data may need to be transferred to recipients outside the European Union, in compliance with applicable legislation.
10. DATA SUBJECT RIGHTSWithin the limits of applicable law, as a data subject of the processing of your personal data by SUSA SPA, you may exercise the following rights at any time: the right to obtain confirmation as to whether or not personal data concerning you exists and, where that is the case, to obtain access to and a copy of it. Unless otherwise required by applicable law, SUSA SPA may refuse to obtain such a copy if this would adversely affect the rights and freedoms of others. You have the right to obtain the provisions of Articles 15 to 22 of Regulation (EU) 2016/679: 
a) DATA SUBJECT'S RIGHT OF ACCESS "The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in Article 15 of Regulation (EU) 2016/679." 15, paragraph 1, letters a) to h) (for further information, please refer to Art. 15 of RUE 2016/679);
b) RIGHT TO RECTIFICATION "The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement" (Article 16 of RUE 2016/679);
c) RIGHT TO ERASURE ["RIGHT TO BE FORGOTTEN"] "The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the grounds" indicated in Art. 17, paragraph 1, letters a) to f) (for further understanding, please refer to art. 17 of RUE 2016/679);
d) RIGHT TO RESTRICTION OF PROCESSING "The data subject shall have the right to obtain from the controller restriction of processing where one of the conditions applies" indicated in Article 18, paragraph 1, letters a) to d) (for a further understanding, please refer to Article 18 of Regulation (EU) 2016/679);
e) RIGHT TO DATA PORTABILITY "The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where one of the conditions applies" indicated in Article 20, paragraph 1, letters a) and b) (for a further understanding, please refer to Article 20 of Regulation (EU) 2016/679);
f) RIGHT TO OBJECT: "The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6, paragraph 1, letters e) or f), including profiling based on those provisions." (For further information, see Article 21 of RUE 2016/679.)
g) RIGHT NOT TO BE SUBJECT TO AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING. "The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her." (For further information, see Article 22 of RUE 2016/679.)

SUSA SPA does not, however, perform profiling.

The above requests should be sent by email to: dpo@susa.it.