Information for Suppliers pursuant to Article 13 of Regulation (EU) 2016/679

This information is provided by Società Agricola Leovì S.r.l. pursuant to Article 13 of European Regulation No. 2016/679 (‘Privacy Regulation’ or ‘GDPR’).

Although the Regulation does not apply directly to the data of legal persons, the Company nevertheless provides this information to its Suppliers, illustrating the methods and purposes of the processing carried out on the personal data of natural persons working within customer companies.

1. Introduction

Società Agricola Leovì S.r.l., with registered office in Contrada Marchi, snc – 72020 Cellino San Marco (BR), VAT number 02402360743, e-mail: amministrazione@leovi.it, as Data Controller, informs that personal data relating to Customers, already provided or to be provided in the future, will be processed in compliance with the GDPR, in relation to pre-contractual and contractual relationships established or to be established.

2. Source of personal data

The personal data processed is collected directly from the data subject during the pre-contractual phases or during the contractual relationship.

The Company guarantees that all data acquired is processed in full compliance with current legislation and with adequate confidentiality measures.

3. Nature of data collection

The collection of personal data is mandatory for the conclusion and execution of the contractual relationship and to comply with legal, fiscal and administrative obligations.

Failure to provide the requested data makes it impossible to establish or manage the relationship with the Company.

The consent of the data subject is not required for such processing.

4. Purpose of processing and legal basis

Personal data is processed exclusively for purposes related to the Company's economic activities, in particular for:

• pre-contractual activities and acquisition of preliminary information prior to the conclusion of the contract;

• management of the contractual relationship and administrative, operational, management and accounting activities (order management, invoicing, reliability checks, etc.);

• management of any disputes (breaches, warnings, transactions, arbitrations, legal disputes);

• fulfilment of obligations under laws, regulations, EU rules and provisions of the authorities.

Legal basis for processing:

• fulfilment of pre-contractual and contractual obligations (Art. 6.1.b GDPR);

• fulfilment of legal obligations (Art. 6.1.c GDPR).

5. Processing methods

Data processing:

• is carried out lawfully, fairly and in accordance with current legislation;

• is carried out using appropriate tools to ensure security and confidentiality, including electronic and IT tools;

• is carried out mainly by the Company's internal staff, under the direction of the relevant company departments.

6. Duration of processing (data retention)

Personal data will be retained:

During the pre-contractual or contractual relationship

For the entire duration of the relationship.

After the termination of the relationship

• 10 years for data necessary for the fulfilment of legal and tax obligations;

• for the entire duration of any legal proceedings, until the judgement becomes final;

• 5 years for data intended for communication to supervisory or judicial authorities (with possible extension if requested by the authorities).

Unnecessary data will be deleted immediately after the termination of the relationship.

For pre-contractual activities only

The data is stored for 12 months, except for the need for legal defence (in which case storage continues until the judgement becomes final).

7. Recipients of personal data

The data may be disclosed — in compliance with legal obligations and the purposes indicated above — to the following parties:

1. Public bodies, supervisory authorities or public institutions;

2. Parent companies, subsidiaries or affiliates, in Italy or abroad;

3. Service providers (e.g. data processing, logistics, postal and courier services, satisfaction surveys, legal, administrative, tax and accounting advice, event organisation, etc.);

4. Commercial intermediaries, banks, financial institutions, debt collection companies, auditors, insurers, shippers, etc.

• The subjects referred to in point 2 operate as External Data Processors.

• The other subjects operate as Independent Data Controllers.

The communication concerns only the data necessary and relevant for the purposes indicated, and may involve transfers abroad, including outside the EU, in compliance with standard contractual clauses or current authorisations.

Personal data will not be disclosed under any circumstances.

An updated list of recipients is available upon request.

8. Rights of the Data Subject

Pursuant to Articles 15, 16, 17, 18 and 21 of the GDPR, the data subject may exercise their rights relating to:

• access to personal data;

• rectification of inaccurate data or integration;

• erasure (within the limits of Article 2-undecies of the Privacy Code);

• restriction of processing;

• objection to processing.

Requests should be sent to the Data Controller's e-mail address: amministrazione@leovi.it

9. Right to lodge a complaint – Art. 77 GDPR

If the Company's response is not considered satisfactory or does not arrive within the time limits set by the legislation, the Customer may lodge a complaint with the Data Protection Authority at the following addresses:

• Website: www.gpdp.it / www.garanteprivacy.it

• Email: protocollo@gpdp.it

• Switchboard: (+39) 06.69677.1

10. Further information

Further clarification on the processing of personal data may be requested directly from the Company.

If a Data Protection Officer (DPO) is appointed, their contact details will be made available upon request.

The updated list of Data Processors is available from the Company.