Privacy Policy for Suppliers

Data Subjects  

Hera Group Suppliers receive this privacy policy

Data controller              

Hera S.p.A. with registered office in Bologna, Viale Berti Pichat 2/4, Tel. +39 051.287111

Data Protection Officer

The DPO is the Head of the Privacy, Information Security Compliance and Regulatory QSA function of Hera S.p.A., who may be contacted at Hera S.p.A., Viale Carlo Berti Pichat no. 2/4, 40127 Bologna or by e-mail: dataprotectionofficer@gruppohera.it

Personal data processed

The subject of this privacy policy is the processing of personal data, including but not limited to the following

Common personal data:

• surname, name and place of birth
• tax code / VAT number
• company name
• telephone numbers/e-mail address and fax number
• supplier's headquarters address

and any other data necessary to fulfil the obligations arising from the relationship between the Parties (e.g. data contained in the technical and financial offer as well as in the declarations of commitment - including those concerning the subcontracting reservation - made in the context of the contractor selection procedure preceding the establishment of the contractual relationship). After the establishment of the contractual relationship, further personal data will be requested, in line with the purposes indicated below and the provisions of the law.

Personal data relating to criminal convictions and offences:

• anti-mafia certifications and whitelisting
• certificate of criminal records
• certificate of pending criminal proceedings
• certificate of administrative sanctions arising from criminal offences

 Personal data obtained from third party sources

The data obtained from third-party sources are collected through queries of specific databases. The following list complies with the requirements set out in the currently applicable regulations.

• judicial data requested from a court and contained in: certificate of criminal records; certificate of pending criminal proceedings; certificate of administrative sanctions arising from criminal offences;
• anti-mafia prevention measures, verified by queries of: national anti-mafia database; public white lists at Prefectures;
• data on tax compliance requested from the Italian Revenue Agency;
• data on the compliance with Law 68/99 (job placement of disabled persons), requested from the competent Provincial Directorate for Labour;
• data concerning professional misconduct, verified by querying the Register of Reserved Records of Companies held by the Italian Anti-Corruption Authority (A.N.A.C.)
• data on the SOA certificate held by the companies, by querying the public database at the A.N.A.C.;
• data on the registration of companies in the National Register of Environmental Managers, querying the appropriate public database;
• data on the compliance with social security contribution payments by Companies (INPS, INAIL, Cassa mutua edile), by querying the DURC database;
• data on the compliance with social security contribution payments by Companies  (with the obligation to register with private-law pension funds), requested from the reference social security funds;
• other data may be collected from databases and systems (e.g. Cribis, Cerved, etc.) aimed at collecting information relating to the economic operator (Chamber of Commerce registration, bankruptcy proceedings, etc.).

Legal basis

  Purpose

 Nature of the personal data provision

Methods of processing

The personal data collected will be processed, using hard copies or electronic means, with the use of measures that ensure the security and confidentiality of your data.

Recipients

Your personal data will be processed exclusively by authorised personnel, formally appointed to complete such processing, duly identified, instructed and informed of the obligations set forth by law.

All or part of the processing may be carried out by third-party companies, whether or not part of the Hera Group, that will act as external data processors (e.g. assistance and contact centres, IT systems management, verification of contractual documentation).

Your personal data may be disclosed to companies in the Hera Group and/or third parties who have a contract with Companies of the Group (such as banks or lending entities, tax/legal advisors).

In the event of a contractual relationship with one or more Group Companies, the data will be communicated to the staff of the latter for the performance of the contractual relationship (e.g. to the Contractual contact persons).

The data may be disclosed to Public Bodies/Public Administrations/Authorities and supervisory and control bodies.

 Disclosure

The data will not be disclosed.

Transfer of data outside the European Union - European Economic Area

Your personal data may be transferred to countries outside the EU/EEA, in accordance with the applicable legal provisions, if necessary by entering into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission, in compliance with Articles 45, 46, 47 and 49 of the GDPR.

Data retention period

The data will be retained for the period necessary to fulfil the contractual obligations and related legal requirements, and in any case no longer than 40 years from the expiry of the last contract to which the Supplier is a party.

  Rights of the data subject

You have the right to obtain, in the cases provided for, access to and rectification or erasure of personal data or restriction of processing concerning you, or to object to processing (Art. 15 et seq. of EU REG 2016/679) by contacting the Data Controller directly by email at fornitori@gruppohera.it.

 Right to lodge a complaint with the Supervisory Authority

The data subject shall have the right to lodge a complaint with the Data Protection Authority.