Print this page

Suppliers Privacy Policy

1. Data Controller

Wonder S.p.A., with registered office in via Boschetto, 10, 26100 Cremona, Tax Code and VAT no. 00106500192, hereinafter referred to as "Data Controller", guarantees compliance with the regulations on the protection of personal data by providing the following information on the processing of data pursuant to Art. 13, EU Regulation 2016/679 (General Data Protection Regulation – GDPR) and subsequent amendments.

2. Data processed, purposes and legal bases of the processing

The personal data are collected and processed for the following purposes:

  1. for the performance of the relationship activities with the Data Subject on the basis of pre-contractual and contractual agreements;
  2. for administrative purposes and for the fulfilment of legal obligations such as those of accounting, tax, or to comply with requests from the judicial authority.

The legal basis for legitimate processing is the performance of a contract to which the Data Subject is a party or the performance of pre-contractual measures adopted at the request of the Data Subject and the legal obligation.

3. Nature of data provision

The provision of data with respect to the above purposes is mandatory due to legal and contractual obligations and therefore any refusal to provide them in whole or in part may make it impossible for the Data Controller to execute the contract or to correctly perform the related obligations (e.g. tax measures).

4. Places and methods of data processing and retention times

Data collected by the site are processed at the Data Controller's headquarters.

The data collected will be processed by electronic or automated, computerized and telematic means, or by manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in order to ensure the security of the same.

The data are kept for the time strictly necessary to manage the purposes for which the data are processed ("Conservation limitation principle", Art. 5, EU Regulation 2016/679) or in compliance with the deadlines provided for by current regulations and legal obligations.

Periodic verification of the obsolescence of stored data is performed in relation to the purposes for which it was collected.

In any case, the Data Controller practices rules that prevent the retention of data for an indefinite period of time and therefore limits the retention time in compliance with the principle of minimising data processing.

5. Subjects authorised to process data, data processors and communication of data

The processing of the collected data is carried out by internal personnel of the Data Controller for this purpose identified and authorised for the processing according to specific instructions given in compliance with current legislation.

The data collected, within the limits pertinent to the processing purposes indicated and if it is necessary or instrumental to the execution of such purposes, may be processed by third parties appointed as Data Processors, or, as the case may be, communicated to all subjects necessary for the proper performance of the purposes set out in paragraph 2.

The data collected may be provided in case of legitimate request, only in the cases provided for by law, by the Judicial Authority.

Your personal data will in no case and for no reason whatsoever be disclosed.

The Data Processors and Persons in Charge of the processing in office are identified in the Privacy Document, which is updated on a regular basis.

6. Transfer of Data to Non-EU Countries

Some of the data collected (essentially contact information) may be transferred outside the EU to the data centers of Microsoft Corporation, which adheres to the agreement governing the transfer of data between the European Union, USA and Switzerland (so-called Privacy Shield https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5306161).

7. Rights of the Data Subject

In relation to the Personal Data communicated, the Data Subject has the right to exercise the following rights:

  1. (Art. 7.3 EU Regulation 679/2016 – GDPR) withdrawal of consent;
  2. (Art. 15 EU Regulation 679/2016 – GDPR) access and request a copy;
  3. (Art. 16 EU Regulation 679/2016 – GDPR) request correction;
  4. (Art. 17 EU Regulation 679/2016 – GDPR) request cancellation ("right to be forgotten");
  5. (Art. 18 EU Regulation 679/2016 – GDPR) obtain the limitation of processing;
  6. (Art. 20 EU Regulation 679/2016 – GDPR) receive them in a structured, commonly used and machine-readable format for the purpose of exercising the right to portability;
  7. (Art. 21 EU Regulation 679/2016 – GDPR) oppose the processing.

The Data Subject may exercise his or her rights, as well as request further information regarding his or her Personal Data, by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it. specifying in the subject line the content of his or her request and attaching the relevant request form which may be downloaded from the links available in the list above.

Requests relating to the exercise of the user's rights will be processed without undue delay and, in any case, within one month of the request; only in cases of particular complexity and according to the number of requests may this period be extended by a further 2 (two) months.

We remind you that it is the right of the Data Subject (Art. 77 EU Regulation 679/2016 – GDPR) to lodge a complaint with the Data Protection Authority, located in Rome, Piazza Venezia 11, 00187, mail This email address is being protected from spambots. You need JavaScript enabled to view it..

***

Last updated: July 23, 2023