Information for Customer and Supplier Referrals, GDPR


We inform customers / suppliers (interested in the processing) and their contact persons (hereinafter “interested”, pursuant to Article 4, paragraph 1 of the GDPR) that the professional relationships established with the undersigned Data Controller may involve the processing of personal data, in compliance with the following general principles:

  • all data are processed in a lawful, correct and transparent manner towards the data subject, in compliance with the general principles set out in Article 5 of the GDPR;
  • specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access;
  • the Data Controller is the undersigned Company: Ikron S.r.l., via C. Prampolini 2 – 43044 Part of Municipality: Lemignano – Collecchio; telephone number: 0521-304911; e-mail:
  • to which it is possible to contact to exercise all the rights provided for by articles 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), as well as revoke a previously granted consent or propose a complaint to the supervisory authority for the protection of personal data.

The Data Controller processes personal identification data of the customer / supplier (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and of its operational contacts (name, surname and data contact) acquired and used in the provision of the services provided by the Data Controller.


The data is processed for:

  • conclude contractual / professional relationships;
  • fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
  • fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority
  • exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; the ordinary internal needs of an operational, managerial and accounting nature).

Failure to provide the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes, a specific consent will be requested from the interested parties.


The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.


The data is processed by internal subjects duly authorized and trained in accordance with Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects who operate as managers or independent data controllers (consultants, technicians, banks, transporters, etc.). We also inform you that personal data may be subject to intercompany communication between the companies of the Group. The data are not subject to disclosure or transfer to non-EU countries. If it is necessary, in the context of tenders / contracts or in the fulfillment of regulatory obligations (eg joint and several liability, anti-corruption, anti-mafia, anti-money laundering, etc.) to acquire personal data of their employees from customers / suppliers, it is agreed between the parties that the undersigned company will be entitled to the processing as an external manager (Article 28 of the GDPR) or as an authorized person (Article 29 of the GDPR). As part of this relationship, the undersigned company undertakes to process such data in compliance with the compliance requirements of the GDPR, guaranteeing any communication to other subjects exclusively within the scope of specific legal obligations.


At any time, the interested party may exercise the right to:

  • ask for confirmation of the existence or otherwise of their personal data.
  • obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period.
  • obtain the rectification and deletion of data.
  • obtain the limitation of the processing.
  • obtain data portability, ie receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without hindrance.
  • oppose an automated decision-making process relating to natural persons, including profiling.
  • opporsi ad un processo decisionale automatizzato relativo alle persone fisiche, compresa la profilazione.
  • propose a complaint to the Italian Data Protection Authority.