Supplier Information Notice



Italtel S.p.A. with headquarters in Settimo Milanese (Castelletto), Milan, Via Reiss Romoli, in its capacity of Data Controller (hereinafter referred to as “ITALTEL” or the “Data Controller”), pursuant to Art. 13 and 14 of the Regulation (EU) 2016/679 (“GDPR”) wishes to inform you of the following.


Your personal data are made up of common data such as your name, your email, your telephone details, your employment position within the Company that has a contractual relationship for the supply of products and/or services with ITALTEL, etc.


Personal data may be processed for the following purposes:

  • implementation of the supply contract between ITALTEL and the Company of which you are the contact person
  • execution of the related managerial, administrative and accounting obligations
  • quality management purposes
  • execution of any maintenance obligations
  • fulfilment of legal obligations
  • corporate security purposes to allow easy access to the headquarters
  • cyber security
  • any defensive needs.

The processing  will be performed  using manual and/or computerized and digital instruments, suitable to guarantee the security and confidentiality of the data.


Data provision is optional but necessary for the implementation of the supply contract with the Company in which you are referring.


Your data are collected from you but may also have been provided by your employer, for example, as you are the Contract Manager with ITALTEL.

The legal basis of the processing is constituted by the legitimate interest of the Data Controller to the processing of data of its interlocutor’s natural persons as well as by the fulfilment of the contractual and legal obligations with the company in which you are referring. The legitimate interest is also constituted by the purposes of security, defensive (video surveillance in the case of accessing our offices) or communication within the group. You can always object to the processing carried out for the legitimate interests of the Data Controller.

The Data Controller, in the event of exercising the right to object, refrains from further processing of personal data unless he/she demonstrates compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the data subject, for the assessment, exercise or defence of a legal claim.


Your data can be communicated to:

  • An auditing company for legal tax and accounting obligations
  • Certification bodies for ISO compliance
  • Public entities for the performance of legal obligations, or in case of inspection
  • Third parties to ensure the exercise of the right of defence (law firms) or judicial authorities, in compliance with similar orders

The concerned data may be communicated to other parties only if necessary for the purposes of the prevention, detection or repression of crime, in compliance with the regulations governing the matter.


Some of your data may also be communicated to non-EU countries for the same purpose of implementing the contractual relationship with ITALTEL, for example, to other ITALTEL Group companies.

The transfer will be done in relation to Countries with an adequate level of protection recognised by a decision of the European Commission, or in the presence of the conditions provided for by Art. 46 of the European Regulations of appropriate safeguards such as, but not limited to, standard contractual clauses, binding rules of the company, adherence to codes of conduct or certification systems. Nevertheless, considered the core business of Italtel, which may involve extra-EU transfer to Countries that do not have an adequate level of personal data protection, or for which sufficient safeguards are not in place, ITALTEL asks for a specific written consent representing that such transfers could involve a greater risk due to the lack of security measures aimed at delimiting privacy risks (e.g. unauthorised access by third parties, non-observance of the principles of lawfulness, etc.) both the absence in these Countries of regulatory instruments suitable for protecting your personal data.

All non-EU countries in which there are companies of  the ITALTEL Group where your data could be transferred are listed on the Web site , while the updated list of countries with personal data protection legislation assessed as appropriate by the European Commission is accessible from the official Web site of the Italian Privacy Authority by clicking on this link:

In addition, ITALTEL may adhere to its industry’s Codes of conduct or to the certification mechanisms that would enable the transfer of data outside the EU in accordance with Art. 46 of the GDPR and that, when needed, will also give the proper information through its own institutional Web site.


Your data will be stored for the period strictly necessary for the fulfilment of legal obligations, contractual obligations, and, if required, for the exercise of the right of defence of the Data Controller. Where you are the legal representative or an attorney of the supplying company or another attorney or have already affixed your signature on the documentation attesting the execution of the contract or other documentation – accounting relevant for the purposes of the contractual relationship or for purposes of fulfilment of legal obligations, the data may be kept for up to ten years as well as, in the event of a defensive need arising up to the persistence of the right of defence.


At any time, you may exercise your rights towards the Data Controller referred to in Chapter III of the GDPR, such as, for example, the right of access, rectification, integration, erasure, processing restriction, portability and the right to object in the presence of the legal conditions.

The right to object (opt-out) the processing for direct marketing can be invoked at any time to the processing inherent in the purpose of promotion.

In order to assert your rights, you shall send a communication to the registered address of ITALTEL by specifying the subject “Privacy” to the recipient. Alternatively, such communication can be transmitted via email to the email address, or by contacting the Data Protection Officer (DPO) by sending an email to the email address In the same manner, you can request the list of internal and external processors.

Finally, please remember that you may lodge a complaint before the Guarantor for the protection of personal data (


Settimo Milanese, May 25, 2018


Your browser is out-of-date!

Update your browser to view this website correctly., Update my browser now