Information for Customers and Suppliers

In accordance with applicable data protection legislation, the processing of personal data relating to customers and suppliers of the companies forming the Diconet network is carried out in compliance with the principles of lawfulness, fairness, transparency, and protection of confidentiality and individual rights.

The companies forming the Diconet network are:

• DI.CO SERVICE S.R.L., Registered Office: Via Rinascita 26, 40064 Ozzano dell’Emilia (Bologna), Italy
• TECNOMEC S.R.L., Via Progresso 21, 40064 Ozzano dell’Emilia (Bologna), Italy
• CEM SERVICE S.R.L., Via Rinascita 28, 40064 Ozzano dell’Emilia (Bologna), Italy
• ANDIMEC S.R.L., Via Rinascita 10-12, 40064 Ozzano dell’Emilia (Bologna), Italy

Hereinafter collectively referred to as the “Data Controllers”.

Pursuant to Article 13 of Regulation (EU) 2016/679 (the “GDPR”), the Data Controllers hereby inform you that your personal data will be processed in the manner and for the purposes set out below.

Data Voluntarily Provided by the Data Subject

This includes personal data provided directly by customers or suppliers through the completion of forms, verbal communications, trial use or purchase of services, or by sending emails to our corporate email addresses.Such data are collected and processed for the following purposes:

Processing without your explicit consent (Article 6(1)(b) and (e) GDPR) for Service-Related Purposes:

A) Performance of contractual activities with customers. In the event of trial use of Diconet services or a request for contact, user data may also be processed during the trial period to assess the user experience relating to Diconet products and services.

B) Performance of contractual activities with suppliers.

C) Administrative purposes and compliance with legal obligations, including accounting, tax, and regulatory requirements, as well as responding to requests from judicial authorities.

D) Provision of technical support to customers and users.

E) Prevention or detection of fraudulent activities or misuse that may damage the services or products provided by the Data Controllers.

F) Recruitment and personnel selection purposes, exclusively in the event of submission of a curriculum vitae.

G) Establishment, exercise, or defense of legal claims and protection of the Data Controllers’ rights.

The legal basis for such processing is the performance of a contract to which the data subject is a party or the implementation of pre-contractual measures taken at the data subject’s request.

Place of Processing

Personal data are currently processed and stored at the registered offices of the Data Controllers.

Nature of Data Provision and Consequences of Refusal

The provision of personal data for the above purposes is mandatory. Failure to provide such data will prevent us from delivering our services and from fulfilling our contractual and legal obligations.

Methods of Processing

Personal data are processed in both paper-based and electronic form, using procedures and technical and organizational measures strictly related to the purposes for which the data were collected, and in any case in a manner that ensures their security and confidentiality.

Access to Data

Personal data are processed by duly authorized internal personnel of the Diconet network, acting under specific instructions and in compliance with applicable legislation.

Where necessary or instrumental to achieving the stated purposes, personal data may be processed by third parties appointed as Data Processors or, where applicable, communicated to such parties acting as independent Data Controllers, including:

• Individuals, companies, associations, or professional firms providing assistance and consultancy services to the Data Controllers, including outsourced activities, in their capacity as appointed Data Processors.
• Individuals, companies, associations, or professional firms providing support services or supplying products or services necessary to deliver a complete service to customers, such as feasibility studies, technical project management, or procurement of specific services.

Disclosure of Data

Without requiring explicit consent, the Data Controllers may disclose personal data to supervisory authorities, judicial authorities, and other entities to whom disclosure is mandatory by law for the purposes described above. Such entities will process the data as independent Data Controllers.

Data Retention Period

Personal data are retained for the time strictly necessary to achieve the purposes for which they were collected, in compliance with applicable laws and statutory obligations.

In particular, for administrative, accounting, payroll management, personnel training, contractual and employment-related purposes, and management of potential disputes, data are retained for ten years, as required by Article 2220 of the Italian Civil Code, without prejudice to any extension justified by delayed payments or pending litigation.

In any case, the companies of the Diconet network apply internal rules that prevent indefinite data retention and ensure compliance with the principle of data minimization.

Rights of the Data Subject

Data subjects may exercise the following rights vis-à-vis the Data Controllers:

1. Right of Access
   To obtain confirmation as to whether personal data are being processed and to receive a copy of such data together with relevant information regarding the processing activities.
2. Right to Rectification
   To request correction of inaccurate or incomplete personal data.
3. Right to Erasure
   To request deletion of personal data where such data are no longer necessary, where consent has been withdrawn, or where an objection to processing has been raised, subject to legal retention obligations.
4. Right to Restriction of Processing
   To request that personal data be stored but not further processed under certain conditions.
5. Notification Obligation
   The Data Controllers are required to notify any rectification, erasure, or restriction of processing to each recipient to whom the personal data have been disclosed.
6. Right to Data Portability
   To receive personal data in a structured, commonly used, and machine-readable format and to transmit such data to another controller without hindrance. This right applies only to automated processing based on consent or on a contract and only to data provided by the data subject. It does not apply to paper records or to processing based on public interest or legitimate interest grounds.
7. Right to Object
   To object at any time to the processing of personal data based on legitimate interest. The Data Controllers shall refrain from further processing unless they demonstrate compelling legitimate grounds overriding the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. Data subjects also have the right to object at any time to processing for direct marketing purposes.

The Data Controllers will respond to requests within one month. This period may be extended up to three months in cases of particular complexity. In any event, an initial response will be provided within one month, including in cases of refusal.

The Data Controllers may assess the complexity of requests and may charge a reasonable fee only where requests are manifestly unfounded or excessive, including repetitive requests.

How to Exercise Your Rights

You may exercise your rights at any time by sending:

• A registered letter with return receipt to DI.CO SERVICE S.R.L.
• An email to: info@diconet.it

Amendments to this Privacy Notice

This Privacy Notice may be updated from time to time. We therefore recommend reviewing it periodically and referring to the most recent version available.