INFORMATION ON THE PROCESSING OF PERSONAL DATA
(artt. 13 e 14 Reg. EU 2016/679 and current italian law – D.lgs 196/2003)
Dears,
below we provide you with some information that you need to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness
towards the interested parties is a fundamental part of our business.
Data Controller
The Data Controller of your personal data is Labo International Srl responsible towards you for the legitimate and correct use of your personal data and that you can contact for any information or request at the following addresses:
| VAT NUMBER | 04656360288 |
| Registered office | Piazza Luigi Da Porto 14, 35131, Padova (PD) – Italy |
| Phone Number | +39 0498078172 |
| [email protected] |
Data Protection Officer
The Data Protection Officer (DPO) can be contacted at the following addresses:
| [email protected] | |
| PEC | [email protected] |
Categories of data processed and data source
For the processing activities the Data Controller will process data such as: personal details (as name, surname, date of birth, …), fiscal code and other personal identification numbers, contact data, data regarding economic, commercial, financial or insurance activities.
The processed data are communicated by you and/or by third parties such as other suppliers and/or they are collected from publicly accessible sources.
Processing activities
Your personal data are collected and processed using automated, semi-automated and non-automated methods, as specified below:
| Processing | Purposes | Legal basis | Data retention* |
| Supplier management | Establishment and management of the contractual relationship | Performance of a contract or pre- contractual measures | 10 years from the year of termination of the last contract |
| Reception | Monitoring of people entering the company and managing calls | Pursuit of legitimate interest of the Controller to protect company assets/employees’ safety/organization and production needs | 1 year from the year of data acquisition |
| Accounting | Keeping of accounting records; Tax compliance | Legal obligation | 10 years from the accounting year |
| Activity planning and control | Programming of activities | Legitimate interest of the Controller to pursue business activity | 10 years from the year of competence |
| Purchase | Purchasing of goods or services | Performance of a contract or pre-contractual measures | 10 years from the year of competence |
| Management control | Internal business management control | Legitimate interest of the Controller to pursue business activity | 10 years from the year of competence |
| Acceptance | Acceptance of goods | Performance of a contract or pre- contractual measures | 10 years from the year of competence |
| Access control in relation to emergency COVID-19 | Preventing the infection by Covid-19 | Limited to the fulfillment of legal obligations related to the containment of COVID-19 pandemic | Retention period imposed by regulations regarding the fulfillment of legal obligations related to the containment of COVID-19 pandemic |
| Management and maintenance of IT systems | Management and maintenance of network and computer systems | Legitimate interest of the Controller to protect the functionality and security of the systems; Fulfillment of a legal obligation (limited to the provisions of the regulations regarding system administrators) | 10 years from the year of termination of the contractual relationship for accounts, passwords, and user names; 13 months for system administrator compliance |
| Defense of interests and rights of the Data controller | Prevent and/or detect possible abuse and defend the rights and interests of the Data controller | Legitimate interest of the Data controller in protecting its rights and interests in court or in the stages preparatory to its possible establishment | 10 years from the year the data was granted |
*In addition to the time related to prescriptive periods of mutual rights and the retention time of backups.
**If you do not provide consent, personal data will not be processed for specific purposes.
The consent can be withdrawn at any time by contacting the owner at the contact details indicated above.
Provision of data
For the aforementioned purposes, the provision of your data is a necessary requirement, in case of denial to provide your personal data, it may not be possible to carry out the processing activities.
Data recipients
Your data may be communicated exclusively for technical and operational needs strictly related to the aforementioned purposes, to subjects who process the data on behalf of the owner, appointed as data processors pursuant to art. 28 of the EU Reg. 2016/679 as well as to public bodies with respect to which there is a legal obligation to communicate (by way of example and not limited to the Chamber of Commerce, Revenue Agency, etc.).
Data transfer outside the EU
The processing of personal data (e.g. storage, archiving and retention of data on its servers or in the cloud) will be limited to the areas of circulation and processing of personal data of the countries belonging to the European Union, with the express prohibition of transferring them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of protection tools provided for by EU Regulation 2016/( adequacy decision by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).
Rights of the data subjects
● You have the right, according to the provisions of art. 15 and following of EU Reg. 2016/679 to request the Data Controller access to your personal data, as well as their
rectification or erasure.
● You also have the right to request data portability, or restriction of processing.
● You have the right, on grounds related to your particular situation, to object to processing based on the legitimate interest.
● For treatments based on consent, you have the right to withdrawn at any time the consent, without affecting the lawfulness of processing based on consent before
its withdrawal;
● You can also lodge a complaint with the supervisory authority, Autorità Garante per la Protezione dei Dati Personali, based in Piazza Venezia 11, 00187 – Rome – Italy
[email protected]
To exercise your rights or to request additional information, you can contact the Data Controller using the contact information above.
Policy updates
The Data Controller is entitled to make changes to this privacy policy at any time by updating the documents on this page. Therefore, visitors are invited to consult this link often, keeping as a reference the date of the last update indicated below.
Last update 12/17/2025