Information Client and Supplier

Information Notice pursuant to art. 13 Regulation (EU) 2016/679 on 27th April 2016

Information on the processing of data belonging to employees of client and supplier companies

According to the European Regulation nr. 2016/679 (“GDPR”) any person who carries out personal data processing is required to inform the data subject (i.e. the person whom data belong to) on some elements qualifying data processing, which must be carried out with fairness, lawfulness and transparency, protecting the confidentiality and rights of the data subject.

General Principles of Data Processing
Data processing will be performed through collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction and will be carried out by the data controller, data processor and persons authorized to process data.

Personal Data will be processed lawfully, fairly and in a transparent manner; will be collected for specified, explicit and legitimate purposes and processed in a manner that is not incompatible with such purposes; they will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, accurate and up-to-date; they will be processed with the utmost confidentiality, mainly with electronic and automated means, and stored both electronically and on paper, and on any other type of suitable means, in accordance with the principles of the General Data Protection Regulation, the requirements given by the supervisory authority and, in any case, in such a way as to ensure adequate level of security, including protection, with adequate technical and organizational measures, from non-authorized or unlawful processing, or even accidental loss. Data will be stored in a manner that permits the identification of the data subjects for the extent strictly necessary to the achievement of the purposes for which they were processed.

ARITHMOS S.r.l. (Arithmos S.r.l.) undertakes the responsibility to observe specific security measures in order to prevent data loss, illegitimate or unfair use and unauthorized access, in full compliance with statutory and regulatory provisions.

The personal data voluntarily provided by yourself (both by email and other means of communication, or by spontaneous sending of your curriculum vitae through the website at the time of your application), will be stored in Arithmos’s database exclusively for the purposes specified above and for the time required by the relevant legislation.

Identity and Contact Details of the Data Controller
Data Controller is ARITHMOS S.r.l., a sole shareholder company, with registered office in Verona, Via Germania n. 2, VAT Number 03568990232.

For the purposes of exercising the rights provided for in the GDPR, and for any request relating to your personal data, you may contact the Data Controller by sending a communication to the following e-mail address:

Contact Details of the Data Protection Officer
Arithmos S.r.l. has appointed as Data Protection Officer (DPO), Avv. Simone Baggio, whose email address is

Purposes and Legal Basis of Data Processing
The processing of the personal data of client or supplier and employees of the client or supplier companies is aimed at carrying out contractual negotiations and executing the contract concluded with the holder of the employment relationship or at performing checks, controls and audits before or after the execution of the contract itself.

The processing of personal data of client or supplier is necessary for the performance of the contract to which the Data subject is party.

The processing of personal data belonging to employees of third-party companies is required for pursuing the legitimate scope of the undersigned company, and precisely it is necessary in order to execute the contract between Arithmos S.r.l. and the organization to which the employee belongs, or in the context of contractual negotiations, or again during checks, controls and audits.

Categories of personal data being processed
Data which are subject to processing are common data (which relate to client or supplier personal and fiscal data and the employment relationship, job tasks, personal and fiscal data, contractual data, etc.). No data relating to health condition and biometric or judicial data will be processed.

Possible Recipients or Categories of Recipients of Personal Data
Personal data acquired by the undersigned company are not subject to dissemination.

Personal data may be known by employees, autonomous collaborators, subsidiaries, sister companies and controlling companies, to the extent that such knowledge is necessary for the achievement of the purposes indicated.

These data may be communicated within the company and be known by the persons tasked with data processing and appointed as data processors by Arithmos S.r.l. The list of Data processor can be asked by email to the address

Transfer of Personal Data to Third Countries
For the purposes specified, Arithmos S.r.l. uses the platform Zoho CRM, which is managed by the company ZOHO CORPORATION B. V, with registered office at Beneluxlaan 4B, 3527 HT Utrecht, the Netherlands, including ZOHO CORPORATION PVT. LTD., incorporated and registered in India, whose registered office is at Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, INDIA. Arithmos S.r.l. transfers the personal data adopting data protection clauses set forth by the European Commission.

Arithmos S.r.l. could transfer your personal data for the purposes specified to other organization in Third Countries by adopting data protection clauses set forth by the European Commission.

Period of storage of Personal Data
Personal data will be stored by the undersigned company for the entire duration of the contract with the organization holding the employment contract and for ten years after the termination of the contract itself, and/or in any case in compliance with the requirements of the current civil, fiscal and administrative legislation on data storage. A longer period of storage of personal data may be due to requests made by the Public Administration or by another judicial, governmental or regulatory body, or caused by the participation of the undersigned company in judicial procedures involving the processing of personal data.

Rights granted to the Data Subject
Data Subjects are entitled to obtain access to personal data from the Data Controller, for free and without any limitation to third parties’ rights and freedoms. Particularly, they have the right to receive confirmation of whether or not their own personal data are being processed, and to receive the following information: a) the origin of the personal data, in case they were not collected from the data subject; b) the categories of personal data; c) the purpose and modality of treatment; d) the existence of an automated process, profiling included, and in that case the logic applied, the importance and any expected consequence of such processing for the data subject; e) updating or rectification; f) the deletion or limitation of the processing of their data (anonymization, blocking of unlawful data processing, including those whose storage is not required in relation to the purposes for which they were collected or then processed); g) the recipients or the categories of recipients to whom personal data have been or will be communicated, especially if they belong to international organizations or third countries (in the latter case, the data subject has the right to be informed of the existence of adequate guarantees pursuant to article 46 relating to data transfer); h) when possible, the expected period of storage of personal data or, in case it is not possible, the criteria used in order to determine such period.

Data Subjects have the right to withdraw their consent to data processing and to oppose data processing. Anyhow, the withdrawal of consent to data processing shall not affect the lawfulness of data processing based on the consent given before its withdrawal.
Data subjects also have the right to data portability.

Right to lodge a complaint
Data subjects have the right to lodge a complaint to the Supervisory Authority, which is represented in Italy by the Data Protection Authority, with its headquarters in Rome, Piazza Venezia, 11.

Mandatory or optional nature of data communication
The communication of your personal data is optional. The refusal to communicate them will prevent the company from pursuing the purposes specified in this information notice.

Existence of an automated decision-making process
The undersigned company does not use any automated decision-making process.