Information on the processing of personal data pursuant to art. 13 and 14 of the European Regulation 2016/679 (“GDPR”).

Dear Supplier/Customer,

this information is provided to you not only to fulfill the obligations imposed by the Laws regarding the protection of personal data, in particular by Regulation (EU) 2016/679 (GDPR), by Legislative Decree 196/2003 as updated by Legislative Decree. Legislative Decree 101/2018 (Privacy Code) and the relevant provisions of the Guarantor Authority for the protection of personal data, but also because the Company Foodpartner S.r.l. believes that the protection of personal data is a fundamental value of its business and wishes to provide you with any information that can help you protect your privacy and control the use made of your personal data.

Who processes your personal data? The data controller, i.e. the person who determines the purposes and means of the processing of personal data who can be contacted to exercise the rights recognized by the GDPR, is the Company Foodpartner S.r.l., with registered office in via Santo Stefano 356, postal code 41052 , Municipality of Guiglia, Province of Modena, VAT number IT03339580361

The Data Controller can be contacted on the telephone number: telephone: 0522/633158 or by sending an e-mail to the address:, or via PEC:, taking care to specify the reason for the request.

Why do we process your personal data and on what legitimate basis? Your personal data is processed:


  1. For purposes strictly connected and instrumental to the correct establishment and management of the contractual

The provision of your personal data is optional but, as these are treatments strictly necessary for the definition of the contractual agreement and for its subsequent implementation, in case of refusal to provide personal data, we will not be able to conclude and/or continue the contractual relationship with you.

The basis of lawfulness of the processing, for this purpose, is represented by art. 6, par.1, letter. b) GDPR.

  1. To fulfill legal obligations, regulations, community regulations, and to fulfill current administrative, accounting and tax For this purpose, the processing of your personal data is mandatory and is carried out without the need to obtain your consent. The basis of lawfulness of the processing, for this purpose, is represented by art. 6, par.1, letter. c) GDPR.
  2. To act and/or defend ourselves in court, following any

The basis of lawfulness of the processing, for this purpose, is represented by art. 6, par.1, letter. f) GDPR and your consent is not required as the Data Controller pursues its legitimate interest in ascertaining, exercising or defending its rights in court.

What personal data do we process? We process only the personal data strictly necessary for the purposes mentioned above: identification and personal data, contact data (telephone number, e-mail address, PEC), contractual data, tax data (tax code/VAT number), bank data (Iban code).

We do not process particular personal data pursuant to Article 9 GDPR (also called “sensitive data”).


How do we obtain your data? Your data is communicated to us directly by you, in the pre-contractual phase or at the time of conclusion of the contract, or may be communicated to us by our network of customers/suppliers for whom we act as data controllers.

How long do we keep your personal data for? Your personal data will be processed for the entire duration of the contractual relationship and stored for a period of 10 (ten) years starting from the time limit of the relationship itself, unless a longer period is required by law or in the event that the data are necessary for the defense of the rights of the Owner

Is there an automated decision-making process? No, there is no automated decision-making process.


Do we transfer your data abroad? Pursuant to art. 45 GDPR, for the purposes mentioned above, also following the use of specific information society services, your data may be transferred to third countries, specifically the United States of America, to third parties. which guarantee an adequate and certified level of protection to the interested party, as they are registered in the “Data Privacy Framework Program” list, in compliance with the adequacy decision of 7 July 2023 of the European Commission (EU-US Data Privacy Framework). Any transfer of personal data which is the subject of processing, or intended to be the subject of processing after the transfer to a third country, takes place in strict compliance by both the company Foodpartner s.r.l. and of its Data Processors and/or Sub-processors, of the provisions referred to in Chapter V of the Regulation. All the provisions of

Chapter V in question are applied in order to ensure that the level of protection of natural persons guaranteed by the Regulation is not undermined.


What are your rights? In relation to the personal data subject to the processing referred to in this information, you are recognized, at any time, in

accordance with, within the limits and conditions established by the articles. 15 – 16 – 17 – 18 -20 – 21 GDPR, the right to:


  1. Access (art. 15 GDPR): right to request confirmation whether or not processing relating to your personal data is in progress, without having to justify the request and, if so, to obtain access to the same data and a copy of the same;
  2. Rectification and integration (art. 16 GDPR): right to obtain the rectification of inaccurate personal data and the integration of insufficient or outdated data concerning you;
  3. Cancellation (art. 17 GDPR): right to obtain the deletion of your personal data, under the conditions and within the limits imposed by art. 17 GDPR;
  4. Limitation (art. 18 GDPR): right to obtain that your data are “frozen”, “blocked”, processed but for the sole purpose of conservation, with consequent impossibility of any other processing operation other than conservation for the period of limitation, under the conditions and within the limits imposed by 18 GDPR;
  5. Portability (art. 20 GDPR): right to receive, in a structured format commonly used and readable by an automatic device, the personal data concerning you in order to transmit them, without impediments on our part, to another data controller;
  6. Opposition (art. 21 GDPR): right to object at any time, for reasons connected to the particular situation, to the processing of personal data concerning you, under the conditions and within the limits established by art. 21 GDPR.

The exercise of the aforementioned rights can be exercised by direct written communication to the Data Controller to be sent to the e-mail address:


Complaint to the supervisory authority: Without prejudice to any other administrative or jurisdictional appeal, if you believe that the processing concerning you violates the GDPR, you have the right to file a complaint with a supervisory authority, pursuant to Article 77 GDPR, in particular in the Member State in which you habitually resides, works or the place where the alleged infringement occurred.


How do we process your data? Your personal data will be processed solely through IT and paper tools, in ways that guarantee their security and confidentiality, also through, when possible, the use of encryption, pseudonymisation or data anonymisation techniques. The Data Controller, in order to protect the integrity and accessibility of your personal data and the tools used for their processing, undertakes to process your data with suitable means to reduce the risk of dispersion or violation by third parties. authorized, implementing adequate technical and organizational measures to guarantee a level of security appropriate to the risk, as required by art. 32 GDPR. The processing of your personal data will be carried out only by previously trained personnel, continuously updated and specifically authorized for this purpose.


What principles do we apply to the processing of your data? We process your personal data in compliance with the legal provisions on the protection of personal data, in particular in compliance with the provisions of art. 5 of the GDPR, therefore, your personal data are:

  1. processed in a lawful, correct and transparent manner (“lawfulness, correctness and transparency”);


  1. collected for specified, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with those purposes («purpose limitation»)
  2. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);


  1. accurate and, if necessary, We take all reasonable steps to promptly erase or rectify data that is inaccurate in relation to the purposes for which it is processed (“accuracy”);
  2. stored in a form that allows the identification of interested parties for a period of time not exceeding the achievement of the purposes for which they are processed (“limitation of storage”);
  3. processed in a manner that ensures adequate security of personal data, including protection, through appropriate technical and organizational measures, from unauthorized or unlawful processing and from accidental loss, destruction or damage (“integrity and confidentiality”).

By which subjects are personal data processed? Your personal data will not be disclosed. They may be communicated and processed by internal and/or external to the Foodpartner S.r.l. company subjects, in particular:

Internal Recipients: Authorized to process personal data: natural persons acting under the authority of the Data Controller, specifically appointed and authorized, pursuant to art. 29 GDPR, to process personal data within the scope of their duties and activities, after having received specific training and operating instructions for this purpose.

External recipients:

  1. Subjects to whom the communication of data must be carried out in fulfillment of an obligation established by law, by a regulation or by community legislation, or to comply with an order of the Judicial Authority;
  2. Data processors: all our data processors have been appointed pursuant to 28 GDPR and present the guarantees required by art. 32 GDPR. The complete list of data controllers is available, upon request of the interested party, by contacting the data controller.

These external recipients include:


  • Professional companies/firms that provide assistance, consultancy or collaboration to the Data Controller in accounting, administrative, fiscal, legal, tax and financial matters;
  • Third party service providers to whom communication is necessary for the performance of the services covered by the commercial contract;
  • Banking, credit and financial institutions;
  • Additional subjects, but only in relation to the company’s obligations deriving from any specific requests or initiatives of the supplier/customer

The Data Controller is available for any further information or questions.