General Privacy Policy for our “SUPPLIERS”

Latest update: February 14th, 2023

Summary This information is provided by Public Pressure in its capacity as Data Controller (hereinafter also simply the “Company” or “Data Controller”), as this entity determines the purposes and means of the processing.
The natural persons to whom the Personal Data refer are referred to as “Data Subjects”. If the Supplier is a natural person or sole proprietor, this subject is himself the Data Subject; if it is a private organisation (e.g. a partnership, corporation, association, etc.), the Data Subjects are the natural persons who administer the organisation itself or who operate under its authority (e.g. its Workers); information strictly related to the organisation (e.g. tax code or VAT number) is not considered Personal Data. Processing of Personal Data, in simple terms, is any operation concerning any ‘information relating to an identified or identifiable natural person’. For example, an e-mail address referring to a person (e.g. johndoe@domainname.com) is considered ‘Personal Data’, and the act of collecting and registering it with us is considered ‘Processing’. You, as the “natural person to whom the Personal Data relates”, are defined as a “Data Subject”, and are entitled to receive the following information about who we are, what Personal Data we process, why, how and for how long we process it, and what obligations and rights you have in this respect. Definitions of the terms and expressions used can be found at the end (the Glossary).
Who are we (“Data Controller”)?
Public Pressure Ltd., a company duly existing and incorporated under the laws of Ireland, with registered office in 3rd Floor, Ulysses House, Foley Street, Dublin 1, Ireland, D01 W2T2 registered at the Registrar of Companies of Dublin with Number 701750, VAT no. IE-3929949FH (hereinafter also just “Public Pressure”, or “Company”, or ” Data Controller”).
What categories of Personal Data do we process?
We process common personal data (e.g. first name and surname, fiscal codes, telephone numbers, address, email, etc.) of Suppliers to the minimum extent necessary to achieve each of the Purposes set out below. Contracts and related Data Processing activities which do not expressly refer to this Privacy Policy do not fall within the scope of application of the following provisions.
Which is the source of Personal Data?
We have obtained it directly from the data subject (if the data subject is a natural person); otherwise, we have received it from the organisation in whose name and/or on whose behalf the data subject operates.

Why do we process Personal Data (Purpose) and what is the basis for the Processing (Legal Basis) of each category of Data?
We process personal data for the following purposes:
  1. Supplier management (examination of commercial offer, contract stipulation, implementation and maintenance of master data, management of Supplier requests) in order to enter into and perform the Contract and any consequent and/or related activity (e.g. sending technical, contractual and organisational communications and information) on the basis of the need to fulfil the Contract;
  2. comply with obligations under applicable legislation and/or orders issued by authorities, on the basis of the need to fulfil legal obligations;
  3. to establish, exercise and/or defend a right in the competent courts, on the basis of our legitimate interest in defending one of our rights against the Data Subject and/or the need to pursue this purpose in court.
To whom do we disclose the Data (Categories of Recipients)?
The following categories of persons, to the minimum extent necessary to achieve each Purpose, on the basis of Applicable Law and/or a contractual agreement with Public Pressure:
  1. subjects required to perform the Contract or related to some other contract, acting as Data Processor or as autonomous Data Controllers (e.g. IT services suppliers, bankers, insurers, delivery services, commercial agency, accountants, tax and fiscal experts, lawyers, etc.);
  2. person authorised by Public Pressure , bound to confidentiality obligations or under legal duty of confidentiality;
  3. public Administrations or organisations, if and to the extent required by the Applicable Law or their orders, or in order to exercise, defend or assess a right in court, or l Data, defence of the State, its security or the preventions and investigations of offences.
Do we transfer Personal Data outside the European Economic Area?
Some of our IT service providers are based in countries that may not have equivalent privacy and data protection laws to the country in which You reside.
We ensure that when we transfer information of users in the EEA, the UK or Switzerland to third countries the transfer will take place only in presence of an adequacy decision or on the basis of the Standard Contractual Clauses (SCCs) which have been approved by the European Commission and other appropriate measures to safeguard the transfer. You can contact us for further information about the transfer of Personal Data outside the European Economic Area, the UK and Switzerland.
How long do we retain the Data?
We will hold your data for the time necessary to fulfill our purposes as follows:
  1. for the performance of the contract, we will hold the data for the duration of the contract and for a further period of 6 years unless applicable law requires us to retain it for a longer period;
  2. for compliance with legal obligations, we will retain the data as required by these legal and regulatory obligations (such as tax and accounting obligations);
  3. to establish, exercise and defend against legal claims, we will hold the data for the time necessary to protect our rights.
The Personal Data of those who, despite being proposed to us, do not become our Suppliers will not be retained beyond three years from the last contact.
Are You obliged to provide us with Personal Data?
Yes, because the data is necessary to answer requests, to manage the contractual relationship and to fulfil obligations arising from Applicable Law.
What happens if I refuse to communicate your Data?
If the Supplier refuses to disclose the Data, we shall not be able to establish and/or continue the contractual relationship.
What rights do You have as a “Data Subject”?
You have the right to:
  1. access the data held by the Controller, and to ask for a copy, unless the exercise of the right violates the rights and freedoms of other natural persons;
  2. request the rectification of incomplete or inaccurate data;
  3. request the erasure of the data, subject to the exclusions or limitations established by the Applicable Law;
  4. request a list of the data processors, with further data useful for their identification;
  5. request the restriction of processing, if the conditions are met and subject to the exclusions established by the Applicable Law request data portability (i.e. commonly used and machine-readable format, so that they can be transmitted to another Data Controller without hindrance), to the extent that the processing is based on consent or on the need to perform a contract, where technically possible and except where the exercise of the right infringes the rights and freedoms of other natural persons;
  6. lodge a complaint with the Data Protection Authority of your country, or of the place where the alleged violation occurred.
Right to object: You may object to the processing of data based on the legitimate interest of the Data Controller, at any time for reasons related to your particular situation (e.g. harm to your honour, reputation, decorum), unless the Data Controller demonstrates a compelling and overriding legitimate interest, and unless the processing is necessary for the establishment, exercise or defence of a legal claim.
Who can You contact for questions or to exercise your rights?
You may contact the Data Controller for questions concerning the processing of your Personal Data by sending an email to legal@publicpressure.io.
PLEASE NOTE
  1. This privacy policy has been published in the date indicated above; we can modify the content (in whole or in part) also because of changes in the privacy law; we will publish the updated version of the information note (from that moment it will be binding): Data Subject is invited to visit periodically the page which contains this document and/or the relevant section of the website.
  2. It is understood that the Supplier (if incorporated as a partnership, corporation, association, etc.), having taken note of the above information, undertakes to communicate it to those acting under its authority.
  3. he Controller does not collect intentionally information related to children under sixteen years of age. In the event that information on minor was collected, will be cancelled promptly on request of the Data Subject or of the person who exercises the parental responsibility.
GLOSSARY
“Applicable Law”: any provision of laws and regulations, applicable to the processing of personal data through the Site.
“Client”: the individual or entity who enters into the Contract, as well as its Managers, Employees or other agents.
“Contact Form”: means any online form provided by us through the Site, composed of one or more pages, through which the Visitor can send information or make requests.
“Contract”: any agreement entered into by a Supplier with our company which expressly refers to this Privacy Policy.
“Data Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“GDPR”: Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”.
“Personal Data”: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
“Restriction of processing”: the marking of personal data stored with the aim of limiting their processing in the future.
“Supervisory Authority”:the independent public authority in charge of monitoring the application of the privacy law.
“Supplier”: the individual or entity that submits a commercial offer to the Data Controller, as well as to their Managers, Employees or agents, or otherwise enters into a negotiation or into a Contract with the Data Controller.
THE ICONS
Some icons are extracted from the “DaPIS (Data Protection Icon Set)”, created by the CIRSFID, Università di Bologna e Accademia di Belle Arti di Bologna (http://gdprbydesign.cirsfid.unibo.it/dapis-the-data-protection-icon-set/), released under Creative Commons Attribution-ShareAlike 4.0 International license (CC BY-SA 4.0) (https://creativecommons.org/licenses/by-sa/4.0/).