WEP SARL, with registered office in Paris (France), 43 rue Beaubourg, 75003. (tel. 0033 01 48 06 26 26, e-mail: dataprotection@wep.org) as Data Controller (hereinafter, “Data controller”), informs you pursuant the (EU) Regulation no. 679/2018 (“GDPR”) and the applicable national Data Protection law, that your personal data shall be processed according to the following modalities and for the following purposes.
1) Scope of Data Processing
The Data Controller processes the following personal data, identifying and not sensitive/particular (in particular name, surname, business name, address, e-mail, phone number, VAT no, etc…), communicated by you as supplier of the Data Controller on the basis of the contractual (hereinafter “Data” or “Personal Data”).
2) Purposes and legal basis of Data Processing
Your personal data shall be processed, without your prior consent, for the following purposes and legal basis:
3) Modalities of Data Processing
The processing of your Data is carried out, both via hardcopy and electronic modalities, by means of data collection, registration, organization, storage consultation, elaboration, amendment, selection, mining, confrontation, usage, interconnection, blockage, communication and destruction operations, in compliance with article 32 GDPR on security measures.
4) Access to data (the recipients or categories of recipients of the personal data)
Personal Data may be made accessible for the purposes mentioned above to employees and/or collaborators of Data Controller, in light of their role of persons in charge of the processing, under art. 29 of GDPR and/or to companies and third parties carrying out outsourcing activities on behalf of the Data Controller as external Data Processors, under article 28 GDPR.
Data may be also communicated, upon their request, to control bodies, police or judiciary bodies, Tax Authority, ministerial bodies and competent Authorities, local Institutions and Tax Commissions, that will process them in their quality of independent Data Controllers for institutional purposes and/or pursuant to the law during investigations and controls. Moreover, your Data may be communicated to third parties (f.e. insurance funds, independent contractors, etc.) that will process them as independent Controllers to carry out activities that are instrumental to the above purpose.
5) Data transfer
The Data Controller does not transfer your personal data in extra-UE countries.
6) Storage of Data
The Data Controller shall process the Personal Data for the time necessary to fulfill the above purposes and anyway for a period not exceeding 10 years from the termination of the contractual relationship.
7) Data subjects’ rights
The Data Controller informs, under art. 15 – 22 GDPR, that you, as Data Subject, where limitations provided by the law are not applicable, shall be able to exercise the rights anytime by sending an e-mail to dataprotection@wep.org or by post to the address of the Data controller.
More particularly, data subjects has the right to:
8) Data provision
The provision of Data for the above purposes is necessary and mandatory and any possible refusal to provide said Data entails the impossibility to establish or continue the contractual relationship with the Data Controller.
9) Automated decision making
The Data Controller does not carry on any automated decision making with your personal data.
The Data Controller
WEP SA