Privacy customers and suppliers

CUSTOMERS

Dear Data Subject,

Pursuant to Article 13 of EU Regulation 2016/679, processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and protection of your privacy and rights. Therefore, we provide you with the following information:

The Data Controller of your personal data is REFLEXX SPA, represented by Isetti Giovanni, responsible for the lawful and correct use of your personal data. You may contact the Controller for any information or request using the following details:

Head Office: Via Passeri, 2 – 46019 Viadana (MN), Italy

Contact details: Phone: +39 0375 75 88 91, Email: privacy@reflexx.com

Any joint controllers and their respective roles in your data processing can be verified in the document “Joint Controllers Agreement”, available upon request at the Controller’s premises (Art. 26, paragraphs 1–3 of the Regulation).

Purpose: Your personal data are collected and processed for the following purposes, together with the relevant legal basis:

  • Mandatory legal obligations in tax (Law no. 244/2007) and accounting matters (Articles 2214–2220 of the Italian Civil Code);
  • Customer invoicing history;
  • Customer management (contractual and pre-contractual obligations);
  • Dispute and credit management (legitimate interest);
  • Compliance with applicable legal obligations.

Operational purposes:

  • Promotional activities (explicit consent of the data subject)

Subject to your specific consent, we may send informational and/or promotional communications (including newsletters) and/or promotional materials through any means.

Processed data: Tax code and other personal identification numbers; name, address or other personal identification details (email, phone); economic, commercial and financial data; professional activity.

Recipients:

Your personal data will be processed exclusively by personnel authorized by the Controller and may be disclosed to:

  • banks, credit institutions and insurance companies providing services related to the above purposes;
  • entities processing data to comply with legal obligations (consultants and professionals, including in associated form);
  • judicial or administrative authorities, for compliance with legal obligations.

Processing methods: Your data will be processed using electronic systems and manually through paper archives; recorded and processed on magnetic and paper media and collected directly from you. Where IT tools (including web-based systems) are used, appropriate security measures are ensured.

Profiling and data dissemination: Your personal data are not subject to dissemination or to any fully automated decision-making process, including profiling.

Data transfer to third countries or international organizations: Personal data are stored in paper, IT and telematic archives located in countries where the GDPR applies (EU countries). Safeguards: EU-US Data Privacy Framework.

Retention period: Your personal data will be processed for the duration of the contract and subsequently retained for the period required by legal obligations (tax or other legal purposes): 10 years from the termination of contracts with customers (Art. 2220 Italian Civil Code; Art. 22 Presidential Decree no. 600/1973).

Rights: You may exercise your rights at any time:

  • to access your personal data;
  • to obtain rectification or erasure (right to be forgotten) or restriction of processing;
  • to object to processing;
  • to data portability;
  • to withdraw consent for one or more purposes, where applicable (without affecting the lawfulness of processing before withdrawal);
  • to lodge a complaint with the Supervisory Authority (Italian Data Protection Authority – Piazza Venezia 11, 00187 Rome, Italy);
  • and generally to exercise all rights provided for by Articles 15–22 of the GDPR.

Furthermore, providing your data is a contractual requirement; failure to provide such data constitutes a breach of contractual clauses and makes it impossible to conclude the contract.

The Data Controller
REFLEXX SPA

Version 9 Rev. 01
Date: 31/03/2026, Viadana (MN)

DEAR CUSTOMER, DOWNLOAD HERE THE FORM TO PROVIDE YOUR CONSENT DECLARATION *

SUPPLIERS

Dear Data Subject,

Pursuant to Article 13 of EU Regulation 2016/679 and in compliance with Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, processing will be carried out in accordance with the principles of lawfulness, fairness, transparency, adequacy, relevance, necessity (Art. 5 GDPR), and protection of your privacy and rights.

The Data Controller is REFLEXX SPA, represented by Isetti Giovanni, contactable at:

Head Office: Via Passeri, 2 – 46019 Viadana (MN), Italy

Contact details: Phone: +39 0375 75 88 91, Email: privacy@reflexx.com

The full list of Data Processors may be requested in the same manner.

Any joint controllers can be verified via the “Joint Controllers Agreement”.

Purpose:

  • Legal obligations in tax and accounting matters;
  • Supplier invoicing history;
  • Supplier management and service-related obligations; supplier qualification and quality evaluation;
  • Dispute and credit management (legitimate interest);
  • Compliance with applicable laws.

Processed data: identification data, contact details, economic/financial data, professional activity.

Recipients: (same categories as above)

Processing methods, profiling, transfer, retention, rights: (same principles as above, adapted to suppliers – 10 years retention after contract termination).

Providing data is a contractual requirement; failure to provide them prevents contract execution.

Signature of the Data Controller
REFLEXX SPA

Version 9 Rev. 01
Date: 31/03/2026, Viadana (MN)

DEAR SUPPLIER, DOWNLOAD HERE THE FORM TO PROVIDE YOUR CONSENT DECLARATION *

Scroll to Top