Suppliers Privacy Policy

Per leggere questo testo in italiano:
informativa privacy fornitori

Information and consent pursuant to art. 13 of the European Regulation n. 679/2016 and of the national legislation regarding the protection of personal data for the processing of suppliers’ personal data.

Pursuant to Article 13 of the European Regulation on the protection of personal data (hereinafter also GDPR), Italdesign-Giugiaro S.p.A., as Data Controller pursuant to Article 24 GDPR, provides the following information:

A) Data Controller and Data Protection Officer

The Data Controller is Italdesign Giugiaro S.p.A., with registered office in Turin, Via San Quintino 28 and operational headquarters in Moncalieri (TO), via Achille Grandi 25, which can be contacted by sending an e-mail to or by sending a registered letter to the attention of the Head of Legal & Governance, c / o Italdesign – Giugiaro S.p.A., via Achille Grandi, 25, Moncalieri (TO).

The Data Protection Officer (DPO) can be contacted by sending an e-mail to

B) Purposes of the processing

The processing of data is carried out as part of the activity of our Company for the following purposes:

  • Management of the pre-contractual relationship and qualification of the supplier according to company policies;
  • Management of the contractual relationship with you or with your Company;
  • Management of any disputes, credit protection activities and the possible assignment of the same;
  • Fulfillment of obligations under laws, regulations and community regulations, including accounting and tax;
  • Compliance with the provisions issued by authorities legitimated by law and by judicial, supervisory and control bodies.

C) Methods of data processing

Personal data are processed by the Data Controller in compliance with the principles of lawfulness, correctness and transparency.

The processing of your personal data is carried out by means of the following operations: collection, registration, organization, structuring, storage, consultation, adaptation or modification, use, dissemination, communication, extraction, comparison, interconnection, limitation, cancellation and destruction of data. Your personal data are processed both on paper and electronically. The Data Controller will process your personal data for the time necessary to fulfill the purposes referred to in point B, and in any case no later than 30 years from the end of the contractual relationship.

After 10 years from the end of the contractual relationship, access to data will be limited to the Managers of the Purchasing Office and the Managers of the Legal & GRC Office.

After 20 years from the end of the contractual relationship, access to the data will be limited to the Managers of the Legal & GRC Office to guarantee the legitimate exercise of the right of defense of the Data Controller.

In the event that, at the end of the qualification procedure, the contract is not signed, the Data Controller will keep your data for a period of 10 years from the communication of data.

D) Nature of the provision of data

The provision of data is optional, but their communication is strictly essential to be able to execute contractual and legal obligations. Any total or partial refusal to provide your data will preclude the establishment of a contractual relationship with you, as the Data Controller will be unable to comply with the related legal and / or contractual obligations.

E) Subjects and categories of subjects with whom the data may be shared

In addition to Italdesign-Giugiaro S.p.A. personnel authorized to process your data and to the persons appointed as external Data Processors, the above data may be communicated to the subjects listed below:

  • Other companies of the Italdesign-Giugiaro S.p.A. group that may need it as part of the performance of their activities;
  • Other companies of the Volkswagen/Audi group;
  • Customer companies and/or business partners of the Data Controller;
  • Consultants, collaborators, individuals, companies and professional firms – to which the Company relies (law firms, labor consultants, banking institutions, insurance companies, accounting firms, auditing firms);
  • Public or private subjects for the obligations required by law.

F) Data transfer

Your data are stored on servers located within the European Union at the operational headquarters of the Data Controller. In relation to the purposes referred to in point B, the Data Controller does not need to transfer your data to countries outside the European Union. Where the transfer of data outside the EU is necessary in relation to the purposes set out in point B, the Data Controller hereby ensures that such transfer will take place in full compliance with one of the conditions set out in Chapter V of the GDPR.

G) Data subject’s rights

In accordance with the articles 15 (Right of access), 16 (Right to rectification), 17 (Right to erasure), 18 (Right to restriction of processing), 20 (Right to data portability), 22 (Right to not be subject to the automated process), 77 (Right to flodge a complaint to the Supervisory Authority) of the GDPR, the subject can exercise his rights by writing to the e-mail address

Please note that you have the right to revoke your consent at any time by accessing the area “Human Resources & Organization” within the dedicated section.

Best regards,

The Data Controller

Italdesign – Giugiaro S.p.A.