Privacy Disclosure - Suppliers

(Pursuant to articles 13 and 14 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, the so-called General Data Protection Regulation or GDPR)

Dear Supplier,

In accordance with Regulation (EU) 2016/679 (the GDPR) and the applicable Italian regulations, we wish to inform you about how BANCA FINNAT EURAMERICA S.p.A., (the Bank), based in Rome, Piazza del Gesù 49, uses your personal data, in relation to the contracts concluded with your company.

Pursuant to articles 13 and 14 of the GDPR, the personal data you supply us (or which is otherwise collected by us, in accordance with the applicable regulations), in relation to and/or instrumental for fulfilling the contracts under way, may be processed by us in accordance with the principles of adequacy, transparency, lawfulness and fairness and the obligation of confidentiality.

Purposes of the personal data processing

Your personal data will be processed in accordance with the Bank's ordinary activities, based on the contract needs and the ensuing legal and contractual obligations, as well as to ensure the best possible business management and for the purposes outlined below:

  1. Legal: purposes relating to the fulfilment of all legal obligations, as set out in the applicable laws and regulations and other provisions or measures laid down by the Data Protection Authority. In this case, the supply of personal data is compulsory and your consent is not required;
  2. Contractual: purposes strictly related to and instrumental for the management of contracts entered into with the Bank's suppliers, which, generally speaking, are of an administrative and accounting nature and are collected for the purpose of fulfilling the obligations arising out of the contracts, which the supplier is required to perform, before and after the conclusion of the contract, or if specifically requested, also using distant means of communication, including telephone calls with an operator, text messages and emails. In this case, your consent is not required, because the data processing is functional to the management of the contract or the execution of the requests;
  3. Functional: purposes relating to the Bank's activities, regarding which the data subject/supplier may give or refuse their consent, on a case by case basis.

The processed data is necessary for fulfilling the contract entered into with our Bank and may be completed with data produced as a result of the contract relationship, in the event of default, failure to comply, insolvency proceedings, winding up, or other reasons. Finally, since your personal data is provided in relation to the performance of obligations arising out of a contract, to which you are a party, your consent is not required, pursuant to article 6(1)(b) of the GDPR.

Manner of processing of the data

Your personal data is processed, for the above mentioned purposes, by means of manual, digital and online instruments, using a logic that is strictly related to the processing purposes and, in any case, in such a manner as to ensure data security and confidentiality. In any case, data protection shall also be ensured once the Bank has put into place its innovative channels.

Categories of entities to which your personal data may be disclosed

  1. Within the Bank, your data may be disclosed to the data processors, or to other persons mandated to process the data, as well as to our employees or collaborators, for any reason, and the internal and external organisation units performing technical, support and auditing tasks on behalf of the Bank.
  2. The Bank may outsource some of activities related to the management of business relations with suppliers to external companies, such as:
    1. companies, entities and consortiums providing processing services or activities that are instrumental to those of the Bank;
    2. entities authorised to access your personal data by any kind of law (primary or secondary legislation, EU community law);
    3. companies engaged to provide document filing services, in respect of business relations with suppliers;
    4. debt recovery companies;
    5. professional operators responsible for management IT systems and telecommunications networks, besides the development and management of IT procedures;
    6. firms and companies providing support and advisory services.

Processors designated by the Bank, and constantly updated, is also available at our headquarters. Your personal data may also be disclosed to and processed by the Holding Company and its part-owned companies in Italy and the other EU countries, for the above mentioned purposes.


The data storage period depends on the type of relationship established with the Data Controller. Therefore, no standard storage period may be defined. In any case, your data will be stored for a period of no more than ten years from the conclusion of the last contract, except if legal proceedings of any kind are brought, to which the Bank is a party.


The Supplier, being a data subject, may at any time exercise its rights towards the Data Controller or Data Processor, in accordance with articles 15-21 of the GDPR.

Therefore, you are entitled to:

  1. withdraw your consent, if provided, at any time, without affecting the lawfulness of the processing based on consent before its withdrawal;
  2. obtain confirmation of whether or not there is any data concerning you, even if it hasn't yet been recorded, and to communicate the said data in a legible format;
  3. obtain information about:
    1. the origin of the personal data;
    2. the purpose and manner of processing;
    3. the logic applied, in the event of electronic processing of the data;
    4. the details of the Data Controllers, Processors and representatives, as designated, in accordance with article 5, paragraph 2;
    5. the entities, or categories of entities, to which your data may be disclosed or who may become acquainted with the data in the capacity of designated representatives in the State, of processors or persons mandated to process the data;
    6. designated in the territory of the State, of managers or appointees./li>
  4. obtain:
    1. the updating and rectification of your data or, if interested, the completion of any incomplete data;
    2. the deletion, pseudonymisation or blocking of any data processed in breach of the applicable regulations, including those the storage of which is not required, in relation to the purposes for which they were collected or subsequently processed;
  5. object, in full or in part:
    1. for legitimate reasons, to the processing of any personal data, even if relevant to the reasons for which they were collected;
    2. to the processing of your data for the purpose of sending advertising materials or direct sales or for conducting market surveys or other commercial notices;
  6. to obtain from the Data Controller restriction of processing where one of the following applies:
    1. if the data subject contests the accuracy of the personal data;
    2. the processing is unlawful and the data subject opposes the erasure of the personal data
  7. receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;
  8. object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) (lawfulness of processing), including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

In order to exercise your rights, please send a written request to the Data Controller or Processor, who undertakes to reply with the utmost haste. The request made to the Data Controller or Processor may also be sent by registered letter, email or fax to the following address

Data Controller:
Banca Finnat Euramerica S.p.A
Piazza del Gesù, 49
Tel. 06.69933.1

Data Processor:
Arturo Nattino
Banca Finnat Euramerica S.p.A
Piazza del Gesù, 49
Tel. 06.69933.1

Pursuant to article 37 of the GDPR, the Data Controller has appointed to the position of Data Protection Officer Ms. Debora Scatolini, based at Banca Finnat Euramerica S.p.A., Piazza del Gesù 49, Rome; Tel. 06.69933.566; email

Building a great asset takes experience, attention and forward-thinking.
Banca Finnat is here to protect and support you along the way.