Home > SGP
Clients/suppliers (concerned by data processing) and their representatives (hereinafter referred to as “data subjects” pursuant to Article 4 paragraph 1 of the GDPR) are hereby informed that the professional relationships established with the undersigned Controller may entail the processing of personal data, in compliance with the following general principles:
     •   all data are processed in a lawful, fair and transparent way for the data subject, in
         compliance with the general principles set forth by Article 5 of the GDPR;
     •   specific security measures are taken to prevent the loss, unlawful or unfair use of or
         unauthorised access to data;
     •   the Data Controller is the undersigned Company: OVERMACH S.p.A., Via Giuseppe Righi
         12, z.i. Moletolo, 43122 Parma, Tel. 0521/771071, mail:


The Controller processes personal identification data of the client/supplier (e.g. name, surname, company name, personal/tax data, address, telephone number, e-mail, bank and payment reference data) and of his/her representatives (name, surname and contact details) acquired and used during the provision of services by the Controller.

Data are processed:
     •   to establish contractual/professional relationships;
     •   to fulfil pre-contractual, contractual and tax obligations arising in relation to the existing
         relationships, as well as to manage the required notices connected with them;
     •   to fulfil legal obligations, or obligations set forth by a regulation, the EU legislation or by an
         order issued by the Authority;
     •   in order for the Controller to exercise a legitimate interest as well as a right (e.g.: right of
         defence of legal claims, protection of claims; ordinary internal operational, management
         and tax needs).
A non-provision of said data will prevent the establishment of the relationship with the Controller. In accordance with Article 6 paragraphs b,c,f, the above-mentioned purposes provide an appropriate legal basis for the lawfulness of the processing. Should the processing be carried out for different purposes, specific consent shall be required from the data subjects.


Personal data are processed by means of the operations indicated in Article 4 no. 2) GDPR, more specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, denial, disclosure, erasure and destruction of data. Personal data are processed both by paper and by electronic and/or automatic means. The Controller shall process personal data for the amount of time required to fulfil the purposes for which they have been collected and the related legal obligations.


Data are processed by internal individuals, who are duly entitled and instructed to the processing in compliance with Article 29 of the GDPR. The scope of disclosure of personal data may also be requested, obtaining precise indications as to whether there are external individuals acting in the capacity of autonomous Processors or Controllers (consultants, specialists, bank institutions, carriers, etc.). It is also hereby stated that personal data may be subject to an intercompany disclosure among the Group’s companies. Data are not disclosed or handed over to extra-EU countries. Should it be necessary, within the context of tender procedures or contracts or for the fulfilment of regulatory obligations (e.g.: joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.) acquiring from clients/suppliers their employees’ personal data, the parties hereby agree that the undersigned company shall be authorised to the processing of such data in the capacity of External Processor (Article 28 of the GDPR) or of authorised subject (Article 29 of the GDPR). Within such relationship, the undersigned company commits itself to processing such data in compliance with the compliance requirements provided for by the GDPR, ensuring that it will only disclose data to other subjects within the context of specific legal obligations.

At any time, the data subject can exercise the right to:
     •   request confirmation of the existence or otherwise of personal data.
     •   obtain information about the purposes of the processing, the categories of personal data,
         recipients or categories of recipients to whom the personal data have been or will be
         communicated and, where possible, the retention period.
     •   obtain data correction and deletion.
     •   obtain treatment limitation.
     •   obtain data portability, that is receive them from a data controller, in a structured format,
         commonly used and readable by automatic device, and transmit them to another data
         controller without hindrance.
     •   oppose the processing at any time and also in the case of treatment for direct marketing
     •   oppose an automated decision-making process concerning individuals, including profiling.
     •   propose a complaint to the Italian Data Protection Authority.
Overmach Macchine Utensili

OVERMACH S.p.A. Via Giuseppe Righi, 12 - z.i. Moletolo - 43122 Parma
Ph.+39.0521.771071 (r.a.) Fax +39.0521.771291
tax code and P.IVA 02372890349 - Share Capital €20.000.000 i.v.
R.E.A PR 232533 - Reg. Imp. PR 02372890349
Overmach authorizes you to view the content available on this website for your personal and non-commercial purposes. Access to the resources of this website constitutes acceptance of the Terms of Use.