Privacy notice: Customers and Suppliers

Coster Group / Privacy notice: Customers and Suppliers


(Articles 13 and 14, EU Regulation 2016/679)



EU Regulation 2016/679 on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter “EU Regulation 2016/679” or “GDPR”) sets out a series of rules aimed at ensuring that the processing of personal data is conducted in respect of the fundamental rights and freedoms of individuals. Therefore, pursuant to Articles 13 and 14 of the GDPR, we inform you that your personal data will be processed in compliance with the current legislation on data protection and according to the methods and for the purposes indicated below.


1. Data Controller

The Data Controller is Coster Tecnologie S.p.A. (Tax Code and VAT No. 00123490229 ), with registered office at  viale Trento, 2 – 38050 Calceranica al Lago (TN) – Italia, represented by its pro tempore legal representative (hereinafter “Coster” or the “Controller”).


2. Types of Data Processed

During the relationship with customers and suppliers, we will collect and process the following categories of personal data:

  • Identification and contact data (name, surname, address, telephone number, email, etc.).
  • Data related to the contractual relationship (contract details, orders, deliveries, payments, etc.).
  • Financial and payment data (bank details, payment terms, etc.).


3. Purpose of Processing

Your personal data will be processed for the following purposes:

  • Management and administration of the contractual relationship with customers and suppliers.
  • Compliance with legal and contractual obligations.
  • Communication and contact for matters related to the contractual relationship.
  • Performance evaluation and quality control of the products/services provided.


4. Legal Basis for Processing

The legal basis for processing your personal data is based on:

  • The execution of the contract of which you are a party.
  • Compliance with legal obligations to which the Controller is subject.
  • The legitimate interest of the Controller for administrative and internal management purposes.


5. Methods of Processing

The processing of personal data will be carried out using manual, IT, and telematic tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data.


6. Data Retention

Personal data will be retained for the time strictly necessary to achieve the purposes for which they were collected, except for the necessity of further retention for legal obligations or the protection of the Controller’s rights.


7. Data Communication

Your personal data may be communicated to:

  • Public entities and administrations for legal compliance.
  • External consultants and professionals who collaborate with the Controller for the management of the contractual relationship.
  • Third-party companies entrusted with administrative or technical services on behalf of the Controller.


8. Rights of the Data Subject

As a data subject, you have the right to:

  • Obtain confirmation of the existence or otherwise of personal data concerning you and their communication in an intelligible form.
  • Know the origin of the data, the purposes of processing, the methods of processing, the subjects, or categories of subjects to whom the data may be communicated.
  • Obtain the updating, rectification, or integration of the data.
  • Obtain the deletion, transformation into anonymous form, or blocking of data processed in violation of the law.
  • Object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection.
  • Lodge a complaint with a supervisory authority


9. Exercise of Rights

The Data Subject can exercise their rights at any time by sending a registered letter with return receipt to: Coster Tecnologie S.p.A., viale Trento, 2 – 38050 Calceranica al Lago (TN) – Italia, to the attention of the pro tempore legal representative, or by sending an email to the following email address: privacy(at)


10. Changes to this Privacy Notice

The Data Controller reserves the right to make changes to this privacy notice at any time, giving notice to the Data Subjects by publishing it on the company website or through other appropriate means. Therefore, we invite you to regularly consult this notice to stay informed of any changes.


11. Transfer of Personal Data Outside the EU

The personal data of the Data Subject are processed by the Company within the territory of the European Union and are not disseminated. If necessary, for technical or operational reasons, the Controller reserves the right to transfer the Data Subject’s data to countries outside the European Union. In this regard, the Company assures that the transfer of data outside the EU will be regulated in compliance with the provisions of Chapter V of the Regulation and authorized based on specific decisions of the European Union. Therefore, all necessary precautions will be taken to ensure the total protection of personal data, basing such transfer: a) on adequacy decisions of the third countries recipients expressed by the European Commission; b) on adequate guarantees provided by the third-party recipient pursuant to Article 46 of the Regulation; c) on the adoption of binding corporate rules.



This privacy notice is specifically designed for customers and suppliers and covers all necessary aspects of personal data processing in compliance with the GDPR. If you need further details or specific customizations, do not hesitate to ask as at point 9.