Information on processing of personal data, pursuant to art. 13 of the Regulation (EU) 2016/679.


Pursuant to art. 13 of the Regulation (EU) 2016/679 (hereinafter referred to as “GDPR 2016/679”), on the protection of natural persons with regard to the processing of personal data, we would like to inform you that the personal data you provide will be processed in compliance with the aforementioned legislation and the confidentiality obligations to which the undersigned Company is bound. It is the customer / supplier’s responsibility to provide the information to its internal staff who have direct contacts with CMB.

Controller of the processing of personal data

Controller of the processing of personal data is C.M.B. Società Cooperativa Muratori e Braccianti di Carpi – 101, Via Carlo Marx – 41012 Carpi (MO). Email address

Legal basis of the processing

The personal data provided are processed on the basis of the law, to fulfill a contract or in a pre-contractual phase.

Purpose of the processing

a) Execution of obligations arising from a contract to which you are a party or to fulfill your specific requests before or after the execution of the contract;
b) Fulfillment of legal obligations of an administrative, accounting, civil and tax nature, national and community regulations and laws;
c) Achieve effective management of business relationships (acquisition of pre-contractual data and information, control of reliability and solvency, etc.);
d) Protection of contractual rights and management of any litigation.
In the event that needs arise that lead to the need to modify or integrate the aforementioned purpose, we will promptly inform you.

Nature of the provision and consequences of any refusal to provide the requested data

The provision of your personal data is necessary and therefore your refusal to provide them or subsequent processing will make it impossible to establish relations with the undersigned company.

Processing methods

The processing will be carried out in an automated and / or manual form, with appropriate methods and tools, adopting appropriate technical and organizational measures to guarantee a level of security appropriate to the risk.
The processing does not include automated decision-making processes.

Storage period

Your personal data will be kept no later than the time set by law or, if higher, by contractual obligations. By law, the administrative and accounting data will be kept for 10 years.
In the event of a dispute between the companies, they may be kept until the dispute is definitively settled.

Scope of communication and disclosure

The subjects or categories of subjects to whom your data will be communicated or may be communicated, and who will act as independent controllers or as processors according to the attributions are, by way of example:
a) Agencies and or government offices in general
b) Banks, credit institutions, credit centers
c) Insurance companies,
d) Notaries, lawyers and professional firms and consultants in general,
e) Central Credit Register and Company of commercial information and creditworthiness assessment, credit recovery company,
f) Revenue Agency,
g) Companies that provide services to support marketing activities,
h) Associated and controlled companies,
i) Subcontractors,
j) our data processors for the exclusive fulfillment of the purposes already highlighted.
In all other cases, the communication of data will be made only subject to the release of your consent.

The personal data in our possession will not be disclosed.

Transfer of personal data

Without your express consent, your personal data will not be transferred to third countries outside the European Union.

System Administrator

Your personal data may be processed incidentally / residually by the administrators of systems identified within the organization and in relation to the various information systems to which they are responsible. The controller will make the names of the System Administrators known to all employees.

Rights of the data subject

At any time, you can exercise, pursuant to the GDPR 2016/679, the right to:
a. ask for confirmation of the existence of your personal data;
b. obtain information on the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period;
c. withdraw the consent;
d. obtain the rectification, erasure of personal data or the restriction of processing;
e. lodge a complaint with a national supervisory authority;
f. obtain data portability, namely to receive them by the controller in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance, where the processing is carried out by automated means and is technically feasible.
g. object at any time to processing of personal data;
h. object to an automated individual decision – making, including profiling.
You can exercise the aforementioned rights by contacting the Data Controller.

Right to lodge a complaint with the Supervisory Authority

Each data subject may lodge a complaint with the Supervisory Authority for the Protection of Personal Data in the event that he believes that the rights he holds under the GDPR have been violated, by writing to or in the manner indicated on the website of the Supervisory Authority accessible at the address: