PROCUREMENT

QUALITY POLICY

idi S.r.l. believes that the future of the company is aimed at achieving maximum customer satisfaction, while also adopting appropriate measures to minimize environmental impact.
In order to guarantee a product / service based on the maximum satisfaction of its Customers, and more generally, of all interested parties, it undertakes to pursue a policy based on the ability to better manage all the competitive levers of its business area and defines the following principles as a reference for its Quality Policy:

Attention focused on the customer and interested parties

idi S.r.l. is committed to understanding customer needs and plans its activities to fully satisfy them.
In the same way it operates in compliance with the requests and requirements:

• Of the reference market;
• Of the country in which it operates, complying with laws and regulations with a special emphasis on protecting the environment;
• Of all the parties involved in their processes considered critical.

Process approach

idi S.r.l. identifies the various activities of its organization as processes to be planned, monitored and constantly improved and activates the resources for their implementation in the best possible way. idi S.r.l. manages its own processes to be unique:

• The objectives to be pursued and the expected results;
• The related responsibilities and the resources used.

Leadership

idi S.r.l. assumes responsibility for the effectiveness of its Quality Management System, making all the necessary resources available and making sure that the planned objectives are compatible with the context and strategic guidelines.
idi S.r.l. communicates the importance of the Quality Management System and actively involves all stakeholders, coordinating and supporting them and promoting resource optimization.

Risk and opportunity evaluation

idi S.r.l. plans its processes with a risk-based thinking approach in order to implement the most suitable actions to:

• Evaluate and deal with the risks associated with the processes;
• Exploit and reinforce identified opportunities.

idi S.r.l. promotes at all levels an adequate sense of proactivity in the management of one's own risks / opportunities.

Involvement of staff and stakeholders

idi S.r.l. is aware that the involvement of staff and all stakeholders, combined with the active participation of all collaborators, are a primary strategic element.
It promotes the development of internal professional skills and the careful selection of external collaborations in order to equip themselves with competent and motivated human resources.

Health and Safety at work

idi S.r.l. is committed to promoting the culture of health and safety at work, protecting human rights and workers, and enhancing human capital.

Improvement

idi S.r.l. has a permanent objective to improve the performance of its Quality Management System. The preliminary assessment of the risks and opportunities connected to company processes, the internal and external verification activities, and the management review are the tools that idi S.r.l. puts in place to constantly improve.
The tool chosen by idi S.r.l. to pursue the principles of the Quality Policy is a Quality Management System compliant with the UNI EN ISO 9001 standard.

the management

This information is provided in observation of art. 13 of Regulation 2016/679 (GDPR), pursuant to art. 13 of the legislative decree n. 196/2003 (Code regarding the protection of personal data) to users who access the website www.idispa.com and relates to all personal data processed in the modality indicated below.

HOLDER OF THE TREATMENT
The Data Controller of the personal data collected is idi, Via C. Boncompagni, 3/B, 20139 (MI) – Owner contact email: idimain@idispa.com

COLLECTED DATA
The personal data processed are collected as provided directly by the interested parties or, in the case of usage data, collected automatically when using this website www.idispa.com

What kind of personal data do we collect?

• APPLICANT DATA: In order to assess whether you are in line with employment opportunities at our company, we need to process some information about you. We only ask for the data that we actually need to assess your suitability, such as name, age, contact details, education, career, emergency contacts, residence permit.
• CUSTOMER DATA: If you are an idi customer, we need to collect and use information about you or the individuals operating in your organization in order to provide you with our services.
• SUPPLIER DATA: We request some information from suppliers that are necessary to ensure the smooth running of the employment relationship.
  We need the contact details of the relevant individuals operating in your organization so that we can communicate with you.
  We also need other information such as bank details so that we can pay you for the services you provide to us (if this is part of our contractual arrangements).
• WEBSITE USERS: we do not collect data from visitors to our website.

How do we collect your personal data?

• APPLICANT DATA: We collect your personal data directly from you by sending your CVs
• CUSTOMER DATA: The ways in which we collect your personal data are mainly two:
  1. directly from you and
  2. from third parties and other limited sources (e.g. online and offline media).
• SUPPLIER DATA: We collect your personal data in the course of our business with you.
• WEBSITE USERS: We do not collect your data via cookies when you visit our website

LEGAL BASIS AND PURPOSE OF THE TREATMENT
The data are processed exclusively for the purposes for which they are collected, as described below.
We use the data provided by the interested parties to:

• APPLICANT DATA: The main reason for using your personal information is to assess whether you are in line with the job positions open at our company at a given time.
• CUSTOMER DATA: The main reason for using customer information is to ensure the proper implementation of the contractual agreements between the parties to ensure the smooth running of our relationship.
• SUPPLIER DATA: The main reasons for using your personal data is to ensure the proper implementation of the contractual agreements between the parties in order to ensure the smooth running of our relationship, and the satisfaction of legal requirements.
• WEBSITE USERS: We do not use your data unless you send your CV.

The provision of the data listed in the "Collected Data" section for the purposes set out above is mandatory to allow the user to access the service. For this reason, consent is mandatory and any refusal to process or the failure, inaccurate or partial provision of data could result in the impossibility of a correct provision of the service.

idi does not provide third parties with any user information without their consent, except where required by law. In any case, the dissemination and transfer of data outside the EU area is excluded.

DATA PROTECTION
We care about the protection of your information, so we have taken appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of your data.

METHOD OF TREATMENT
Personal data are processed with automated and analog tools (paper) for the time strictly necessary to achieve the purposes for which they were collected, in any case providing for the annual verification of the data stored in order to delete those deemed obsolete, unless the law does not provide for archiving obligations.

Data processing usually takes place at the idi headquarters (Via C. Boncompagni, 3/B, 20139, Milano) by personnel or external collaborators duly designated as data processors. The complete list of data processors and persons in charge of processing personal data can be requested by sending a specific request to the address idimain@idispa.com

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

DATA STORAGE
We keep the data provided by the interested parties in the following ways:

• APPLICANT DATA: they are kept for a period of 5 years, unless requested by the interested party for cancellation or modification.
  For employees and external collaborators, the data are kept at least for the entire duration of the employment relationship.
• CUSTOMER DATA: they are kept for the entire period in which there are contractual agreements between the parties to ensure the smooth running of our relationship and subsequently until the owner requests its modification or cancellation unless the law provides for archiving obligations.
• SUPPLIER DATA: they are kept for the entire period in which there are contractual agreements between the parties to ensure the smooth running of our relationship and subsequently until the owner requests their modification or cancellation unless the law provides for archiving obligations.
• WEBSITE USERS: nwe do not keep your data unless you send your CV.

We are authorized to keep personal data for a longer period if you have given us your consent to such processing, provided that such consent is not withdrawn. Furthermore, we may be obliged to retain personal data for a longer period when required for the performance of a legal obligation or on the order of an authority.

REVOCATION OF CONSENT
The interested party can revoke his consent to the retention of data immediately, by sending a request to the email address idimain@idispa.com.

RIGHTS OF THE INTERESTED PARTY
Pursuant to art. 7 of the Privacy Code and art. 13 GDPR, each user has the right to obtain confirmation of the existence or not of his personal data, even if not yet registered, and their communication in an intelligible form.

In particular, the interested party has the right to obtain from idi the indication:

• the origin of personal data;
• the purpose and methods of treatment;
• the logic applied in the event of processing carried out with the aid of electronic / IT tools;
• the identification details of the owner, of the managers and of the designated representative;
• of the subjects and categories of subjects to whom the data may be communicated or who can learn about them as appointed representative in the State, managers or agents.

Furthermore, the interested party has the right to obtain from idi:

• updating, rectification or integration of their data;
• the cancellation, transformation into anonymous form or blocking of data processed in violation of the law;
• access to their data, i.e. confirmation that personal data concerning them is being processed or not
• the limitation of the processing, the portability of the data, that is the right to receive the personal data concerning him in a structured format;
• right of complaint to the supervisory authority.

Finally, the interested party has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection.

In particular, the interested party has the right to object to the processing of personal data concerning him for the purpose of sending commercial advertising material or direct sales or for carrying out market research or commercial communication. The requests referred to in the previous points must be sent by email to idimain@idispa.com

UPDATES AND CHANGES
idi reserves the right to modify, supplement or periodically update this information in compliance with the applicable legislation or the measures adopted by the Guarantor for the protection of personal data.

The aforementioned changes or additions will be brought to the attention of the interested parties via a link to the Privacy Policy page on the website and / or will be communicated directly to the interested parties by email.

We invite users to review the Privacy Policy regularly, to check the updated information and decide whether or not to continue using the services offered.

What are cookies and how do we use them?

"Cookies" are small data files that are stored on the user's hard drive when the user accesses a particular website, with the purpose of storing some information.
Cookies are used by almost all websites and do not damage the system.

Types of cookies

There are different types of cookies:

• TECHNICIANS, services used to facilitate user navigation (see Article 122, paragraph 1 of Legislative Decree 196/2003 and subsequent amendments);
• ANALYTICS, used to evaluate the effectiveness of a service provided or to help measure its "traffic" (statistical purposes);
• PROFILING, used to monitor user behavior while browsing.

Our website only uses technical cookies which are absolutely essential for the correct functioning of the website and do not require the registration of user's personal identification data.
For the used cookies (session cookies), pursuant to art. 122 of the privacy code and the Provision of the Guarantor of 8^th May 2014, no consent is required from the interested party.

List of cookies on the Website

NAME	TYPE	FUNCTION	RETENTION TIME
PHPSESSID	TECHNICAL	Session cookies: guarantees the persistence of server-side information in the face of new client requests.	Session

Cookie: Guidelines of the Privacy Guarantor for the protection of users

More information from the Guarantor for the protection of personal data here

How to disable / delete cookies

Through the browser settings, the user can:

• manage your cookie preferences directly within your browser, preventing their installation;
• delete from your browser the cookies already installed, including the cookie in which the consent, possibly given by the user, to the installation of cookies by the site has been saved.

The user can find information on how to manage cookies through his browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, Microsoft Edge, Opera,
For profiling cookies, the user can also set their preferences through the site: Your Online Choices