Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679

On the protection of individuals with regard to the processing of personal data

TMR Srl a socio unico, as data controller informs you, pursuant to Articles 13 and 14 of European Regulation 679/2016 on the protection of personal data (“GDPR”) of the following.


The data controller, i.e., the person who makes the decisions regarding the methods and purposes of processing, is TMR Srl a socio unico, with registered office in Sant’Agata di Militello (ME), C. da Cuccubello 41/A, CF and P. IVA 02584510834. The Data Protection Officer, who is the figure in charge of the supervision about the compliance with the data protection regulations, can be contacted at the e-mail address info@tmr.cloud or by writing to the head office of TMR Srl.


This policy covers the processing of personal data of the following categories of individuals:

a) Suppliers and/or Developers and/or Managers and/or Principals who are individuals or sole proprietorships with whom TMR Srl has contractual relationships (hereinafter the “Contract“), as well as those with whom negotiations functional to the establishment of a contractual relationship are in progress (hereinafter, jointly referred to as the “Suppliers.”); or

(b) legal representatives, members of corporate bodies who are natural persons (e.g., partners, directors, auditors, etc.), attorneys, employees and collaborators, as well as other persons with representative or managerial powers within the business organization of the Suppliers, (hereinafter, jointly referred to as the“Interested Parties“).

TMR Srl may, therefore, process the personal data that will be disclosed during the Supplier selection process, including through the completion of the qualification questionnaire, which is necessary to assess the possession of the capacity and suitability requirements required by its Supplier Qualification Manual. In addition, TMR Srl may collect additional information at the time of signing the Contract and subsequently during the execution of the Contract. Personal data processed by TMR Srl may include, but are not limited to, names, qualifications, telephone numbers, tax code, data contained in identification documents, payment and banking data, possibly company name and e-mail addresses. In addition, any information required to comply with applicable regulations may be collected, including attestations of compliance and other information necessary to avoid contributory liability, and on the Supplier’s possession of specific authorizations, permits, and licenses, which may incidentally include information on individuals.

Personal data that TMR Srl collects in connection with the management of the contractual relationship and in any pre-contractual stages may be provided:

(a) directly by the Interested Party, if the Provider is a natural person or sole proprietorship; or

b) by the Supplier, where the interested parties are internal contacts of the Supplier assigned to the management of the Contract, as well as figures who hold certain functions or qualifications, such as apical roles within the Supplier’s business organization, including the president, managing/unique director, attorney, legal representative.

Some information, relating for example to representatives and attorneys, is also acquired and/or verified from public sources, for example, registers and lists available from Chambers of Commerce, business information services, or public registers.


Data processing is carried out by TMR Srl in the performance of its economic and commercial activities for purposes related to the establishment, management and execution of business relationships, including pre-contractual relationship management. Specifically, the data provided by Data Subjects will be processed for the following purposes:

(a) the conduct of negotiations, the performance of pre-contractual activities and the execution of the Contract, including billing and administrative and accounting management;

b) proceed to the selection of Suppliers, including through checks on the Supplier’s fulfillment of pay, contribution and tax obligations, in accordance with the Supplier qualification process and the rules contained in the policies, procedures, codes and internal models adopted by TMR Srl;

c) to assert and defend the rights of TMR Srl, including in debt collection procedures;

(d) for performing data aggregation operations for analysis to optimize operational efficiency and improve business strategies;

(e) for the purpose of carrying out activities functional to business and business unit disposals, acquisitions, mergers, demergers, or other transformations, and for the execution of such transactions (the purposes under (b) to (e) are jointly referred to as the “Purposes of Legitimate Interest”); and

(f) to fulfill obligations arising from the law, regulations or EU legislation for example on tax, corporate, labor law and accounting matters, including complying with the relevant requirements and making notices to the relevant authorities and supervisory bodies and to comply with requests from them (the “Purposes of Law”).


The data processing is necessary with reference to the Contractual Purposes referred to in paragraph 3 letter a) given its essentiality in order to enable the proper establishment and execution of the Contract. Refusal to provide the data for the above Contractual Purposes would result in preventing the conclusion of the Contract, and if already concluded, to continue its execution.

The processing of data for the Purposes of Legitimate Interest referred to in paragraph 3 letters b) to (e) shall be carried out in accordance with Article 6, par. f) of the GDPR for the pursuit of the legitimate interests of TMR Srl to select appropriate Suppliers in order not to incur in hypotheses of joint and several liability introduced by the legislation, to carry out extraordinary corporate transactions and to protect its economic interests, which are fairly balanced with the legitimate interest of the Interested Parties, as the data processing activity is limited to what is strictly necessary for the execution of the operations required for these purposes. Processing for the Purposes of Legitimate Interest is not obligatory and Data Subjects may object to such processing in the manner set forth in this notice, but should the Data Subject object to such processing, his or her data may not be used for Purposes of Legitimate Interest, except where there are overriding compelling legitimate reasons or for the exercise or defense of a right by TMR Srl.

The processing of data is obligatory with reference to the Purposes of the Law referred to in paragraph 3) letter f) and refusal to provide the data will result in the impossibility of entering into the Contract and its execution.


The data will be processed by TMR Srl with electronic and manual systems in accordance with the principles of fairness, loyalty and transparency provided for in the applicable legislation on the protection of personal data and protecting the confidentiality of the Data Subject through technical and organizational security measures to ensure an adequate level of security.


Personal data collected for the purposes set forth in paragraph 3 above will be retained for a period equal to the term of the Contract and for 10 years after the termination of the Contract, except where retention for a later period is required for any litigation, requests of the competent authorities, or pursuant to applicable regulations.


The data will be processed, to the extent necessary, by authorized, adequately educated and trained personnel of TMR Srl, as well as by personnel of third parties, to whom the data will be communicated, who provide services to TMR Srl and process the data as external data processors, such as:

  • Individuals who carry out control, review and certification of the activities carried out by TMR Srl;

  • Legal, administrative and tax consultants who assist TMR Srl in carrying out its activities;

  • IT service providers (e.g., hosting providers) and third-party companies, including TMR Srl companies;

  • banking institutions for the management of collections and payments arising from the execution of the Contract;

  • subcontractors and/or subcontractors engaged in activities related to the performance of the Contract.

Data may also be communicated to public bodies and/or judicial and/or supervisory authorities, as autonomous data controllers, in case of request and to fulfill legal obligations. The complete and up-to-date list of data processors acting as external data controllers is available upon request to the Data Protection Officer.


Under no circumstances will the data be disseminated or generally transferred outside the European Union. However, for specific needs related to the location of the third party with whom the data may be shared, as described above, some data may be transferred outside the European Economic Area to countries that offer adequate protection but also to third countries, including the United States. With reference to transfers outside the territory of the European Union to countries not considered adequate by the European Commission, TMR Srl takes suitable and appropriate security measures to protect the data of the data subjects. Consequently, any transfer of data to countries located outside the European Union will, in any case, take place in compliance with the appropriate and adequate safeguards for the purposes of the transfer itself, such as the standard contractual data protection clauses, in accordance with the applicable legislation and in particular Articles 45 and 46 of the GDPR (copies of the commitments made by the third parties in the context of these clauses may be requested by means of a request to be sent to the Data Protection Officer at the contacts indicated below).


The data subject may exercise, in connection with the data processing described therein, the rights provided by the GDPR (Articles 15-21), including:

  • Receive confirmation of the existence of the data and access to its content (access rights);

  • Update, modify and/or correct data (right of rectification);

  • Request the deletion or restriction of the processing of data processed in violation of the law including data whose retention is not necessary in relation to the purposes for which the data were collected or otherwise processed (right to be forgotten and right to limitation);

  • object to the processing in particular where it considers that the legitimate grounds necessary for the purposes of processing by TMR Srl have ceased to exist (right to object);

  • receive an electronic copy of the data concerning him or her as a data subject, when such data has been rendered in the context of the Contract, and request that such data be transmitted to another data controller (right to data portability).

In addition to the above, pursuant to Article 2-terdecies of Legislative Decree no. 196/2003 as subsequently amended, in the event of the death of the Interested Party, the aforementioned rights referring to his or her data may be exercised by the person who has an interest of his or her own, or acts for the protection of the Interested Party as his or her proxy, or for family reasons deserving protection. The Interested Party may expressly prohibit the exercise of some of the rights listed above by assignees by sending a written statement to TMR Srl. The declaration may be revoked or changed later in the same manner.

Please note, however, that some of the rights in the above section can only be exercised under specific circumstances. Where it is not possible to comply with a Data Subject’s request to exercise any of the above rights under the Personal Data Privacy Act, we will notify him or her in writing of the reasons for our refusal. Further information on the above rights and their enforcement can be provided upon request to the contacts listed below.

To exercise these rights, the data subject may contact TMR Srl at info@tmr.cloud or alternatively may contact the Data Protection Officer by sending an e-mail to info@tmr.cloud. When contacting us, you should be sure to include your name, e-mail/postal address and/or phone number(s) to be sure that your request can be handled properly.

If the Data Subject believes that there has been a violation of data protection legislation, he or she may lodge a complaint with the supervisory authority in the member state where he or she usually resides or works, or of the place where the alleged violation occurred.


When visitors leave comments on the site, we collect the data shown in the comment form in addition to the visitor’s IP address and browser user agent string to facilitate spam detection.

GRAVATAR GROUP: An anonymized string created from your email address (otherwise called a hash) can be provided to the Gravatar service to see if you are using it. The privacy policy for the Gravatar service is available here:

. After your comment is approved, your profile picture is publicly visible in the context of your comment.

MEDIA: If you upload images to the website, you should avoid uploading images that include embedded location data (EXIF GPS). Visitors to the website can download and extract any location data from the images on the website.

COOKIE: If you leave a comment on our site, you can choose to save your name, email address, and website in cookies. They are used for your convenience so that you do not have to re-enter your information when you leave another comment. These cookies will last for one year.

If you visit the login page, a temporary cookie will be set to determine if your browser accepts cookies. This cookie contains no personal data and is deleted when you close the browser.

When you log in, several cookies will be set to save your login information and screen display options. Login cookies last two days while screen option cookies last one year. If you select “Remember Me,” your access will persist for two weeks. If you log out of your account, your login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include any personal data, but simply indicates the ID of the newly modified item. Expires after 1 day.

INCORPORATED CONTENT FROM OTHER WEBSITES: Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Content embedded from other websites behaves exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, integrate additional third-party tracking, and track your interaction with them, including tracking your interaction with embedded content if you have an account and are logged in to those websites.

DATA SHARING: If you request a password reset, your IP address will be included in the reset email.

DATA STORAGE: If you leave a comment, the comment and its metadata are retained indefinitely. This is how we can automatically acknowledge and approve any subsequent comments instead of keeping them in a moderation queue.

For users who register on our website (if any), we also store the personal information they provide in their user profile. All users can see, change, or delete their personal information at any time (except their user name, which they cannot change). Website administrators can also see and edit this information.

USER RIGHTS: If you have an account on this site, or have left comments, you can request to receive an exported file from the site with the personal data we have about you, including the data you have provided to us. You can also request that we delete all personal data about you. This does not include data that we are obliged to keep for administrative, legal, or security purposes.

SENDING DATA: Visitor comments can be checked through an automatic spam detection service.


This policy may also be subject to change as a result of any regulatory changes and/or additions. Changes will be notified in advance and the constantly updated text of the policy will be available on this website.



The information on the use of cookies can be found at the following

13. Official Appointment of Data Protection Officer (DPO) for TMR.
The Data Protection Officer (DPO) for TMR is external and the appointment was made to the company SIAPA S.r.l.
For any inquiries, concerns or questions regarding privacy and data protection, please contact our DPO, SIAPA S.r.l, through the dedicated email address: siapa@siapa.it.