PRIVACY INFORMATION AND PERSONAL DATA PROTECTION
REPI S.P.A. based in Lonate Ceppino, Via B. Franklin no. 2, as data controller for the processing of personal data pursuant to Legislative Decree 196/2003 and subsequent amendments – Code regarding the protection of personal data („Privacy Code“) – and to EU Regulation 679/2016 effective as of 25 May 2018 – General Regulation on Data Protection („GRDP“) (hereinafter the Privacy Code and the GRDP are collectively referred to as „Applicable Regulations“) recognizes the importance of the protection of personal data and considers their protection as one of the main objectives of its business.
In compliance with the Applicable Regulations we hereby submit the necessary information regarding the processing of personal data provided. This is information that is provided pursuant to Articles 13 of the Applicable Regulations and that REPI S.P.A. invites you to read carefully because it contains important information on the protection of personal data and the security measures taken to ensure confidentiality in full compliance with the Applicable Regulations.
REPI S.P.A. confirms that the processing of personal data will be based on the principles of legality, fairness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality. Therefore, personal data will be processed in accordance with the legislative provisions of the Applicable Regulations and the confidentiality obligations set out therein.
In accordance with the Applicable Regulations, the data controller is REPI S.P.A. based in Lonate Ceppino, Via B. Franklin nr. 2, Italy.
For any information concerning the processing of personal data by the Data Controller, including a request for the list of data processor personnel working on behalf of the Data Controller, please contact firstname.lastname@example.org.
2. PERSONAL DATA UNDERGOING PROCESSING
„Personal Data“ refers to any information concerning an identified or identifiable physical person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements pertaining their physical, physiological, psychic, economic, cultural or social identity.
„Particular Data“ refers to personal data sufficient to reveal the racial and ethnic origin, religious or philosophical convictions, or membership of Trade Unions, as well as genetic and biometric data, data related to health or sex life or to sexual orientation of the person.
„Judicial Data“ refers to personal data relating to criminal convictions and crimes or related security measures.
„Processing“ refers to any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or set of personal data, such as collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
DATA PROCESSING LOCATION
Data processing takes place at the aforementioned headquarters of the data controller, at the operational offices and at identified third parties.
TYPES OF DATA PROCESSED
The processing relates to personal and identification data provided voluntarily by the party concerned (for example but not limited to: name, surname, address, VAT number, tax code, phone or mobile number, e-mail address, bank account details, etc.).
PURPOSE, LEGAL ASPECT AND OBLIGATORY OR OPTIONAL NATURE OF THE PROCESSING
Personal data voluntarily provided will be processed by the data controller for the following purposes:
A. Administrative-accounting. For the purposes of the application of the provisions regarding the protection of personal data, the processing performed for administrative-accounting purposes are those related to the performance of organizational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, these objectives are pursued by the internal organizational activities, those functional to the fulfillment of contractual and pre-contractual obligations, the management of the employment relationship in all its phases, book keeping and the application of the rules on tax matters, Trade Unions, social security, health, hygiene and safety at work.
B. Information and promotions. The use of e-mail coordinates provided by the customer in the context of the sale of a product or service for direct sales of its products and services or collected through the „Contact us“ area of the institutional website www.repi.com, is permitted for the purpose of sending information and newsletters. The party concerned, at the time of collection and at the time of sending each communication, is informed of the possibility to object at any time to the processing, easily and free of charge (Article 130 paragraph 4 of Legislative Decree 196/03) .
Please note that if you are already our Partner, we may send you commercial communications relating to services and products of the data controller similar to those already used, unless your disapproval has been expressly stated (Article 130 paragraph 4 of Legislative Decree 196/03).
C. Security, pursuant to Legislative Decree 81/2008. With particular reference to identification data freely given by the guest/visitor to our offices (name, surname, institution or company), the processing has the exclusive purpose of ensuring compliance with corporate security procedures formally applied, in compliance with the applicable regulations (i.e annotation in the register/visitor database, assignment of temporary identification badge, applications of legal obligations in the field of safety at work).
METHOD OF PROCESSING – DATA CONSERVATION
The processing will be carried out in both an automated and manual manner, with methods and tools aimed at safeguarding maximum security and confidentiality, by persons appointed as responsible for and in charge of processing in accordance with the applicable legislation. The data will be stored for a period not exceeding the purposes for which such data were collected and subsequently processed, and in any case for the duration of the contractual or commercial relationship, without prejudice to the cases in which their storage for a subsequent period is required for any disputes, or by the competent authorities or in accordance with applicable regulations, including civil and tax laws.
EXTENT OF COMMUNICATION AND DIVULGATION
The data object of the processing will not be divulged, unless explicit authorization of the interested party has been granted after appropriate information. The data may instead be communicated to companies contractually linked to the Data Controller and, where necessary, also to persons inside and outside the European Union, in accordance with and within the limits of Arts. 42, 43 and 44 of Legislative Decree no. 196/2003. The data may be disclosed to third parties belonging to the following categories:
– subjects that provide services for the management of the information system used by the Data Controller and the telecommunications networks, and that are responsible for the maintenance of the technological areas (including e-mail and the newsletter service);
-individuals and entities that collaborate with the Data Controller to carry out training courses for example but not limited to: teachers, Interprofessional Funds;
– professionals, firms or companies in the field of assistance and consultancy;
– insurance, banking and financial companies;
– individuals that perform control, revision and certification of the activities carried out by the Data Controller;
– competent authorities for the fulfillment of legal obligations and/or provisions of public entities, upon their request.
The identification data processed in compliance with corporate security procedures are not subject to communication, without prejudice to express and specific requests on the part of the competent judicial and investigative Authorities.
The individuals belonging to the aforesaid categories perform the function of Data Processing Manager, or operate in complete autonomy as separate Data Controllers. The list of data processor personnel and shared data controllers is constantly updated and available on request from the Data Controller’s headquarters.
Any further communication or divulgation will take place only with the explicit consent of the party concerned.
Moreover, during the ordinary processing activities, they will be able to access personal and identifying data and therefore become aware of the subjects expressly designated by the writer as responsible and/or in charge of processing, authorized according to their respective profiles.
NATURE OF CONFERRAL AND REFUSAL
With regard to the data that we are obliged to obtain in order to fulfill the obligations arising from existing contracts, and the obligations demanded by laws, regulations, Community legislation, or provisions issued by the Authorities legitimated to do so by law and by supervising and controlling entities, failure to provide such data will make it impossible to establish or continue the relationship, within the limits in which such data are necessary for the execution of the same. The provision of data to allow the Data Controller to send commercial communications is optional; the party concerned can object to the treatment at any time by exercising the rights provided for under the Applicable Regulations in the forms and methods indicated herein.
The Data Controller also states that any non-communication, or incorrect communication, of one of the mandatory information areas will have the following consequences:
– the impossibility for the Data Controller to guarantee the adequacy of the processing itself to the contractual agreements for which it is performed;
-the possible lack of correspondence of the results of the processing to the obligations imposed by the fiscal, administrative and civil law to which it is addressed.
RIGHT OF ACCESS TO PERSONAL DATA AND OTHER RIGHTS
Finally, we inform you that at any time you can exercise your rights relative to the Data Controller under the Applicable Regulations, then obtain confirmation of the existence or otherwise of these data, know their content and origin, verify their accuracy, ask for integration, updating, or correction.
Upon the occurrence of the conditions set forth in the Applicable Regulations, you have the right to request the cancellation, limitation of processing, portability, and to object, for legitimate reasons, to their processing.
RULES OF EXERCISE OF RIGHTS
You may exercise your rights at any time by sending an e-mail to email@example.com
Lonate Ceppino, 25 May 2018