We would like to inform you that EUROFILT GROUP SRL, whose headquarter and offices are located in Via Campo di Maggio n. 17/b, 21020 Brunello (VA) – Italy, as Controller of the personal data processing in accordance with EU Regulation 2016/679 (GDPR), recognizes the importance of personal data protection and considers its protection one of the main aims of its own activity.
In compliance with the GDPR we hereby inform you on the processing of the personal data you provided. This is a notice according to the GDPR and therefore the Controller invites you to read it carefully, since it contains important information on personal data protection in order to ensure its confidentiality in full respect of the GDPR.
EUROFILT GROUP SRL informs you that your personal data will be processed under the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. Your personal data will be processed in accordance to the GDPR and under the obligation of confidentiality.
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
(3) ‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
(4) ‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
(5) ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
PLACE OF PERSONAL DATA PROCESSING ACTIVITIES
The processing of your personal data will take place in the administration of the Controller, or possibly in other operational headquarters or by third parties.
TYPES OF DATA
The processing refers to personal and identification data provided by the person or the company concerned (e.g.: name, last name, address, VAT registration number, social security number, phone number, email address, bank details, etc.).
PURPOSE, LEGAL BASES AND MANDATORY OR VOLUNTARY NATURE OF THE PROCESSING
The personal information provided will be processed by the Controller for the following purposes:
- Administrative and accounting. In order to apply the provisions concerning personal data protection, the administrative and accounting processing is the one related to organizational, administrative, financial and accounting activities, notwithstanding the nature of the data processed. In particular, those who pursue these scopes are the internal organizational activities and all the activities that serve to thecompliance of its contractual and pre-contractual obligations, to the management of the working relationship throughout all of its phases, to the accounting and the application of tax, union, social, security, health, sanitation and safety regulations.
- Health and Safety. In accordance with Italian Decree n. 81/2008, particularly referring to those data provided by the guest/visitor in one of our offices (name, last name and company), we inform you that the processing only pursues to guarantee the respect of the corporate security procedures adopted, on the basis of the applicable law (e.g.: visitors database/register, use of a temporary badge, applications of the safety regulations).
MANNER OF PROCESSING – DATA STORAGE
The processing will be carried out both manually and in an automated way, with the use of tools aimed at guaranteeing its security and confidentiality. The processing will be carried out by an entity appointed as Processors according to the GDPR. The data collected will be kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
FRAMEWORK OF DISCLOSURE AND DISSEMINATION
The personal data could be disclosed to:
- Entities who provide services to the information system and the telecommunications networks used by the Controller and those entities that control the hardware and software maintenance (including emails and the newsletter service).
- Independent contractors, agencies and companies in the field of assistance and advice.
- Entities who carry out control, revision and certification of the executions put in place by the Controller.
- Competent authorities for compliance of law obligations and/or for the provisions of public authorities, upon their request.
The identifying data processed in compliance with the corporate security procedures are not subject of disclosure, notwithstanding specific and express requests that could be made from the judicial and investigation competent authorities.
Every further disclosure or dissemination will be carried out only with your prior and explicit agreement.
Furthermore, during the regular processing activities, the entities appointed by EUROFILT GROUP SRL as Processors could access your personal data.
CONTRIBUTION AND REJECTION NATURE
With regard to those data that we must know for compliance with the legal obligations related to existing contracts and with regard to those obligations provided for laws, regulations, Community legislation or for provisions given by the Authorities legitimized by the law and oversight bodies, if these data are not provided it will be impossible to build and continue the relationship, according to the necessary limits to execute such relationship.
The contribution of your data to the Controller for commercial advertising is not mandatory. You can object to processing anytime exercising the right laid down in the GDPR, in the forms and ways here described.
The Controller also states that if the data are not provided or one of the mandatory information is not correct, the consequences will be the following:
- The Controller will not guarantee the adequacy of the data processing according to the contractual arrangement;
- It could be possible that the processing will not reach its tax, administrative and civil purposes.
RIGHTS OF THE CLIENT/SUPPLIER
We would like to inform you that you have the right to ask the Controller the existence of your data and to know its origin and contents. You may also ask the Controller to complete, update or correct the data you provided.
According to the GDPR you also have the right to rectification, erasure, restriction of processing, data portability and to object to the data processing for legitimate reasons.
All requests must be sent to the this email: firstname.lastname@example.org.
Date and signature (Controller)
25th May 2018