PERONI RUGGERO SRL, with registered and operational headquarters in Italy, 21100 Varese (VA), Via Ca’ Bassa 15, VAT number/Tax Code 03702360128, as Data Controller pursuant to and for the purposes of Legislative Decree No. 196/2003, as amended – Code regarding the protection of personal data (the “Privacy Code”) – and EU Regulation No. 679/2016 – General Data Protection Regulation (the “GDPR”) (hereinafter referred to as the Privacy Code and the GDPR are collectively referred to as “Applicable Standards”) acknowledges the importance of the protection of personal data and considers their protection one of the main objectives of its business.
In compliance with the Applicable Standards, we provide the necessary information regarding the processing of personal data you supplied. This is an Information Policy that is provided pursuant to Articles 13 of the Applicable Standards and that PERONI RUGGERO SRL invites you to read carefully as it contains important information on the protection of personal data and on the security measures taken to ensure confidentiality in full compliance with the Applicable Standards.
PERONI RUGGERO SRL informs you that the processing of personal data will be based on the principles of lawfulness, correctness, transparency, purpose and storage limitation, data minimization, accuracy, integrity and confidentiality. Personal data will, therefore, be processed in accordance with the legislative provisions of the Applicable Standards and the confidentiality obligations set forth therein.
According to the Applicable Standards, the Data Controller is PERONI RUGGERO SRL, with registered and operational headquarters in Italy, 21100 Varese (VA), Via Ca’ Bassa 15, VAT No./Tax Code 03702360128, in the person of its Legal Representative.
PERSONAL DATA SUBJECT TO PROCESSING
“Personal Data” means any information concerning an identified or identifiable natural person with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his/her physical, physiological, psychic, economic, cultural or social identity.
“Special Data” means personal data suitable for revealing the racial and ethnic origin, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data, data relating to health or sexual life or sexual orientation of the person.
“Judicial data” means personal data relating to criminal convictions and offenses or related security measures.
“Processing” means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or set of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by sending, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.
PLACE OF DATA PROCESSING
The data processing takes place at the above-mentioned headquarters of the Data Controller and at the premises of identified third parties.
TYPE OF PROCESSED DATA
The processing relates to the personal and identification data provided voluntarily by the Data Subject (by way of example but not limited to: name, surname, address, VAT number, Tax Code, landline or mobile phone number, email address, bank details, etc.).
PURPOSE, LEGAL BASE AND OBLIGATORY OR OPTIONAL NATURE OF THE PROCESSING
It should be noted that the processing is carried out to fulfill instrumental and functional purposes for the performance of the pre-contractual and/or contractual relationship, as well as in order to allow the fulfillment of all the operations required by law, as well as, finally, for the correct management of administration, contract accounting, order, invoice, payment and litigation requirements.
The data are processed within the normal activities of the organization, including related or ancillary activities or the supply of related products and/or services requested by the Company and according to the purposes that, by way of example, are listed below:
- Administrative-accounting-organizational purposes.
For the purposes of applying the provisions on the protection of personal data, the processing carried out for administrative-accounting-organizational purposes are those related to the performance of administrative, financial, accounting and organizational activities, regardless of the nature of the data processed. In particular, these purposes are pursued by the activities for the management of administrative, accounting and tax, internal organizational obligations, those functional to the fulfillment of contractual and pre-contractual obligations, to the management of the employment relationship in all its phases, to the purchase of services and/or products in the context of the relationship (or contract) in place, including the purposes relating to the management of contractual relationships related to the performance of the entrepreneurial business, in particular aimed at the manufacture of special machines for paper converting and box factories, the implementation and management of obligations established by national and European Community laws, regulations and standards, as well as by provisions issued by authorities legitimated by law and by supervisory and control bodies. For these purposes, in the case of a foreign customer, it may possibly be possible to transfer/disclose data abroad;
- Commercial promotion of the product/service provided.
- Mention of the name and use of the customer’s logo by way of reference, through communications made through textual/photo/audio/ video material via Internet, mailing, web and social media (i.e., Facebook, LinkedIn, Twitter, YouTube, Google +, etc.) or on brochures, catalogs and offer documents to new potential customers or customers already acquired;
- Mention of the name and use of the supplier’s logo by way of reference, through communications made through textual/photo/audio/ video material via Internet, mailing, web and social media (i.e., Facebook, LinkedIn, Twitter, YouTube, Google +, etc.) or on brochures, catalogs and offer documents;
- Communications made through textual/photo/audio/ video material via Internet, mailing, web and social media (i.e., Facebook, LinkedIn, Twitter, YouTube, Google +, etc.) or on traditional supports relating to the activities/initiatives managed by the organization that may contain data and images of the Data Subject (the Customer and/or Supplier) collected through interviews, narration of case studies, events, etc.
- Market surveys, marketing activities, sending of material containing commercial information relating to products/services already acquired or newly proposed, in any way (even with automated methods) and by any means carried out (i.e., by email, fax, telephone, mail, social networks, etc.);
- Selection and hiring of new staff
The storage and use of the Curriculum Vitae are permitted pursuant to Art. 88 for the purpose of selecting and hiring new figures. The data will be processed in compliance with the Authorizations Nos. 1 and 4 of the Privacy Guarantor.
- Implementation of Legislative Decree No. 81/2008 on Occupational Health and Safety.
With particular reference to the identification data freely given by the visitor/guest to our office (name, surname, institution or company), the processing has the exclusive purpose of ensuring compliance with the corporate security procedures formally applied, even in force of the regulations in force (i.e., registration in the visitor register/database, assignment of temporary identification badge, applications of legal obligations in the field of safety at workplace).
PROCESSING METHOD – DATA STORAGE
The processing will be carried out in an automated and manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by Data Processors and persons in charge of processing in accordance with the applicable legislation. The data will be kept for a period not exceeding the purposes for which the they were collected and subsequently processed and, in any case, in accordance with the existing contractual or commercial relationship.
In particular, the mailing service is carried out according to the applicable standards as per the Information Policy of the service provider.
SCOPE OF COMMUNICATION AND DISCLOSURE
The data being processed will not be disclosed.
The data may instead be disclosed to companies contractually linked to the Data Controller and, where necessary, also to subjects within and outside the European Union, in accordance with and within the limits of the current standards. So, the data may be disclosed to third parties belonging to the following categories:
- subjects and entities that collaborate with the Data Controller (accountant, labor consultant, temporary employment company, law firms, technical offices, training companies, freelancers, firms or companies in the field of assistance and consultancy relationships, credit and insurance institutions, credit recovery companies, technical and professional training institutes, subjects that carry out checks, audits and certification of the activities carried out by the Data Controller, customers, travel agencies, hotels, …);
- subjects who provide services for the management of the information system used by the Data Controller and of the telecommunications networks, and who take care of the maintenance of the technological part (management program, email, newsletter service, website, …);
- authorities competent for the fulfillment of legal obligations and/or provisions of public bodies, judicial and investigative authorities at their request.
The subjects belonging to the above-mentioned categories act as Data Processors, or work in total autonomy as separate Data Controllers.
The list of Data Processors is constantly updated and available on request at the headquarters of the Data Controller.
Any further communication or disclosure will take place only with the explicit consent of the Data Subject.
Furthermore, in the course of ordinary processing activities, those expressly appointed by the Undersigned as data processors and/or persons in charge of processing, authorized according to their respective profiles, will be able to access personal and identification data and therefore become aware of them.