PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 – WEB PORTALS USERS
1. The Data Controller
The Data Controller is Fedrigoni S.p.A., with legal office in Via Enrico Fermi 13/F, 37135, Verona (VR) Italy. To exercise your rights provided in the current regulation, listed under “5. Data Subject’s rights”, and for any other requests regarding matters of privacy, you can contact the Data Controller by writing to email@example.com.
2. Types of treatments processed
a) Portal registration management
• Purpose: the web portal allows the registration of users, who can thereby create their own reserved area and access confidential and exclusive information within the platform.
• Legal basis: the registration process is carried out based on the consent of the data subject.
• Data retention: the data is kept for the time necessary for the management of the registration service in the portal made available to the user.
Upon completion of the registration process, the user is registered in the company’s systems and has the option of requesting at any time to disable his or her account through the communication channels indicated in point 1.
b) User communications management
• Purpose: the voluntary sending of messages to the contact addresses on this website and the completion of the “forms”, lead to the acquisition of the sender’s contact details, as well as all personal data contained in the communications, which are needed in order to fulfill specific requests sent to the Data Controller. Data are processed for the management of the communication, based on the need to provide the communication service made available to the user.
• Legal basis: the processing activity is carried out based on the consent of the person sending the communication.
• Data storage: the user’s data are recorded by the Data Controller and stored for the time necessary for the management of the communication, to manage the business relationship with the user, subject to his consent, revocable at any time with a request through the communication channels indicated in point 1.
• Purpose: when registering to the portal and/or sending communications through the “forms” on the platform, the user can subscribe to newsletter services on updates and promotions related to the offer of products and services.
• Legal basis: data are processed based on the consent provided by the user, in accordance with Article 6, paragraph 1, letter a) of the GDPR.
• Data retention: personal data are kept for the time necessary to manage the Newsletter service made available to the user, who may at any time decide to stop sending newsletters by revoking the consent given, through the specific functionality present in each communication received, or by making a request through the communication channels indicated in point 1.
d) Applications management
Through the portal it is possible to access the “career” area for consulting job positions and managing applications. For such processing activity, please refer to the candidate policy, which can be found in the dedicated section.
e) Browsing Data management
• Purpose: the tools used to ensure the operation and security of the portal may process, in the course of their normal operation, some information that is not collected to be associated with the individuals concerned, but which, as a result of processing, could allow users to be identified (e.g. IP addresses, computer domain names, etc.). Such information is collected to ensure the security and proper functioning of the portal.
• Legal basis: data are processed under the legitimate interest of the Data Controller, in accordance with Article 6, paragraph 1, letter f) of the GDPR.
• Data retention: data are kept for the time strictly necessary to pursue the stated purposes.
f) Business contacts
• Purpose: The contact information you provide is retained and processed for the management of your business relationship, as a point of contact as a customer/prospect.
• Legal basis: the activity of managing your contact information is carried out by virtue of an existing contract between the parties or because of a commercial interest possibly leading to the future establishment of contractual agreements.
At any time, you may request the deletion of your contact information by making a request through the communication channels indicated in point 1.
• Data retention: the data will be retained for 36 months a from the last professional contact made; if a contractual agreement is defined, the data will be retained until the termination of the legal effects arising from it.
g) B2B commercial communications
• Purpose: the contact information you provide in the context of establishing/maintaining a professional/commercial relationship are stored and processed for sending promotional and update communications and sending liking questionnaires to collect feedback and cues for improvement.
• Legal basis: the processing activity is carried out by virtue of the Data Controller’s legitimate interest in maintaining and improving professional contacts with its current or potential business counterparts.
• Data retention: data will be processed for sending communications for 36 months from the last professional contact made. At any time, you may request not to receive such communications by selecting the link in the Welcome Mail, or by making a request through the communication channels indicated in point 1.
h) Fedrigoni Top Awards Registration and Communications
• Purpose: the contact information you provide as part of your registration for the Fedrigoni Top Awards event is stored and processed for the management of the registration, and subsequently for sending update communications (e.g., awards nominees, subsequent editions, etc.).
• Legal basis: the processing activity is carried out under the legitimate interest of the Data Controller to manage the participation process of members and keep participants updated on the evolution of the Top Awards initiative.
• Data retention: the data are kept for the time necessary to manage the event participation, and thereafter to send the above communications. The user may at any time request to stop sending the newsletters through the specific functionality present in each communication received, or by making a request through the communication channels indicated in point 1.
i) Cookies management
3. Processing Methods
Your personal data will be processed in compliance with the provisions set forth by the current legislation regarding personal data protection, using analogic and digital means using methods and means suitable for guaranteeing the security and confidentiality of the same in conformity with the provisions envisaged by Article 32 of the GDPR.
4. Parties to whom or which your personal data can be communicated
For the pursuance of the purposes described above, your personal data can come to the knowledge of employees, collaborators and commercial agents of the Controller, who will operate as parties authorized to perform the processing and/or Data processors.
Additionally, the Data Controller may need to communicate your personal data to third parties belonging, for example, to the following categories:
• companies belonging to Fedrigoni Group;
• parties that provide services for managing ICT services (e.g. website management), communication services (e.g. Mailing list management) and applications management.
The Data Controller may transfer your personal data outside the European Economic Area ensuring one of the following conditions: whether it is either a third country deemed adequate under Article 45 of the GDPR or a country for which the Data Controller provides adequate guarantees about data protection according to Article 46 and 47 of the GDPR and ensuring the data subjects have enforceable rights and effective remedies.
5. Data Subject’s rights
The Data Controller pays special attention to the protection of your data and informs you that, under the conditions provided for in the current legislation, you can exercise the following rights:
• right of access –the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access the personal data;
• right to rectification –the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you and to have incomplete personal data completed;
• right to erasure (‘right to be forgotten’) – the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay;
• right to restriction of processing – where applicable, the right to obtain restriction of processing, when the legal requirements are met;
• data portability right – the right to receive, in a structured format of common use that can be read by an automatic device, the personal data that concern you provided to the Data Controller, and the right to freely send these to another data controller;
• right to object – the right to object, at any time, to the processing of personal data concerning you upon the occurrence of the provisions identified in the legislation;
• consent withdrawal– right to request revocation of the consent given at any time, without affecting the lawfulness of the processing based on the consent given before revocation.
The above-mentioned rights can be exercised to the Data Controller using the contacts indicated above in point 1.
To find out about your rights, lodge a complaint, and be kept up-to-date on the legislation on the protection of individuals with regard to the processing of personal data, you can contact the Data Protection Authority by visiting the website at http://www.garanteprivacy.it/.