PRIVACY POLICY INFORMATION ON PERSONAL DATA PROCESSING
ACCORDING TO ART. 13 AND 14 OF EU REGULATION 2016/679
Scoprega S.p.A. respects the right to the protection of personal data and is committed to safeguarding and correctly using the personal information collected in the course of its business activities.
Your personal data are treated in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Regulation”).
To confirm such commitment and in accordance with Art. 13 and 14 of the Regulation, we hereby provide the necessary information to data subjects, in order to promote awareness and facilitate easy exercise of their rights according to the applicable law.
Controller (the person who determines the purposes and means of the processing of personal data)
Artemio Affaticati, Chairman of the Board of Directors of Scoprega S.p.A. (registered office in Cassano D’Adda (MI), Via Leonardo da Vinci No. 63, ZIP code 20062, VAT No. 00810700161).
Source of personal data
Data are collected from the data subject directly or from a third party, to fulfil legal obligations or contractual requirements, also accessing available data bases.
Data categories (data that are processed)
In accordance with the Regulation and the applicable national laws, including regulations issued by the Supervisory Authority, the Controller will process personal data collected from the data subject or by third parties.
The Controller processes mainly the following data categories:
• identity and contact information (e.g. name, surname, birth date, address);
• pictures (e.g. pictures on identity documents; images from surveillance cameras);
• any further data provided by the data subject
Purposes of the processing
The Controller shall process personal data collected in the context of the Company business relationships in order to: fulfil obligations according to applicable laws and EU legislation; comply with health and safety requirements at the work place (e.g. training on safety regulations); solving disputes and exercise or defend legal claims; prevent and detect security threats (e.g. through video surveillance of the Company premises); carry out the reporting process to other group companies.
Data can also be processed in order to assess their compliance with the relevant ethical and legal obligations established by the Controller in his own Code of Ethics and the effectiveness of the Organization Model adopted pursuant to the Italian Legislative Decree No. 231 of June 8th, 2001.
Data processing to such purposes does not require a specific consent by the data subject, according to the exemptions of Art. 6.1 b), c) and f) of the Regulation.
Individual consent
Lawful processing of personal data is based on the data subject’s consent.
The performance of a contract, the follow up on lawful requests or the possibility of ensuring the data subject’s rights may be conditional on such consent.
Modalities of processing
The Controller and other authorized persons on his behalf shall process personal data lawfully, fairly and in a transparent manner, by automated or manual means, in accordance with the applicable obligations.
Adequate technical and organizational measures are implemented in order to guarantee an appropriate level of security and confidentiality, ensuring that the processing of personal data is not carried out by unauthorised persons and data can be restored in case of physical or technical damage.
Categories of data recipients (persons to whom personal data are disclosed)
Personal data may be disclosed only to specific categories of recipients, among them: employees and other bodies (however authorized by the Controller), third parties that process data on behalf of the Controller and other recipients, natural persons or public authorities, to which the personal data are disclosed in accordance with a legal obligation.
Rights
According to the Regulation (Art. 15-21) you may have the right to:
Obtain from Scoprega confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to such personal data;
Obtain from Scoprega the rectification of inaccurate personal data concerning you;
Obtain from Scoprega the erasure of your personal data (“right to be forgotten”) or restriction of processing regarding your personal data, if their use and retention goes beyond the specific purposes for which they were collected or otherwise processed;
Object to processing of personal data concerning you;
§ Withdraw your freely given consent at any time, without affecting the lawfulness of data processing based on consent before its withdrawal;
§ Lodge a complaint with the Supervisory Authority, in case of Regulation infringement;
§ Receive the personal data, which you have provided, in a structured, commonly used and machine-readable format and transmit those data to another controller (“data portability”)
In case you wish to exercise any of your data privacy related rights, starting from 25th May, 2018, you may contact Scoprega at the following address: privacy@scoprega.it.
Storage periods
Your personal data will be retained as long as necessary for the purposes for which they were collected or otherwise processed, and in any case for a period not longer than 12 months.
Personal data may be stored for longer periods insofar as they are processed to fulfil legal obligations.