And subscription of interested parties GDPR 679/16, D. Lgs. 196/03 e D. Lgs. 101/18
This information is provided pursuant to D.Lgs 196/2003D.Lgse 101/18 and articles 13 and 14 of EU Regulation 2016/679 of the European Parliament and of the Council, April 27th 2016, concerning the protection of individuals with regard to the processing of personal data (for short GDPR 2016/679).
1. Data Controller and Data Processors - art. 13 co. 1 letter [a] [b] GDPR 2016/679
The data controller is Simoparma Packaging Italia Srl Via della Tecnica, 1 40023 Gastel Guelfo di Bologna (BO) - email firstname.lastname@example.org, available for exercising the rights recognized by the GDPR and to access the updated list of all Data Processors and their contact details.
Simoparma Packaging Italia Srl has also an appointed DPO in the person of Dr. Anna Dondana, e-mail address: email@example.com.
2. Type of processed data
The Data Controller may process, within its business processes, personal data belonging to the categories of interested parties listed below:
a) Website visitors: visitors can enter their contact details (name, surname, email address and telephone number) if they want to be contacted by our experts, using the "Contact us" form or the “Work with us” one. This category of interested parties respond exclusively to Art. 14 of the GDPR;
b) Customers: provide the Data Controller with the contact details of their person of contact, (name, surname, and qualification inside the client’s company, email, telephone number and office address), customers can release their data through the website, or provide a business card and / or their data on the occasion of trade fairs and congresses or dedicated meetings;
c) Owners of client’s companies and self-employed workers: provide the Data Controller with their personal and identifying data (name, surname, place and date of birth, residential address, social security number, copy of an identity card, e-mail and telephone number). Data is requested by the Data Controller before the signing of a contract, in compliance with the anti-money laundering legislation.
d) Suppliers of products or services: they provide the Data Controller with the personal details of their person of contact (name, surname, qualification inside the client’s company, email, telephone and office address), they can provide their data through the website or provide a business card and / or their data at trade fairs and conferences or dedicated meetings
e) Contract suppliers: provide the Data Controller with the contact details of their referents and the data relating to the obligations pursuant to Art. 26 of D.Lgs 81/08 of all workers visiting client's sites (contact details, hiring data, training, health suitability, identity card and specific operational details)
f) Employees and collaborators: the processing of employees and collaborator’s data is regulated by specific policies with attached consent forms, available in the company’s Privacy archives ; for which it’s necessary to apply the contacts indicated in point 1 of this statement.
g) Sole proprietorships (customers or suppliers): in the event of a customer or partner established as a sole proprietorship, bank and residence data are mandatory in addition to the data mentioned above.
h) Other categories: any other categories of interested parties will be treated with a separate policy form
3. Purpose and legal basis of data processing - art. 13 and 14 co. 1 letter [c] GDPR 2016/679
The purpose and legal basis of the processing of the categories of data listed in the previous paragraph from a) to g) are as follow:
a) To be contacted by Simoparma Packaging Italia Srl and be able to argue the reasons that prompted the interested party to enter their data on the website, both on the "Contact us" and the "Work with us" forms, under explicit consent.
b), d) and g): For the execution of a contract in which the interested party is a party or for the execution of pre-contractual measures adopted at their request.
c) To fulfill a legal obligation to which the Data Controller is subject (European Anti-Money Laundering Directive);
e) For the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at their request as well as to fulfill the legal obligations of Occupational Health and Safety Regulations to which both the Data Controller and the contractor are subject.
f) To fulfill contractual and legal obligations related to the employment relationship and the Health and Safety of workers, under explicit consent.
Further processing based on the legitimate interests pursued by the Data Controller described in the final part of this document in the paragraph "Video surveillance", is envisaged.
4. Data Source in both the “Contact us” and “Work with us” forms- art 14 co. 2 lett. [f] GDPR 2016/679
The above data will be collected at the time of registration on the website through both the “Contact us” and “Work with us” forms. Data is therefore provided directly by the interested party and does not arrive from outside and accessible sources to the public.
5. Data disclosure and reporting - arts. 13 and 14 co. 1 letter [e] [f] GDPR 2016/679
All the above mentioned data can be reported, without further need for consent, to companies and external consultants utilitarian in the performance of the contractual relationship, in compliance with the applicable regulations, such as lawyers, accountants, notaries, technical consultants etc.
It is possible to access the complete list of recipients by sending a specific request to the contacts indicated in point 1.
If personal data is disclosed, such disclosure will be anticipated by the prior acquisition of a specific consent form.
6. Data Archiving, register and storage - art. 13 and 14 co. 2 lett. [a] GDPR 2016/679
The processing of personal data consists in the collection, register, organization, storage and possible disclosure of said data to third parties as described in point 6.
The processing of personal data of categories b), c), d), f) of point 2 is carried out in compliance with the provisions of Article 5 of the European Regulation on Personal Data processing, on:
• Paper support: contact details, business cards, invoices, contracts, and general documents relating to contractual management activities (corporate documents that may possibly contain personal data of contact persons or of the owners of sole proprietorships);
• IT support: contact details, business cards, invoices, contracts and general documents relating to contractual management activities (corporate documents that may possibly contain personal details of contact persons or of the owners of sole proprietorships)
In compliance with the rules of lawfulness, legitimacy, confidentiality and security provided for by current legislation.
Files relating to the data subjects referred to in letters a) -f) of point 2 are stored within the company’s server. The server is accessible only to those authorized to access it and to those authorized to process data, as well as to internal and external managers (Ref. Complete list available to the contacts mentioned in point 1) who are required to access the information only for legitimate purposes, linked to the nature of their work.
Paper trail, if any, is stored in locked cabinets inside the offices, therefore accessible only by Simoparma Packaging Italia Srl’s staff.
Simoparma Packaging Italia Srl’s databases are equipped with systems that guarantee protection from unauthorized access and other external factors that may cause damage to personal data. Data access requirements are regulated, and access is granted only to those who pursue authorized and lawful processing purposes.
Suitable and appropriate training is provided to all employees who can access personal data, while the relationship with outsiders is managed by a specific contract regarding the processing of personal data.
The duration of data storage will depend on the length of the relationship. Storage duration could be longer than the contractual period, based on legislative obligations or the need to manage possible complaints or non-conformities that may arise after the termination of the contractual relationship
7. Transfer of personal data abroad
Personal data may not be transferred, stored or processed in any location outside Italy, and the European economic area.
8. Interested Party’s Rights - art. 13 co. 2 lett. [b] [c] [d] GDPR 2016/679 and art. 14 co. 2 lett. [c] [d] [e] GDPR 2016/679
The interested party has, for legitimate reasons, the right at any time to withdraw consent, access, update, correct, object to its portability or oppose to the treatment of its personal data. The interested party has the right to request the transformation of the data into anonymous forms.
To exercise his rights, the interested party must contact the Data Controller or the company’s DPO using the contacts indicated in point 1.
The interested party can also at any time contact Privacy Guarantor
9. Provision of personal data and consequences of a refusal to provide it.
The provision of personal data is optional but any refusal to provide it makes it impossible to establish a contractual or working relationship, or to answer contact’s requests.