|
I - Data processing policy
The Sofidel Group considers the “privacy” of its employees as well as its customers
and suppliers to be of fundamental importance.
Accordingly our company ensures that the “processing of personal data” respects the fundamental rights and freedoms, as well as the dignity of the data subject, with particular regard to protection of the right to privacy and personal identity.
Definitions of personal data and sensitive and judicial data
For the purposes of this Policy, “personal data” - as defined in Section 4 of Legislative Decree No 196/2003 - means any information relating to natural or legal persons, bodies or associations that are or can be identified, even indirectly, by reference to any other information, including a personal identification number. “Sensitive data” means personal data allowing the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade unionist nature, as well as personal data disclosing health and sex life. “Judicial data” means personal data disclosing the measures referred to in Section 3(1) of Presidential Decree No 313 of 14 November 2002 concerning the criminal records office, the register of offence-related administrative sanctions and the relevant current charges, or the status of being either defendant or the subject of investigations.
Purposes of processing data
The “processing” of “ordinary”, “identification”, “sensitive” and “judicial” data provided by the data subject or otherwise deriving from or related to contractual relationships instrumental to or supporting those of our company. The said data will not be subject to “dissemination”, that is, will not be disclosed to unspecified entities or individuals.
Method(s) of processing
The “data processing” will be carried out primarily using electronic or automated means and secondarily using paper based methods. The data processing will be carried out by the “Data Controller” and the persons designated by him/her as “Data Processor(s)” or “Persons in Charge of the Processing” for the time strictly necessary to achieve the purposes for which the data has been collected. Specific security measures have been adopted to prevent the loss or destruction, unlawful or incorrect use of or unauthorized access to data. In this respect we must emphasise that the Sofidel Group adopts not only the measures laid down by the Privacy Code, but all the “appropriate measures” designed to ensure the best protection possible for personal data, in order to reduce their unauthorized or improper use to a minimum. The security measures adopted for processing paper records and documents have been set out in the relevant procedures which allow for correct storage of all records and documents containing “personal data”. For this purpose the documents and records are kept in filing systems subject to controlled access; the persons authorised to access said archives after regular working hours must be identified and registered. Sofidel also requires companies forming part of the Group, which are based abroad, to observe both national and European Community legislation with regard to the “processing of personal data”. For the above purpose, current and past data and information in the course of completion is processed, in accordance with the principles of lawfulness and necessity, solely for the purpose of complete and exact fulfilment of contractual requirements and resulting legal obligations, as well as accurate billing and marketing and sales information.
|
|
Communication of data
Without prejudice to the notifications made in order to comply with legal requirements, “ordinary” “identification”, “sensitive” and judicial” data may become known to the “persons in charge of the processing” and may be communicated for the purposes set out above to external partners, consultants, public and private bodies and in general to all natural and legal persons to whom or which it is strictly necessary to communicate data for the correct performance of contractual obligations. In particular, the data may be communicated within Italy and/or abroad to: our network of dealers and agents, professionals and consultants, auditing firms, transport operators, credit institutions, insurance companies and finance companies and debt recovery agencies solely for the purposes of credit control and optimal management of our rights in relation to individual business relationships, to IT consultancies for purposes of software maintenance and to individuals or entities carrying out related activities subject to the “binding corporate rules” applicable to all companies in the Group, in order to ensure the existence of adequate guarantees for the rights of “data subjects”, in light of European Directive 95/46/EC.
Data subject’s rights
Under Section 7 of the Consolidated Act the “data subject” has the right: - to obtain confirmation from the “Data Controller” as to whether or not personal data concerning him/her exist and communication of such data in intelligible form; - to be informed of the source of the data, the purposes and methods of processing, the logic applied to the processing, the identification data concerning the data controller and the persons or entities to whom or which the data may be communicated; - to obtain the updating, rectification and integration of the data and the erasure, anonymization or blocking of data “processed” unlawfully; - to object, on legitimate grounds, to the “processing of data”; - to object in whole or in part, at zero cost, to the “processing” of data for the purpose of obtaining marketing information, sending advertising materials or direct selling.
|
|
