|
I - Data processing policy
The Sofidel Group recognizes the privacy of its employees, customers and suppliers. Our companies shall ensure that personal data are processed by respecting data subjects’ rights, fundamental freedoms and dignity, particularly with regard to confidentiality, personal identity and the right to personal data protection.
Definitions of personal data and sensitive and judicial data
For the purposes of this Policy, as specified in article 4 of Legislative Decree no. 196/2003: ‘Personal data’ shall mean any information relating to natural or legal persons, bodies or associations that are or can be identified, even indirectly, by reference to any other information including a personal identification number. ‘Sensitive data’ shall mean personal data allowing the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life. ‘Judicial data’ shall mean personal data disclosing the measures referred to in Section 3(1) of Presidential Decree no. 313 of 14 November 2002 concerning the criminal record office, the register of offence-related administrative sanctions and the relevant current charges, or the status of being either defendant or the subject of investigations.
Purposes of processing data
The “personal”, “identification”, “sensitive” and “judicial” data supplied by data subjects or deriving from or relating to previous, current and future contractual relations shall be handled, in conformity to the principles of legality and necessity, with sole regard to the proper and complete execution of contractual and legal obligations, and for the purposes of correct invoicing and business intelligence.
Communication of data
Provided that comunications are carried out in conformity with the law, all “personal”, “identification”, “sensitive” and “judicial” data shall come to the knowledge of the “data processors” and be communicated for the above purposes to colleagues, consultants, private and public authorities and in general to all subjects strictly required for correct fulfilment of contractual obligations.
In particular, personal data may be communicated, in Italy and/or overseas to: our network of agents, to professionals and consultants, audit firms, companies operating in the transport sector, credit institutions, credit insurance companies, credit recovery companies solely for protecting credit and properly exercising our rights with regard to the commercial relations in question; to companies that provide computer software maintenance services; to parties that provide specific processing services or associated services instrumental to or supporting those of our company.
The abovementioned data shall not be divulged to unauthorized parties.
|
|
Means of processing
The data shall be processed by electronic or automated means, or else on paper media.
The data processor or the person(s) in charge of the processing shall be responsible for processing of the data for the time strictly required to attain the purposes for which the data are gathered.
Specific security measures are implemented to prevent the loss or destruction of data, illegal or incorrect use of data, or unauthorized access to data.
In this regard we would like to point out that the Sofidel Group implements not only the provisions of the privacy code but also all the appropriate means to ensure the best possible protection of personal data and thereby minimize the risk of the data being put to improper or incorrect use. Concerning the security measures for the handling of paper media, we have devised appropriate procedures for the correct archiving of acts and documents containing “personal data”.
These documents and acts are kept in archives with restricted access; people in charge of processing data who access the documents and acts after business hours have to be dutifully identified and registered.
Sofidel also requires the companies who belong to the Group and have foreign branches to conform to both Italian and EC laws concerning the “processing of personal data”. “Binding corporate laws” have been drawn up for this very purpose and apply to all the companies that make up the Group, to protect the rights of “data subjects” in light of the European directive 95/46/EC.
Data subject’s rights
In accordance with section 7 of the legislative decree, a data subject shall have the right:
- To obtain confirmation as to whether or not personal data concerning him exist, and communication of such data in intelligible form;
- To be informed of the source of the personal data, of the logic applied to the processing, of the identification data concerning the data controller and the entities to whom the personal data may be communicated;
- To obtain updating, rectification and integration of the data, erasure, anonymization or blocking of data that have been processed unlawfully;
- To object, on legitimate grounds, to the processing of personal data concerning him/her;
- To object to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
|
|
