Privacy policy
Robbio, August 2023
INFORMATION PURSUANT TO THE LAW ON THE PROTECTION OF PERSONAL DATA FOR CONTRACTUAL RELATIONS
Subject: Information pursuant to Articles 7 and 13-22 European Regulation 2016/679.
Foreword
This notice does not constitute a request for consent to the processing of data, the same being underlying the activation of an employment relationship ex art. 6 GDPR 2016/679.
The indicated norms regulate the confidentiality of personal data and impose a series of obligations on those who process information referring to other subjects. Among the obligations to be met are those of:
- inform the person and/or company to whom the data refer about the use that is made of the relevant information
Article 4 of the European Regulation 2016/679, mean as “processing”: any operation or set of operations, carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction;
In compliance with the aforementioned provisions we inform you that:
- The data relating to you, qualified as personal by the law in question, which will be requested from you and/or communicated to us by third parties, are processed in relation to contractual requirements and for the fulfillment of legal and contractual obligations arising therefrom.
- In particular, with regard to your economic data, it is specified that the same will be acquired and processed in accordance with the provisions of Articles 13 and 14 European Reg. 2016/679 and their storage will be in line with the provisions of Articles 16 – 22 European Reg. 2016/679.
The personal data in question will be processed electronically and on paper, by individuals authorized to perform these tasks, constantly identified, appropriately instructed and made aware of the constraints imposed by the European Reg. 2016/679, with the use of security measures to ensure the confidentiality of the data subject whose data is referred to and to prevent undue access to third parties or unauthorized personnel;
- are indispensable for the continuation of the existing contractual relationship or for the establishment of a new relationship
- are for almost all of them compulsory by law and, therefore, refusal to provide said information or failure to consent to the execution of the stages of processing indicated in point 2 of this communication and which are necessary from time to time, make it impossible to carry out the operations relating to the same contractual relationship.
All the aforementioned data will be retained even after the termination of the contractual relationship for the performance of all possible obligations related to or arising from the conclusion of the relationship itself and for commercial purposes.
It should also be noted that such data may possibly be transferred to third parties for the completion of some specific processing. In this case such third parties will have been previously appointed ex art. 28 GDPR External Data Processors also having accepted the appointment itself.
In order to enable the most complete understanding of the issue, attached hereto is a copy of the text of Articles 16 – 22 of European Reg. 206/679 concerning your rights in relation to data processing.
Finally, in terms of information to data subjects, the following is noted:
- the responsibility for the processing is shared among all the data processors who have been given precise instructions on the methods of processing, their tasks and the security measures to be put in place
- the information has been prepared and distributed both to the company’s ongoing clients and to clients who only occasionally use its services
- as with other types of personal data, it is also possible to exercise your rights under Articles 16 and 17 of European Reg. 2016/679 in the manner already communicated to you earlier
The company, moreover, in full respect of its customers’ privacy and in line with the relevant European regulations (GDPR 2016/679) points out the following:
- has taken steps to draw up a Document on its Privacy policy where the salient principles adopted and to be adopted in the future for the protection of data from loss and/or misappropriation are clearly highlighted and whose responsibility lies with the Data Controller.
- undertakes to maintain full confidentiality of personal data collected during the performance of contractual relationships by implementing all measures necessary for the purpose in addition to providing for their continuous review (ex art. 32 d) and adaptation.
- Undertakes to respond promptly to any clarification of data protection in place and in case of data loss
- Undertakes to put in place all necessary measures to address the rights of data subjects ex art. 13-20 of GDPR 2016/679
- commits to support its clients in cases of data loss (ex Articles 33 and 34)
- finally, it makes itself fully available for its support in the possible compilation of your Data Protection Impact Document (DPIA – ex art. 35 (7) and 84).
For any clarification please contact: hr@brivio.it
The Data Controller
A.Brivio