In compliance with obligations under the European Privacy Regulation EU/2016/679 (GDPR) and Legislative Decree No. 196 of 30 June 2003 (Personal Data Protection/Privacy Code), we hereby wish to inform you that Manens-Tifs S.p.A. based in Corso Stati Uniti n. 56, 35127 Padua, Tax Code and VAT No. 04387520283, e-mail firstname.lastname@example.org, will as Data Controller process personal data pertaining to you, which you or others have or may communicate or disclose during the course of dealings with our company.
The processing of data communicated with your consent or collect in any other manner shall comply with applicable data protection rules in force and be characterised by the principles of correctness, lawfulness and transparency, and also respect the principles of relevance and completeness and of non-excessive data gathering.
The data will be gathered and registered only for the purposes indicated below, and will be stored for such purposes for no more than ten years from the date of the data gathering or of the termination of the contractual relationship.
Therefore, pursuant to the provisions of article 13) of the GDPR (EU/2016/679), we inform you that:
– Data that you provide will be processed for the following purposes:
• for the normal performance of institutional activities and/or in accordance with the corporate purpose;
• for requirements related to the signing of contracts and formal appointments, their implementation, later amendment or variation and for any obligation required in order to fulfil same;
• for operational, organisational, management, tax, financial, insurance and accounting purposes and requirements pertaining to existing contractual and/or pre-contractual dealings;
• for purposes of compliance with any EU-related legislative or regulatory provisions or standards;
• for activities of headhunting, selection and recruitment of personnel, as required;
• for the processing, management and fulfilment of pay obligations and social security, social welfare and employee contributions obligations pertaining to existing employment relationships;
• for the preparation, updating and storage of all mandatory books and documents required to be kept by labour law rules in force;
• for any psycho-physical-aptitude tests and assessments that need to be carried out in order to ascertain a person’s fitness for the position and duties assigned;
• for purposes of compliance with all contractual (including collective bargaining) and legal obligations in the field of labour relations and labour law, trade union relationships and workplace health and safety;
• for purposes of compliance with any EU-related legislative or regulatory provisions or standards. for registration, management and storage of access logs for any access to the corporate website, to the Company Information System and to the company premises;
• access control, company security and video surveillance;
• to monitor the procedures by which products/services are delivered, ongoing dealings with suppliers and customers, and the analysis and management of risks associated with the contractual relationship;
• for marketing and newsletter activities by e-mail (subject to your specific consent).
– The data processing – which may be manual or electronic – may involve the following data-related operations and activities: collection, registration, organisation and storage, consultation, use, processing, modification, selection, extraction, comparison, cross-referencing, transmission, communication, dissemination, erasure, destruction, blocking and limitation.
– The data processing will be carried out using hard copy as well as digital, IT and electronic communications media that guarantee the security and confidentiality of the data, in conformity with the provisions of Article 32) of the GDPR (EU/2016/679) on “appropriate data security measures” and of Article 33) of Legislative Decree 196/03 on “minimum data security measures”.
– When carrying out data processing operations, all technical, IT, organisational, logistical and procedural data-security measures will always be put in place to ensure that the minimum data protection standards provided for by law are duly observed. The aforementioned methods, applied to data processing operations, will ensure that only the persons indicated below will be able to access the data.
– The data provision and processing is:
• mandatory, and does not require your consent, in order to fulfil purposes associated with obligations under EU legislative and regulatory provisions and standards in force;
• absolutely necessary, and does not require your consent, for all personal data that are required in order to properly establish, manage and implement the contractual relationship;
• absolutely necessary, and does not require your consent, if this facilitates legitimate business interests of the company;
• optional, and requires your specific consent, for all personal data gathered for purposes neither directly and/or indirectly associated contractual, pre-contractual or legal obligations, or obligations associated with safeguarding vital interests or implementing public duties or exercising public powers or pursuing legitimate interests, and also for the transmission of periodic information newsletters.
– The following persons/entities or categories of person/entity may access personal data or have such data communicated to them:
• Legal Representative of the Data Controller;
• Data Processors: consultants and consultancy companies, self-employed professionals, self-employed workers, technical and engineering firms, agents and representative agencies, banks and insurance companies, credit recovery firms, auditors and auditing companies, accountancy firms, labour law/relations consultancies, law firms, transport and logistics companies, contractors, medics and occupational medicine studios, social security and welfare agencies or funds (including private funds and supplementary funds), trade union organisations and trade associations;
• Data Processing Operators (i.e. the persons authorised to actually process the data): Management, Administration, Secretarial staff, Human Resources, Marketing, Sales, Technical Area and Information Systems;
• System Administrators.
– The data may also be disseminated, but in aggregate and anonymous form and for statistical purposes only. If the data processing involves personal data that fall within the category of special categories of personal data (i.e. sensitive data that can reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, or religious, philosophical, political or trade union associations or organisations, as well as personal data that can reveal details of one’s state of health and sexual life), or judicial data (i.e. data that can reveal criminal records, records of administrative sanctions arising from the commission of an offence and associated pending proceedings, or one’s status as a defendant or investigatee), then the data processing shall be carried out within the limits of specific measures and authorisations of the Italian Personal Data Protection Authority, and for purposes that are strictly necessary for the regular performance of company activities, for the regular provision of products/services and the fulfilment of applicable legislative/regulatory and/or contractual obligations.
– The data may also be processed by persons/entities established in other EU member states and/or outside the European Union but on the basis of a European Commission Adequacy Decision and with adequate privacy guarantees.
– You may at any time request the Data Controller’s Legal Representative to provide you with a copy of your personal data, information on the location where your personal data are processed, and with an updated list containing the identification particulars of all Data Processors and System Administrators who are authorised to process your personal data.
– You may at any time freely revoke your consent without obligation, without prejudice to the legitimacy of data processing operations carried out until the revocation, and exercise the following rights of data subject vis-a-vis the Data Controller as provided for by the GDPR (EU/2016/679): Access, Rectification, Erasure, Limitation, Opposition and Complaint to the Italian Personal Data Protection Authority.