This informative report is issued pursuant to Article 14 of the EU regulation 2016/679, as well as pursuant to the provision no. 229/2014 issued by the Data Protection Authority in relation to cookies.
The purpose of this informative report is to describe the processing that will be carried out on the data provided by subjects accessing and browsing on the website of SPEA S.p.A.
The following definitions are applicable:
- Authority: A public institution with the duty of enforcing compliance with regulations regarding a determined area of activity;
- Disclosure: pass on knowledge of personal data to one or more determined subjects, other than the data subject or the controller and the processors;
- Personal data: any information relating to an identified or identifiable natural person. A natural person is considered identifiable if he/she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Company: SPEA S.p.A, data controller referred to in this informative report;
- Cookie: text string of small dimensions which websites visited by the user send to the latter’s terminal (usually to the browser), where they are stored, to be re- transmitted to the same sites on a subsequent visit by the same user. While browsing a website, the user may also receive on the terminal cookies sent by various other websites or web servers (so-called “third parties”), which may be hosting some elements (such as, for example, images, maps, sounds or specific links to pages on other domains) that are displayed on the website the said user is visiting.
- Personal data of a sensitive nature: any personal data that may reveal the racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, state of health and physiology, genetic profile or, sexual orientation of the person;
- Personal data of a judicial nature: the personal data likely to reveal measures under article 3, paragraph 1, letters from a) to o) and from r) to u), of the Presidential Decree no. 313/2002 regarding criminal records, register of administrative sanctions deriving from offences and any charges pending, or the status of being prosecuted or investigated pursuant to articles 60 and 61 of the code of criminal procedure;
- Dissemination: passing on knowledge of personal data, in any form whatsoever, to unspecified subjects
- Purpose: the ends for which the processing is carried out;
- Data subject: the natural person to whom the personal data refer;
- Profiling: this kind of automatized processing of personal data consists of the use of such personal data to assess certain personal aspects relating to a natural person, in particular for analyzing or predicting aspects of the professional performance, the economic circumstances, the health, personal preferences, interests, reliability, behavior, location or movements of said natural person;
- Data processor: the natural or legal person, the public authority, agency or other body that processes personal data on behalf of the controller;
- Data protection officer: high profile subject, possessing adequate technical/regulatory knowledge and capable of providing the controller and the subjects involved in the processing with adequate assistance in fulfilling the duties deriving from the regulations referred to, as well as carrying out the assessments of the impact of the processing as laid down for protection of personal data;
- Data controller: the natural or legal person, the public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2. Ownership and contacts
The Data Controller of the Personal Data referred to in this informative report is SPEA S.p.A. with registered office in Via Torino 16, 10088 Volpiano (TO), Italy. The Processors and the Data Protection Officer may be contacted at the operational head office.
3. Processing and purposes
The Personal Data, referring also to data of a sensitive or juridical nature, will involve collection, recording, organization, structuring, storage, retrieval, consultation, use, disclosure, alignment or combination, erasure, destruction as part of the normal performance of the activities of the Company, for the purposes set out below.
- purposes related to fulfilment of obligations deriving from contracts agreed with the Company. These activities concern the customers and the network of appointed managers and are carried out in the area of the website with restricted access;
- purposes related to collecting candidatures for possible selection of benefit resources within the Company;
- purposes related to collecting contacts to be used for developing commercial offers of products distributed by the Company directly with those concerned;
- purposes related to fulfilment of obligations imposed by legislation, by regulations and provisions of the Authorities and by community regulations. For this type of activity, it is not required to ask for your consent;
Provision of personal data required for the purposes as under points a, b, c and d is necessary for the pursuit of such purposes, since it is strictly functional to establishing and managing the contact or the contractual relationship. The refusal of the data subject may make it impossible for the Company to carry out the services requested.
Profiling activities carried out are solely for the performance and completion of the activities of contacts, as shown at point 3 of this informative report.
5. Disclosure and dissemination of data
Dissemination of collected data is not contemplated in any form. Personal data processed for the purposes described above may be disclosed to the following categories of subjects:
- subjects internal to the Company who are appointed for the above-mentioned processing;
- other company functions or external subjects of an accessory or instrumental nature, subjects authorized for activities of consultancy and assistance on matters of taxation, finance, law, informatics, data storage, auditing and certifying financial statements;
- subjects, under provisions of the Authorities, supervising data collection, for purposes of statistics, anti-fraud, anti-money laundering, counter-terrorism;
- parent companies of and/or companies associated with the Company;
- Public Supervisory Authorities and supervision or public security.
6. Types of data processed, data and processing location, storage period
With regard to the purposes described, use of the personal data is restricted to only such data as required for completion and management of the processing laid down in this informative report.
The processing is carried out by means of manual operations and electronic – or in any case automatized – tools, in accordance with the logic of processing and storage strictly related to the purposes themselves or as dictated by legislation and orders of the Authorities and, in any case, in such a way as to guarantee the confidentiality and security of the personal data against the risks of improper access and disclosure, as well as their destruction when the purpose has been achieved, with the exclusion of any obligations of storage deriving from regulatory indications or those of the Authorities.
The data processing and storage will be carried out in Italy.
8. Rights of the data subject
The data subject, with regard to the above-mentioned processing, may exercise rights of access, revocation, rectification, erasure (right to be forgotten), restriction, portability and objection, with reference to the regulations currently in force covering privacy. In order to exercise the above-mentioned rights, the data subject may send a request by registered mail with proof of receipt to the address of the operational head office of the Company or by e-mail to this address: firstname.lastname@example.org.
The data subject is also entitled to submit a complaint directly to the Data Protection Authority for the protection of personal data, within the time limits laid down by the regulations in force