Privacy Policy

PROCESSING POLICY OF PERSONAL DATA

Alberflex Srl based in Cairate (VA) Via Palermo 13, as titleholder of the processing policy of personal data pursuant to Legislative Decree no. 196/2003 and supplementary modifications – Code regarding the protection of personal data (“Privacy Code”) – and of the EU Regulation 679/2016 applicable from 25 May 2018 – General Regulation on Data Protection (“RGPD”) (Privacy Code and RGPD are, hereafter, collectively referred to as “Applicable Regulations”) recognizes the importance of protection personal data and considers their protection one of the main objectives of their business.
In compliance with the Applicable Regulations we are providing the necessary information regarding the processing of personal data provided. The information provided pursuant to art. 13 of the Applicable Regulations and Alberflex Srl invites you to read carefully as it contains important information on the protection of personal data and on the safekeeping, measures adopted to ensure confidentiality in full compliance with the applicable legislation.
ALBERFLEX SRL informs that the processing policy of personal data will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality. The personal data will therefore be processed in accordance with the legislative provisions of the Applicable Regulations and the confidentiality obligations laid down therein.

HOLDER
According to the Applicable Regulations, the data controller is ALBERFLEX SRL, based in Cairate (VA) Via Palermo 13.

PERSONAL DATA OBJECT OF DISPENSATION
“Personal Data” means any information concerning an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of its physical identity physiological, psychological, economic, cultural or social.
“Particular Data” means personal data suitable to reveal the origins, racial and ethnic, religious or philosophical convictions, or union membership, as well as genetic and biometric data, data related to health or sex life or sexual orientation of the person.
“Judicial data” means personal data relating to criminal convictions and crimes or related security measures.
“Treatment” means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or set of personal data, such as collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

DATA PROCESSING LOCATION
Data processing takes place at the above-mentioned registered office of the titleholder and by identified third parties.

TYPES OF DATA PROCESSED
The processing relates to personal and identification data voluntarily provided by the interested party (as an example, but not limited to: name, surname, address, VAT number, tax code, landline or mobile phone numbers, e-mail address, bank account details, etc.).

PURPOSE, LEGAL BASE AND REQUIRED OR OPTIONAL NATURE OF DATA HANDLING
Personal data voluntarily provided will be processed by the data controller for the following purposes:
A. Administrative and accounting. For the purposes of the application of the provisions regarding the protection of personal data, the processing performed for administrative-accounting purposes are those related to the conduct of organizational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, these objectives pursue internal organizational activities, those functional to the fulfillment of contractual and pre-contractual obligations, the management of the employment relationship in all its phases, the keeping of accounting and the application of the rules on tax matters, trade union, social security, health, hygiene and safety at work.
B. Security, pursuant to Legislative Decree. 81/2008. With particular reference to the identification data freely given by the guest / visitor to our offices (name, surname, institution or company of belonging), the treatment has the exclusive purpose of ensuring compliance with the corporate security procedures formally applied, even in force of the regulations in force (e.g. annotation in the register / visitor database, assignment of temporary identification badge, applications of legal obligations in the field of safety at work).
C. Selection of Personnel. The CVs, provided in any way (ex: spontaneous applications, acquisition through employment centers, etc.) will be managed only for staff selection purposes.

DATA CONSERVATION METHOD
The processing will be carried out in an automated and manual way, with methods and tools aimed at guaranteeing maximum security and confidentiality, by persons appointed as in safekeeping and in charge of processing in accordance with the applicable legislation. The data will be stored for a period not exceeding the purposes for which the data were collected and subsequently processed, and in any case in constant contractual or commercial relationship.

STORING TIME OF PERSONAL DATA
Your personal data will be kept for the duration of the contractual relationship and, in any case for a maximum of 10 years, as well as, in the alternative, except for longer terms established by law for the prescription of rights.
The CVs will be kept for one year.
Once the above storage terms have elapsed, the Data will be destroyed or made anonymous, compatibly with the technical cancellation and backup procedures.

SCOPE OF COMMUNICATION AND DIFFUSION
The entity data will not be disclosed, unless explicit authorization of the interested party is released after suitable consent. The data may instead be communicated to companies contractually linked to the Data Controller and, where necessary, also to individuals inside and outside the European Union, in compliance with the provisions of the Applicable Regulations. The data may be disclosed to third parties belonging to the following categories:
– subjects that provide services for the management of the information system used by the data controller and telecommunications networks, and who take care of the maintenance of the technological part (including e-mail);
– subjects and bodies that collaborate with the Data Controller to carry out training courses as an example and not exhaustive: teachers, Inter-professional Joint Funds;
– freelancers, firms or companies in the context of assistance and consultancy relationships only if they are related to the management of the existing contractual relationship;
– subjects that carry out checks, audits and certification of the activities carried out by the Data Controller;

– competent authorities for the fulfillment of obligations of laws and / or provisions of public bodies, upon request of the same.
The identification data processed in application of the corporate security procedures are not subject to communication, without prejudice to express and specific requests eventually made by the competent judicial and investigative Authorities.
The subjects belonging to the above-mentioned categories perform the function of Data Processing Manager, or operate in complete autonomy as separate Data Controllers. The list of managers is constantly updated and available on request at the Data Controller headquarters.
Any further communication or disclosure will take place only with the explicit consent of the interested party.
Moreover, during the ordinary activities of processing, they will be able to access personal and identifying data and therefore become aware of the subjects expressly designated by the writer as responsible and / or in charge of processing, authorized according to their respective profiles.

NATURE OF EMPOWERMENT AND REFUSAL
With regard to the data that we are obliged to foreknow in order to fulfill the obligations arising from existing contracts, and the obligations provided by laws, regulations, Community legislation, or provisions issued by the Authorities legitimated by the law and by bodies supervision and control, failure to provide such data will make it impossible to establish or continue the relationship, within the limits in which such data are necessary for the execution of the same. The provision of data to allow the Titleholder to send commercial communications is optional; the interested party can oppose the treatment at any time by exercising the rights provided for by the Applicable Regulations in the forms and methods indicated herein.
The titleholder also makes known that any non-communication, or incorrect communication, of one of the mandatory information, has the following consequences:
– the impossibility of the holder to guarantee the adequacy of the treatment itself to the contractual agreements for which it is performed;
-the possible non-correspondence of the results of the treatment to the obligations imposed by the fiscal, administrative and civil law to which it is addressed.

YOUR RIGHTS
At any time, you can exercise the rights listed below.
a) Access to personal data: obtain confirmation of whether data concerning you are being processed and, in this case, access to the following information: the purposes, the categories of data, the recipients, the period of preservation, the right to lodge a complaint with a supervisory authority, the right to request rectification or cancellation or limitation of processing or opposition to the processing itself and the existence of an automated decision-making process;
b) Request for rectification or cancellation of the same or limitation of the processing that concerns you; “limitation” means the marking of data stored with the aim of limiting its processing in the future;
c) Opposition to processing: to oppose for reasons connected with your particular situation to the processing of data for the performance of a task of public interest or for the pursuit of a legitimate interest of the Data Controllers;
d) Data portability: in the case of automated processing carried out on the basis of consent or in execution of a contract, to receive the data concerning you in a structured format, commonly used and readable by automatic device; in particular, the data will be provided by the Data Controller;
e) Withdrawal of consent to the processing for the purposes indicated in point 2; the exercise of this right does not prejudice in any way the lawfulness of the processing carried out before the revocation;
f) Propose a claim pursuant to art. 77 RGPD to the competent supervisory authority on the basis of habitual residence, place of employment or place of infringement of your rights; for Italy, the Underwriter warrants competent protection of personal data which can be contacted via the contact details on the website https://www.garanteprivacy.it.
Requests relating to the exercise of your rights will be processed without undue delay and, in any case, within one month from request date; only in cases of particular complexity and in numerous numbers of requests can this term be extended by a further 2 (two) months.
Cairate, 25-5-2018