GENERAL INFORMATION ON THE PROCESSING OF PERSONAL DATA
This page describes how personal data are processed by Compton Industriale S.p.A.
This is a policy pursuant to articles 13 and 14 of EU Regulation 2016/679 – GDPR, which describes the processing carried out by the Data Controller.
This document may be subject to updates. Specific communication and requests for consent, if any, will be made available in the case of further and different processing than as regulated below.
1. PERSONAL DATA CONTROLLER
Compton Industriale S.p.A., with registered office in Via Pasubio, 32, 36033 – Isola Vicentina (VI), P.IVA 04104630985 as the Data Controller (hereinafter “Controller”).
2. PURPOSE OF PROCESSING, TYPES OF DATA SUBJECTS AND DATA PROCESSED, LEGAL BASIS, NATURE OF PROVISION AND RETENTION PERIOD
| PURPOSE OF PROCESSING | DATA SUBJECTS AND DATA PROCESSED | LEGAL BASIS | NATURE OF PROVISION | RETENTION PERIOD |
|---|---|---|---|---|
| commercial management (pre-contractual and contractual) and service delivery, evaluation of customer satisfaction | customers who are natural persons, collaborators/employees of customers: master data, contact data | -execution of a contract that the data subject is a party of or execution of pre-contractual measures taken at the request of the data subject-fulfillment of a legal obligation that the data controller is subject to -pursuit of the legitimate interest of the data controller | mandatory: provision is necessary to provide and manage the requested service | With the exception of legal obligations, personal data will be processed for the period necessary to achieve the purposes for which they are collected and retained for a period of 10 years following the termination of the employment/contractual relationship. However, the Data Controller may continue to retain the data for a longer period in order to be able to handle any disputes related to the established relationship. |
| management of the purchases of goods and services and related practices, evaluation of supplier performance | collaborators/employees of suppliers, suppliers who are natural persons: master data, contact data |
|||
| economic and financial management and related practices | customers who are natural persons, suppliers who are natural persons: master data, bank details |
|||
| Response and management of incoming requests | potential customers, requesting information by email or other means: master data, contact data, communicated data | -execution of a contract that the data subject is a party of or execution of pre-contractual measures taken at the request of the data subject | optional: failure to provide data may make it impossible to provide the requested service to the data subject | With the exception of legal obligations, personal data will be processed for the period necessary to achieve the purposes that they are collected for. However, the Data Controller may continue to retain the data for a longer period in order to be able to handle any disputes related to the established relationship. |
| Response and management of incoming requests | people requesting information through the website: master data, contact data, communicated data | - for any special data art 9 GDPR: processing of personal data made manifestly public by the data subject | Providing the data indicated in the form as mandatory, as it is necessary to handle the request received |
|
| website management and optimization | website visitors: browsing data | -pursuit of the legitimate interest of the Controller | provision is implicit in the use of Internet communication protocols |
|
| Labor/collaboration relationship management | Employees and collaborators: master data, contact data, residence data, communicated data, bank data, special data pursuant to art. 9 GDPR | -execution of a contract that the data subject is a party of or execution of pre-contractual measures taken at the request of the data subject | mandatory: provision is necessary for the establishment of the employment relationship | With the exception of legal obligations, personal data will be processed for the period necessary to achieve the purposes for which they are collected and retained for a period of 10 years following the termination of the employment relationship. CVs of unsuccessful candidates will be kept for 1 year after delivery/receipt. The Data Controller may continue to retain the data for a longer period in order to be able to handle any disputes related to the established relationship |
| management of benefits provided for workers (family unit allowance, dependent children, ...) | family members of employees/collaborators: master data, contact data. | -pursuit of the legitimate interest of the employee/collaborator | Optional: failure to provide makes it impossible to apply statutory benefits |
|
| evaluation of the candidate for employment/collaboration | potential employees/collaborators: master data, contact data, residence data, communicated data | -execution of a contract that the data subject is a party of or execution of pre-contractual measures taken at the request of the data subject - for any special data art 9 GDPR: processing of personal data made manifestly public by the data subject | optional: failure to provide data may make it impossible to evaluate and manage the application received |
We inform you that in any case, in accordance with the provisions of article 130 paragraph 4 of Legislative Decree 196/2003, the e-mail addresses provided by customers in the context of the sale of a service may be used by the Controller for the purpose of selling services similar to those covered by the business relationship that has already taken place. The customer may at any time request not to have such material sent, using the indicated e-mail address of Compton Industriale S.p.A.
3. PROCESSING METHOD
The processing of data for each of the above purposes will take place with the support of paper, computer or telematic means, however suitable to ensure the security and confidentiality of the relative processing.
The data collected (limited to personal data) may be communicated to countries outside the EU, for the purposes stated above: in this case, Compton Industriale S.p.A. undertakes to guarantee adequate levels of protection and safeguards in accordance with applicable regulations.
The Data Controller is committed to observing specific security measures to prevent data loss, illicit or incorrect use and unauthorized access, in full compliance with legal and regulatory requirements.
4. SUBJECTS INVOLVED IN PROCESSING
The data collected may be processed, exclusively for the purposes indicated, by Compton Industriale S.p.A. personnel or third parties such as:
- Customers and/or suppliers of the Controller where the communication is necessary for the performance of the service provided and/or requested (e.g. couriers, transporters)
- Companies that provide computer system maintenance, website maintenance and management services;
- professional firms, companies that provide assistance and advice to the Controller (accountant, labor consultant, internal control bodies, banks, …)
- public bodies that may be authorized, within the limits of legislative, regulatory and contractual provisions
An updated list of all data processors can be obtained from the Data Controller.
5. RIGHTS OF DATA SUBJECTS
Subjects that the personal data refer to may assert their rights as expressed in articles 15 to 21 of EU Regulation 2016/679, in the manner set forth in article 12 of EU Regulation 2016/679, and, to that effect:
- obtain access to and rectification or erasure of personal data or restriction of processing concerning them or to object to their processing, as well as the right to data portability;
- withdraw consent, if the processing is based on article 6, paragraph 1, letter a), at any time without affecting the lawfulness of the processing based on the consent given prior to withdrawal;
- propose a complaint to a supervisory authority.
Any inquiries on this matter can be addressed to the Controller at the following e-mail address: privacy@compton-industriale.it