INFORMATION REGARDING THE EU GENERAL DATA PROTECTION REGULATION (GDPR) – ARTICLE 13 OF REGULATION 679/2016/UE
Pursuant to art. 13 of the European Regulation (EU) 2016/679 (hereinafter GDPR Regulation), we inform you that the personal data collected will be processed in accordance with the principles of correctness, lawfulness, transparency, proportionality and necessity to protect your privacy and your rights.
Processing of personal data
The processing of personal data shall mean the collection, recording, organization, storage, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, dissemination, erasure and destruction of personal data or the combination of two or more such operations.
Data controller and other subjects
The Data Controller is the company
EMA s.r.l.. (Tax code and VAT number IT09146610010, REA no. – TO 1028112)
registered office in Rivoli (TO), Corso Susa no. 242
operating headquarters in Collegno (TO), Corso F.lli Cervi n. 27
The Owner can be contacted by e-mail P.E.C. email@example.com
The data processing is carried out by the Data Controller, by the persons in charge expressly authorized by the Data Controller and by external subjects acting as Data Processors, subject to instructions from the Data Controller.
Purpose of data processing
The treatment is aimed at
- respond to requests for recontact, requests for information about the products and services marketed, the preparation and issuance of a quote, the execution of the purchase order and any other service provided by the contract or by the law arising from the business relationship;
- to comply with tax, social security and any other obligations arising from the receipt of purchase orders and other commercial relationships;
- to fulfil the obligations arising from the corporate relationship with the directors and corporate offices, as well as to carry out the activities, including prodromal and due diligence activities, aimed at carrying out extraordinary operations of merger, demerger, transfer or transfer of a branch of the company or of shares in the company, and any other activity in any way connected with the corporate management;
- respond to the job offer and assess the inclusion of the applicant for employment with the Holder or with other companies with which the Holder has relations of joint venture, consultancy and industrial or commercial collaboration;
- fulfil the obligations arising from the employment relationship with employees, salespeople, instigators or collaborators in any capacity;
- ascertain, exercise or defend a right in or out of court.
- Personal data may be processed by means of paper and/or computer files (including portable devices), also by means of web or cloud applications provided by third parties, in ways that are strictly necessary to meet the purposes indicated above and by means that guarantee security and confidentiality.
Legal basis of the treatment
The legal basis for the processing of your personal data is established:
- the pre-contractual or contractual relationship, where the processing is aimed at the performance of services arising from a contract to which you are a party, or the execution of acts and pre-contractual obligations adopted on request;
- by law, where the treatment is aimed at fulfilling a legal obligation incumbent on the company;
- the pre-contractual relationship, where the treatment is aimed at responding to the job offer and assessing the inclusion of the applicant employment with the Holder;
- by consent, where the processing is aimed at assessing the inclusion of the applicant for employment in other companies with which the Holder has relations of joint venture, consultancy and industrial or commercial collaboration;
- the legitimate interest of the Data Controller, where the processing is aimed at carrying out activities, including prodromal and due diligence activities, aimed at carrying out extraordinary operations of merger, demerger, transfer or transfer of a branch of business or of shares in the company, and any other activity in any way connected with the management of the company;
- the legitimate interest of the Data Controller, where the processing is aimed at ascertaining, exercising or defending a right in court or out of court.
Profiling, data dissemination and data transfer abroad
Your personal data is not subject to dissemination or to any fully automated decision-making process, including profiling.
The company, even in the event of the transfer of its data abroad, undertakes to take all appropriate measures to ensure a level of protection no lower than that provided by Italian and European legislation under the GDPR Regulation. Even if your data is transferred abroad, therefore, you can always exercise the rights listed in the following paragraph “Rights of the person concerned“.
Within the scope of the above purposes, the data may be transferred to countries belonging to the European Economic Area (EEA), to third countries on the list published on the website of the European Commission that present, in the opinion of the latter, an adequate level of protection pursuant to Chapter V of the GDPR Regulation, and to organizations in the United States that appear on the list of members of the so-called Privacy Shield held and published by the U.S. Department of Commerce in accordance with the decision of the European Commission (EU) of 12.07.2016 no. 2016/1250 (https://www.privacyshield.gov/list).
Within the scope of the above purposes, the data may be transferred to third countries outside the categories referred to in the preceding paragraph, only if the transfer is backed by adequate safeguards that ensure a level of protection no lower than that recognized by the GDPR Regulation (for example, adoption of binding corporate standards, adoption of standard clauses of data protection, adherence to the Code of Conduct, positive experiment of a certification mechanism).
It is possible at any time to request an updated list of third countries and organizations to which personal data are transferred and stored by sending an e-mail to the addresses of the company indicated above.
Rights of the interested party
You may at any time exercise the rights set out in the GDPR Regulation, Chapter III, and in particular
- Right of access: right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to receive various information, including the purpose of the processing, the categories of personal data processed and the storage period, the recipients to whom they may be communicated (Art. 15);
- Right of rectification: to obtain, without undue delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data (art. 16);
- Right to cancellation: to obtain, without unjustified delay, the cancellation of personal data concerning you, in the cases provided for by the Regulation (art. 17);
- Right of limitation: to obtain the limitation of the treatment, in the cases provided for by the Regulation (art. 18);
- Right to portability: to receive in a structured format, of common use and readable by an automatic device, personal data concerning you and to obtain that the same be transmitted to another Holder without impediment, in the cases provided for by the Regulation and in particular when the treatment is carried out by automated means (art. 20);
- Right to object: to the processing of personal data concerning you, unless there are legitimate reasons for the Owner to continue the processing (art. 21);
- Right of revocation: revoke consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes. Processing based on consent and carried out prior to the revocation of the same, however, retains its lawfulness;
- Right to lodge a complaint with the supervisory authority: lodge a complaint with the Autorità Garante per la protezione dei dati personali, Piazza Montecitorio n. 121, CAP 00186, Rome (RM) garanteprivacy.it.
The rights may be exercised at any time after giving your consent, alternatively in the following ways:
- by e-mail P.E.C. firstname.lastname@example.org
- by means of communication to the Data Controller at the operational headquarters in Collegno (TO), Corso F.lli Cervi n. 27, after identifying the interested party personally or by attaching a copy of identification document;
- through the contact form within the Internet sites specifying the request for cancellation and attaching a copy of identification document.
Updates of the information
For consultation of the Guide of the Guarantor for the Protection of Personal Data on the application of the GDPR Regulation and the full text of the GDPR Regulation, please refer to the following institutional link: