Process Factory S.r.l. has always considered The Protection of Personal Data of paramount importance for their customers and suppliers, ensuring the processing of the same– carried out in any way both using automatic or manual means – is done in full compliance with the protection and rights recognised by Regulation EU 2016/679 (hereafter also “GDPR”), relating to the protection of individuals with regard to the processing of personal data as well as the free movement of such data and other rules concerning the protection of personal data.
The term “personal data” refers to the definition contained in article 4, point 1), of the GDPRthat is “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereafter also “Personal Data”).
Your Personal Data is composed of:
- name and surname
- postal address
- respective organisation (for example: employer)
- e-mail address
The GDPRstates that, before proceeding with the processing of Personal Data(understood as per the definition pursuant to article 4, point 2), “any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction(hereafter also “Processing”) it is necessary that the person to whom the Personal Databelongs (hereafter also “Data Subject”), is informed about the reasons the latter is requested and how it will be used.
This document therefore aims to provide all useful and necessary information in a simple and intuitive way so that you can provide your Personal Datain a conscious and informed way and where necessary, obtain clarification and/or corrections of the latter.
1. Who will process your Personal Data?
The company that will process your Personal Data for the reasons indicated in points 2 and 3 below, and therefore will act as data controller is Process Factory S.r.l., with premises in via Masaccio 153, 50132 Florence – tel.: +39.055.461947 – fax: +39.055.4620556 – e-mail: email@example.com(hereafter also the “Data Controller”).
2. For what purposes will your Personal Data be processed?
The Data Controllerneeds to collect some of your Personal Datafor the following purposes:
a) to answer requests for information sent directly from the Data Subjectconcerning the services provided by the Data Controller;
b) to fulfil legal obligations in particular accounting and fiscal ones where a contractual relationship originates between the Data Subject(or their respective organisation) and the Data Controller;
c) to perform consulting and telephone support activities requested by the Data Subject.
Providing your data for the purposes indicated above is necessary to respond to your requests and needs. Failure to provide the data will mean it will be impossible for your to avail of the services mentioned.
3. Other purposes
The Data Controller, with your prior, free and unequivocal consent in accordance with article 6, paragraph 1, point a) of the GDPR, will be able to use your Personal Datafor the following other purposes:
d) to send informative newsletters about new regulations, events and facts relating to the industry as well as activities and services provided by the Data Controller;
e) to verify your interest relating to initiatives promoted by the Data Controller.
ProcessingyourPersonal Datafor the purposes indicated in points d) and e) is optional and cannot be done without your consent that must respect the conditions in article 7 of the GDPR, thus determining the legality of the Processingof your Personal Data.
The contact modes aimed at the activities listed in the above points d) and e) can be either automated (e-mail), or traditional (phone calls from operators, postal items). In any case and as explained fully below in point 7, you will be able to revoke your consent, even partially for example by agreeing only to traditional contact methods.
4. Who can your Personal Data be shared with?
Your Personal Datacan be shared with specific parties considered recipients of such Personal Data. On this point we point out that article 4, point 9) of the GDPRdefines recipients of Personal Data as “recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not” (hereafter also “Recipients”).
With this in mind, in order to carry out all the Processingactivities correctly necessary to fulfil the purposes indicated in this document the following Recipientscould find themselves processing your Personal Data:
- individuals, employees and/or collaborators of the Data Controller, who have been entrusted specific and/or more Processingactivities on your Personal Data: these individuals have been given specific instructions concerning the safe and correct use of Personal Data(hereafter also “Authorised Persons”);
- your Personal Datacan be shared with public bodies or judicial authorities where required by law or to prevent the commission of an offence.
5. How long will your Personal Data be processed?
Your Personal Datawill be processed by the Data Controllerfor a period that does not exceed the purposes for which the same was collected and subsequently processed.
In any case you can contact us at any time using one of the methods contained in this document communicating your wish to revoke your consent for one or more of the purposes for which it was requested. Withdrawing your consent will mean that the Data Controllerwill stop Processing activities on yourPersonal Datafor the said purposes.
6. Is it possible to withdraw consent and in what way?
As outlined in the GDPR, if you have given your consent to the Processingof your Personal Datafor one or more of the purposes for which it was requested, you will be able to withdraw your consent to completely and/or partially at any time without affecting the lawfulness of the Processingbased on the consent given before the withdrawal.
The methods to withdraw your consent are simple and intuitive. All you need to do is contact the Data Controllerusing the contact channels described in point 7 of this document.
7. What are your rights?
Pursuant to article 15 of the GDPR, you can access your Personal Data, ask for rectification or to be updated if incomplete or incorrect, ask the data to be cancelled if it was collected in violation of a law or regulation, as well as object to the Processingfor legitimate and specific reasons.
In particular, below are All the rights you can exercise at any time towards the Data Controller:
- Right to access. You will have the right, pursuant to article 15, paragraph 1 of the GDPR to obtain from the Data Controllerconfirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the Personal Dataand the following information: a) purposes of theProcessing; b)categories of Personal Data concerned; c)the Recipientsor categories of Recipientsto whom your Personal Datahas been or will be disclosed, in particular Recipientsin third countries or international organisations; d)where possible, the envisaged period for which the Personal Datawill be stored, or, if not possible, the criteria used to determine that period; e)the existence of the right of Data Subjectto request the Data Controllerthe rectification or erasure of Personal Dataor restriction of Processingof Personal Dataconcerning the Data Subjector to object to such Processing;f)the right to lodge a complaint with a supervisory authority; g) where the Personal Datais not collected from the Data Subject,any available information as to its source; h)the existence of automated decision-making, including profiling, referred to in article 22 paragraphs 1 and 4 of the GDPRand, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such Processingfor the Data Subject. You can find all this information in this document which will always be at your disposal in the Privacy section of the company web site: www.processfactory.it e www.4sustainability.it.
- Right to rectification. You will be able, pursuant to article 16 of the GDPR, to rectify your Personal Datathat is inaccurate. Taking into account the purposes of theProcessing, you will also have the right to have incomplete Personal Datacompleted, including by means of providing a supplementary statement.
- Right to erasure. You will be able, pursuant to article 17, paragraph 1 of the GDPR, to the erasure of your Personal Datawithout undue delay and the Data Controllershall have the obligation to erase your Personal Datawithout undue delay where one of the following grounds applies: a)the Personal Datais no longer necessary in relation to the purposes for which it was collected or otherwise processed; b)you have withdrawn the consent on which the Processingof your Personal Data is based and where there is no other legal ground for the Processing;c)you object to the Processingpursuant to Article 21, paragraph 1 of the GDPR and there are no overriding legitimate grounds for the Processing of yourPersonal Data; d)your Personal Datahas been unlawfully processed; e)it is necessary to erase your Personal Datafor compliance with a legal obligation in Union or Member State law. In any case as provided for in article 17, paragraph 3 of the GDPR, the Data Controlleris entitled not to cancel your Personal Dataif the Processingis necessary for example for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, for the establishment, exercise or defence of legal claims.
- Right to restriction of Processing. You will be able to restrict Processing, pursuant to article 18 of the GDPR, where one of the following applies: a)you have contested the accuracy of your Personal Data(for a period enabling the Data Controllerto verify the accuracy of the Personal Data); b)the Processingis unlawful and you have objected to the erasure of your Personal Dataand request the restriction of its use instead; c) provided the Data Controller no longer needs your Personal Datafor the purposes of the Processing, but this data is required for the establishment, exercise or defence of legal claims; d)you have objected to Processingpursuant to article 21, paragraph 1 of the GDPR and you are pending the verification whether the legitimate grounds of the Data Controlleroverride yours. In the event of the restriction of Processing, your Personal Data, with the exception of storage, will only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you in any case before such limitation is revoked.
- Right to data portability. You will be able, at any time to ask and receive, pursuant to article 20, paragraph 1 of the GDPR, all your Personal Dataprocessed by the Data Controllerin a structured, commonly used and machine-readable format and have the right to transmit this data to another Data Controller without hindrance. In any case it will be your responsibility to provide us with the exact information of the new Data Controller to whom you intend to transfer your Personal Datato providing us with written authorisation.
- Right to object. Pursuant to article 21, paragraph 2 of the GDPR and asconfirmed by Recital 70, you can object at any time to the Processingof your Personal Dataif it is processed for purposes related to direct marketing including profiling to the extent that it is related to such direct marketing.
- Right to lodge a complaint to the supervisory authority: without prejudice to your right to appeal to any other administrative or judicial authority if you believe that the Processingof your Personal Datacarried out by the Data Controlleroccurs in violation of the GDPR and/or applicable regulations, you can lodge a complaint to the Italian Data Protection Authority.
To exercise all your rights as described above you need to contact the Data Controller in the following ways:
- via registered mail to Process Factory S.r.l., with premises in via Masaccio 153, 50132 Florence;
- via fax on the following number +39.055.4620556;
- by sending an e-mail to the following e-mail address firstname.lastname@example.org.
8. Where will your Personal Data be processed?
Your Personal Datawill be processed by the Data Controllerinside the European Union.
Where for reasons of a technical and/or operational nature it becomes necessary to make use of subjects located outside the European Union, we will inform you immediately that these subjects will be appointed as processors in charge of Processingpursuant to article 28 of the GDPRand the transfer of your Personal Datato these subjects limited to the performance of specific Processingactivities, will be governed in accordance with the provisions of Paragraph V of the GDPR. In particular, all necessary precautions will be adopted to ensure the complete protection of your Personal Data, basing such a transfer on:
a) adequacy decisions of third party Recipients determined by the European Union;
b) adequate guarantees expressed by third party Recipients pursuant to article 46 of the GDPR.