PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA

Pursuant to articles 13 and 14 of the Regulation (EU) 2016/679 on the Protection of Personal Data we send the updated information regarding the processing of personal data.

OWNER OF THE TREATMENT

Pursuant to art. 4, paragraph 7 of EU Regulation 679/2016, Owner of the processing of personal data is Cartiere di Guarcino S.p.A. (hereafter “The Company”).

LEGAL BASIS OF TREATMENT

The processing of promotional and/or commercial communications via e-mail/telephone concerning the future services and initiatives of the Company, as established by the Authority for the protection of personal data, is permitted, even in the absence of consent from part of the interested party, provided that they are communications concerning services similar to those involved in the sale or provision of services object of the contractual relationship established between the parties.

In all other cases, processing is subject to the collection of the specific consent of the person concerned.

It’s reminded that the data subject has the right at any time to object to the processing of his data for these specific purposes.

PURPOSE OF THE TREATMENT

We inform you that the personal data that will be collected during the contractual relationship with the Company will be processed for the sending of promotional and/or commercial communications.

PARTICULAR DATA AND DATA RELATING TO CRIMINAL CONVICTIONS AND OFFENSES

Particular data and data relating to criminal convictions and offenses are not the object of the processing.

METHOD OF TREATMENT

The processing of data may consist, in addition to their collection, in their registration, storage, consultation, processing, modification, comparison, use, communication, etc. and will be carried out both with the use of paper support, and with the help of electronic IT tools, through the adoption of appropriate security measures to ensure the protection of personal data and ensuring the protection of personal data and rights and fundamental freedoms of the interested parties.

DATA RECIPIENS

Without prejudice to communications carried out in compliance with legal obligations, all data collected and processed may be communicated exclusively for the purposes specified above to internal parties authorized to process according to the assigned task, to other companies of the companies or third parties; these subjects will act as Data Processors in relation to an agreement entered into with the Data Controller; a list of such subjects is available at the Data Controller’s Head Office.

DATA TRANSFER TO EXTRA EU COUNTRIES

There are no data transfers outside the EU.

DATA RETENTION

All the mentioned data and the deeds constituting the contractual relationship will be kept for the performance of any eventual obligations connected with or arising from legal or contractual obligations, as required by the relevant regulations.

COOKIES POLICY

The cdgspa.com web site doesn’t use cookies, except for the technical ones that are essential for the website to work. It doesn’t store visitors’ information in any way.

RIGHTS OF THE INTERESTED

Pursuant to the European Regulation, the interested parties have the right to ask the Data Controller to access personal data (Article 15), rectification (Article 16), cancellation or oblivion (Article 17) , the limitation of the processing of personal data concerning him (Article 18), or to object to their processing (Article 21), in addition to the right not to be subjected to a decision based only on automated processing, including profiling, which produces legal effects that affect him or that significantly affects his person (Article 22). If the processing of personal data is based on the express consent of the interested party, pursuant to art. 7 paragraph 3 of the Regulation, the subject has the possibility to withdraw his consent at any time.

Requests may be made against the Data Controller.

The interested party also has the right to lodge a complaint with the supervisory authority (Article 77 of the Regulations) if he/she considers that the processing performed by the Data Controller is not in compliance.

Privacy Policy updated to 24/05/2018