This Section contains a summary of information and a detailed policy that summarises how the companies in the SMW–Autoblok Group process personal data from clients, Suppliers and any individuals (including representatives, employees or contractors of Suppliers or Clients, that is, visitors to the site) come into contact with the companies in the Group, in particular through contractual relationships.
•”personal data” as any information about an individual who is identified or can be identified;
•”processing” as any operations to collect, record, organise, structure, store, adapt or modify, extract, consult, use, transmit, disseminate or otherwise make available, compare or connect, limit, delete or destroy personal data;
On this page, therefore, it is possible to consult documentation related to:
• General policy on the processing of personal data, in compliance with Article 13 and 14 of EU Regulation 2016/679 (“GDPR”);
• Policy for the collection and management of Curriculum Vitae;
• Policy on video surveillance;
• Claims request form.
In relation to the processing of data carried out when browsing this site, and the possible compilation of the formats therein, please also check the specific “Processing when browsing the website and Cookies Policy” section.
Rights of the interested party
The new European General Data Protection Regulation (2016/679/EU), also known as the GDPR, gives interested parties a number of rights concerning the processing of their personal data.
In particular, each interested party has the right to obtain confirmation of the existence of data used by the Company or Group at any time and to discover its content and origin, verify its accuracy and request an addition or amendment to it. Furthermore, the right to request its deletion, its anonymisation or to block data that has been processed illegally is recognised, along with the right to obtain processed data and oppose its process at any time for legitimate reasons.
In order to help you exercise your rights, we provide details and a description of these in this section, as well as the form for exercising them.
In order to help us manage your request, we ask you to use and fill in every part of the “Form for exercising the rights of interested parties” that you will find in this section in a legible manner. You should also attach a copy of a valid identification document. In the absence of this information, which is essential for being able to process your request, as well as said documentation, it will be deemed impossible to proceed with your application.
We ask you to send your request to the following email address: firstname.lastname@example.org. Alternatively, you may send written notification by registered mail to Autoblok S.p.A’s headquarters at Via Duca D’Aosta 24 10040 Caprie (TO), or use the PEC address email@example.com.
You are reminded that it is free to exercise the rights outlined below, but, in accordance with Article 12, paragraph 5, of the so-called GDPR, the Data Processor for the processing may justifiably refuse to satisfy the request or charge you a reasonable fee in the event of demonstrably unfounded or excessive or repetitive requests, taking into account the administrative costs sustained to supply the information or communicate or undertake the requested action.
Your request shall normally be processed within 30 days of its receipt. Said deadline may be extended by two months, depending on the complexity of the request or the number of requests, subject to the details.
LIST OF RIGHTS:
RIGHT OF ACCESS
Right of access to stored data, which implies the possibility of obtaining confirmation of whether your personal data is being processed.
RIGHT TO RECTIFICATION
Right to rectify data where it is believed that the data is incomplete or inaccurate.
RIGHT TO DELETION
Right to deletion, which can be exercised when your personal data is no longer necessary for the purposes for which it was collected or processed or when he interested party revokes the necessary expressed consent, or if the data has been collected or processed illegally of if the deleted is required due to a legal obligation or an order from the Authority.
RIGHT TO RESTRICTION
Right to restrict the processing, which can be exercised when the interested party disputes the accuracy of the personal data, when the processing is illegal and the interested party is in opposition to the deletion of the personal data and instead requests that its use be limited, when the personal data is necessary for certifying the interested party, even though the Data Processor for the processing no longer needs it for processing purposes, when the interested party is opposed to the expected processing regarding any legitimate reasons that the Data Processor for the processing may have regarding the interested party.
RIGHT TO PORTABILITY
Right to portability, which is embodied by the interested party’s right to receive personal data related to them in a structured, commonly used format that can be read by automatic devices, as well as to transmit it to another Data Processor, provided that the data has been provided by the interested party and the processing is carried out automatically, based on consent or a contract.
You shall also have the right to file a complaint about the processing of your data by contacting the Guarantor for the Protection of Personal Data, Piazza Venezia, 11 – 00187 Rome, firstname.lastname@example.org. You can find more information at www.garanteprivacy.it.
GENERAL POLICY FOR THE PROCESSING OF PERSONAL DATA
AUTOBLOCK SPA, in its role as “Data Processor” for the processing, informs you that, in accordance with
Article 13 of EU Regulation no. 2016/679 (“GDPR”), that your information shall be processed in the following manner and for the following purposes:
1. Subject of the processing
The Data Processor processes personal identifying data, such as: name, surname, company name, tax identification number, VAT registration number, email, phone number, address, date and place of birth, banking and payment details and similar (hereafter “personal data” or simply “data”), which you communicate when established or executing contracts, that is, as part of contractual or pre-contractual relationships.
Different and special (sensitive) data shall not be collected and processed by the company regarding your position.
In relation to the processing of data carried out when browsing the company site, and the possible compilation of the formats therein, please check the specific Privacy section, known as “Processing when browsing the website and Cookies Policy” section.
The Data Processor’s Products and Services are not intended for people under 18 years of age and the Data Processor does not intentionally collect personal data regarding minors. Where the subject providing the data is a minor, said processing is legal only if consent is provided or authorised by their parent or guardian for the purposes for which the identifying data has been acquired. Otherwise, when data about minors has been unknowingly recorded or collected, the Data Processor shall delete it in a timely manner.
3. Purposes and legal bases for the processing
Your personal information shall be processed:
A) without your express consent (article 24, sections (a), (b) and (c) of the Privacy Code and article 6, sections (b) and (e) of the GDPR) for the following purposes:
– establishing contracts for services and products offered by the Data Processor or requested by them;
– fulfilling pre-contractual, contractual and financial obligations deriving from relations in effect with you;
– fulfilling obligations established by law, by regulations, by community legislation or by an order from the Authority (such as those for combating money laundering);
– exercising the rights of the Data Processor, such as the right to a legal defence;
In accordance with Article 6 of the GDPR, the legal bases for the processing, therefore, are the need to fulful contractual or pre-contractual measures in the first two cases, the need to fulfil legal obligations in the third and the legitimate interest of the Data Processor in the final case.
B) only with your specific and express consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following Marketing Purposes:
1) sending information and commercial communications and/or advertising material about products or services offered by the Data Processor;
2) forwarding information about similar or future events and organising similar events following your participation in events organised or sponsored by the SMW–Autoblok Group;
3) managing data and images about the event through social media, or information of commercial value that can be legally disseminated about the contract collaboration that has taken place, once again following your participation in events organised or sponsored by the SMW–Autoblok Group or in relation to ongoing contractual relations.
The legal basis for said processing relies on your express consent.
Furthermore, we inform you that, if you are already a client, we may send you commercial communications related to services and products from the Data Processor that are similar to those already in your possession, except where you have not approved of this (Article 21, section 2 of the GDPR).
In this case, the legal basis relies on a recognisable legitimate interest.
You are informed that, in light of the purpose of the processing illustrated above in paragraph A, the provision of data is obligatory and failure to provide it – or partial or inaccurate provision – may result in it being impossible to perform contractually established activities and/or fulfil all or some of the established contractual obligations.
4. Processing methods
Data processing, which is carried out through the operations outlined in Article 4, section 2 of the GDPR, shall be carried out using manual and IT and/or telematic tools, with organisational and processing logistics that are closely related to said purposes and, in all cases, in order to ensure the security, integrity and confidentiality of said data, in compliance with the organisational, physical and logistical measures established in current legislation.
In concrete terms, we use a wide range of measures, including encryption and authentication tools, in order to improve the security, integrity and accessibility of your personal data. Among other things, we consider:
– the rigorous restriction of access to your personal data, based on necessity and only for the communicated purposes;
– the transfer of collected data only in encrypted form;
– the storage of information containing personal data, which is given a special electronic “marking”, so that appropriate and careful processing is ensured by the people in charge;
– the storage of highly confidential information only in encrypted form;
– IT firewall systems to prevent unauthorised access, for example, by hackers;
– permanent monitoring of access to IT systems, in order to identify and prevent the abuse of personal data.
The Data Processor shall process the personal information for the time necessary to fulfil the aforementioned purposes and, in any case, for no more than 10 years from the termination of the relationship for the purposes referred to in paragraph A) – except for defensive needs that are also related to the prescribed deadlines – and no more than 2 years from the collection of the information for Marketing Purposes.
5. Subjects authorised to access information
Your data may be made accessible for the purposes outlined in points 3.A and 3.B of this policy:
– to employees and collaborators of the Data Processor or the companies in the SMW–Autoblok Group that the Data Processor is part of, in their capacity as appointees and/or internal processors and/or system administrators;
– to companies in the SMW–Autoblok Group (for example, for supporting activities when studying the feasibility of a client’s project, for technical management activities for a project, for storing personal data, etc.) or to third parties (for example, providers who manage and maintain the website, suppliers, credit institutions, professional studies, etc.) who perform outsourcing activities on the Data Processor’s behalf, as well as in their capacity as external managers for the Processing (subject, in this case, to the drafting of a detailed written appointment) or co-Data Processors (always subject to appropriate formalisation);
– to companies, enterprises and agents that are integrated into the Group’s sales network, in order to provide, in future, similar products to those that are already subject to the contractual relations in place;
– to Supervisory bodies, Administrative and tax authorities and Legal authorities, as well as all other subjects to whom communication is obligatory by law for the completion of the lawful purposes indicated.
In accordance with Article 7 below, further information about this subject can be obtained from the company, who can provide an up-to-date list of the nominated external Data processors.
6. Data transfer
The management and storage of personal data shall occur via servers located within the European Union and belonging to the Data Processor and/or the third-party companies that have been dutifully nominated and appointed as Data Processors.
Currently, the servers are situated in………. TO BE COMPLETED. Data shall not be transferred outside of the European Union. In any case, it is understood that the Data Processor shall be able to move the servers within Italy and/or the European Union, should it be deemed necessary. In such cases, the Data Processor shall hereby ensure that the transfer of data from outside the EU complies with the legal provisions in effect (Articles 44, 45 and 46 of the GDPR), stipulating, where necessary, agreements that ensure an appropriate level of protection and/or adopting standard contractual clauses provided by the European Commission.
7. Rights of the interested party
In your capacity as an interested party, you may, at any time, exercise the rights outlined in Article 15 of the GDPR, more specifically, the rights to:
1. get confirmation regarding the existence (or non-existence) of personal information pertaining to you, even if it has not yet been recorded, and its communication in an intelligible format;
2. obtain an indication of:
a) the origin of the personal data;
b) the purposes and methods for the processing;
c) the logistics applied when processing with the help of electronic tools;
d) the identifying details of the Data Processor, any co-Data Processors or processors and the designated representative, in accordance with Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR, and the categories of people to whom this personal data can be communicated or who may become aware of it in their capacity as designated representatives of the State, managers or appointees;
a) the updating, rectification or integration of the data, where you are an interested party;
b) the deletion, anonymisation or blocking of data that was unlawfully processed, including data which does not need to be kept for the purposes for which the data was collected or subsequently processed;
c) certification that the operations referred to in paragraphs a) and b) have been brought to the attention of those to whom data has been communicated or disseminated, except in cases where doing so is impossible or requires a demonstrable disproportionate use of resources with respect to the protected right;
4. Oppose, in whole or in part:
a) the processing of personal data relating to you, even if it is pertinent to the purpose for its collection, for legitimate reasons;
b) the processing of personal data relating to you for the purposes of sending newsletters, information and commercial communications and/or advertising materials;
5. Revoke your consent to data processing at any time (Article 7, paragraph 3 of the GDPR), where this is essential for the processing carried out: revoking consent does not prejudice the lawfulness of the processing based on the consent given before the revocation;
6. Exercise, where applicable, the right to data portability;
7. Exercise the right to complain to the Supervisory Authority (Privacy Guarantor).
8. Methods for exercising rights
You may exercise your rights by sending a request according to the methods that are outlined in detail
Having read and understood the information above, I confirm that I consent to the processing of my Data as outlined in Article 3, paragraph A
In relation to the direct marketing activities (relating to products and services that are similar to those I have already purchased) described in Article 3
I confirm my consent
I do not consent
In relation to the receipt of commercial information, as outlined in Article 3, paragraph B, no. 1
I do not consent
In relation to the activity described in Article 3, paragraph B, no. 2
I do not consent
In relation to the activity described in Article 3, paragraph B, no. 3
I consent and also authorise the use of images, photos and footage taken during the event that directly involve me
I consent; however, I prohibit the use of of images, photos and footage taken during the event that directly involve me for the aforementioned purposes
I do not consent
EXCERCISE OF RIGHTS RELATING TO THE PROTECTION OF PERSONAL DATA
(Articles 15–22 of (EU) Regulation 2016/679)
born in……………………………….on……………………………, exercises, with this request, the following rights with respect to Articles 15–22 of (EU) Regulation 2016/679:
1. Access to personal data
(Article 15 of (EU) Regulation 2016/679)
The undersigned (only tick the relevant boxes):
asks for confirmation that personal data pertaining to him/her is being processed;
if yes, he/she asks to obtain access to said data, a copy of said data and all of the information covered by paragraphs a) through h) of Article 15, section 1 of (EU) Regulation 2016/679) and, in particular;
. the purposes of the processing;
. the categories of personal data being processed;
. the recipients, or categories of recipients, to whom the personal data has been, or will be, communicated, in particular if they are third countries or international organisations;
. the retention period for the personal data provided or, if this is not possible, the criteria used to determine this period;
. the origin of the data (or the subject or the specific source from which they were acquired);
. the existence of an automated decision-making process, including profiling, and significant information about the logic used, as well as the expected importance and consequences of such processing for the data subject.
2. Request for data intervention
(Articles 16–18 (EU) Regulation 2016/679)
The undersigned is requesting to perform the following operations (only tick the relevant boxes):
rectification and/or updating of the data (Article 16 of (EU) Regulation 2016/679);
deletion of data (Article 17, section 1 of (EU) Regulation 2016/679) for the following reasons (please specify):
in the cases covered by Article 17, section 2 of (EU) Regulation 2016/679, certification that the Data Processor has informed other Data Processors of the interested party’s request to delete links to or copies or reproductions of their personal data;
limit processing (article 18) for the following reasons (only tick the relevant boxes):
dispute the accuracy of the personal data;
the data processing is illegal;
the interested party needs the data to certify, exercise or defend a right in court;
the interested party is opposed to the processing of their data, in accordance with Article 21, section 1 of (EU) Regulation 2016/679.
This request concerns (indicate the personal data, category of data or processing you are referring to):
3. Data portability
(Article 20 of (EU) Regulation 2016/679 )
With reference to all of the personal data provided to the Data Processor (only tick the relevant boxes):
receive said data in a structured commonly used format that can be read by automatic devices;
transmit it directly to the following different Data Processor (specify the identity and contact information of the Data Processor ………………..):
all personal data provided to the Data Processor;
a subset of said data.
This request concerns (indicate the personal data, category of data or processing you are referring to):
4. Opposition to the processing
(Article 21, section 1 of (EU) Regulation 2016/679)
The undersigned opposes the processing of their personal data, in accordance with Article 6, section 1, paragraph e) or f), for the following reasons related to their particular situation (please specify):
5. Opposition to the processing for the purposes of direct marketing
(Article 21, section 2 of (EU) Regulation 2016/679)
The undersigned opposes the processing of data for the purposes of sending advertising materials or indirect sales or carrying out market research or commercial communications.
Asks to be informed of any reasons that prevent the Data Processor from providing the information or carrying out the requested operations within one month of receiving this request, in accordance with Article 12, section 4 of (EU) Regulation 2016/679.
Asks, in particular, to be informed of any issues that prevent the Data Processor from identifying him/her as the interested party, in accordance with Article 11, section 2 of (EU) Regulation 2016/679.
Municipality Province Post code
The undersigned specifies (provide any useful explanations or indicate any attachments):
(Place and date)
This Section is primarily intended to clarify the managing method for www.smwautoblok.com, with reference to the processing of the personal data of the visitors that consult it.
The policy is inspired by Recommendation no. 2/2001, which the European authorities for data protection, who are joined in the Group established by Article 29 of Directive no. 95/46/CE, adopted on 17 May 2001 and the provisions of the Privacy Guarantor on 8 May 2014 regarding cookies.
The Data Processor has no control over third parties in this regard and, as a result, it declines all liability regarding the processing of user’s personal data via such sites.
Sources of Personal Data
The personal data processed derives from browsing the site and can be summarised as follows:
In the course of their regular operations, the IT systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of internet-communication protocols. This information is not collected to be associated with identified interested parties, but, because of its very nature, it could make it possible to identify users through processing and associations with data stored by third parties. This data category includes IP addresses or the domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the service, the size of the file obtained in response, the numerical code that indicates the status of the response from the server (success, error, etc.) and other settings related to the operating system and the user’s IT environment. This data is only used to obtain anonymous statistical information about the use of the site and to check that it is functioning correctly.
The data may be used to ascertain liability in the case of IT crimes or damage to the website: barring this possibility, the data regarding web contacts is not stored for more than seven days at present.
DATA PROVIDED BY THE USER ON A VOLUNTARY BASIS
The optional, explicit and voluntary sending of personal data to the exponent – by filling in the appropriate request forms on the website or sending emails to addresses indicated on the website – involves acquiring some of the user’s personal data (including email address) which is needed to respond to their request, as well as any other personal data included in the email.
Purpose of the processing
The aforementioned data is processed with the purpose of pursuing the legitimate interests of the SMW–Autoblok Group or those of third parties, while also considering the interests, rights and fundamental freedoms of the interested parties. These include:
• calculating statistics;
• checking that the site is working correctly;
• improving visitors’ browsing experience;
• assessing legal claims and defences during legal disputes;
• ascertaining liability in the case of hypothetical IT crimes against the site;
• responding to contact offers from interested parties, managing their requests and, as anticipated, pursuing the legitimate interests of the SMW‑AUTOBLOK Group in relation to said requests;
In relation to the aforementioned purposes, the processing of personal data occurs via IT and telematic tools, with logistics that are closely linked to said purposes and in order to ensure the security and confidentiality of the data itself.
Categories of recipients to whom data can be transmitted
Processing connected to the web services of this site are carried out by service employees (and similar members of staff and collaborators) and those from central offices and the sales network, as well as external organisations. These perform technical tasks on behalf of the SMW‑AUTOBLOK Group and are specifically nominator by the Data Processors as their Processors. Their list, which is updated consistently, is available from Autoblok S.p.A.’s headquarters at via Duca D’Aosta 24 10040 CAPRIE (TO).
Transferring data abroad
The SMW‑AUTOBLOK Group never transfers the data provided outside of the European Union for the purposes outlined in this section.
Navigation data: 7 days maximum
Data provided by the user on a voluntary basis: 10 years from its receipt or 2 years for CVs
The data acquired is not subject to profiling for the aforementioned purposes.