The company Tesmec S.p.A., with registered office in 20123 Milan, Piazza S. Ambrogio no.16, tax code and VAT number: 10227100152, in the person of the legal representative pro tempore, as data controller (hereafter "Data Controller"), invites you to read this notice pursuant to art. 13 of the EU Reg. no. 679/2016 (hereinafter "GDPR") concerning the processing of your personal data subject to the disclaimer for the use of images and videos that you subscribed, in compliance with the regulations in force and as better specified below.
1. Data being processed
The Data Controller will process the personal identification data (personal data and pictures /videos hereafter "Data") that you voluntarily provided and subject of the disclaimer. Processing of Data belonging to minors is not envisaged.
2. Purpose, legal basis of the processing and consequences of failure to communicate the data
Your data will be legally and properly processed for the purposes described below. Solely upon your specific and explicit consent (pursuant to art. 7 of the GDPR) to allow the optional, explicit and voluntary use of personal data, among these images and videos, will be used by the Data Controller for Corporate purpose. Such purpose includes, by way of example and non-exhaustive, the storytelling of events or other institutional initiatives (such as trainings, seminars), corporate information, promotional, didactic and educational purposes, including, for example, competitions, printed publications, institutional websites, social networks, etc. The provision of data for these purposes is optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided (without prejudice to the treatments carried out before such denial): in this case the Data Controller will not be able to process your data.
3. Modalities of processing
Processing of your data is carried out through the operations mentioned in art. 4 no. 2) of the GDPR and more precisely: collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, disclosure or any other form of supply, comparison or interconnection, limitation, cancellation or destruction of Data.
Your Data are subject to both paper and electronic processing.
Acquired Data are processed, in full compliance with the laws and principles of lawfulness, fairness, transparency, limitation and protection of your privacy and your rights.
4. Data retention period
The Data Controller retains Data in compliance with local laws and internal company policies and procedures for the time necessary to fulfil the aforementioned purposes and to meet its legitimate business interests, legal obligations or to establish, exercise or defend legal rights. Once the data retention is no longer required for said purposes, Data will be deleted in a secure manner. For further information on the retention periods for documents, please refer to the abstract of Data Retention Policy.
5. Communication, disclosure and access to Data
Your Data may be made accessible for the purposes described above:
• employees and collaborators of the Data Controller in Italy and abroad, as internal data processors and/or sub-processors/people responsible for processing and/or system administrators;
• to other Tesmec Group companies (parent companies, subsidiaries and/or affiliates) in Italy and abroad and to their employees and collaborators;
• to other third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors, including suppliers or individuals appointed to perform ancillary or instrumental services for the purposes specified above, with whom the Data Controller concludes special agreements.
The Data Controller also reserves the right to share personal data with some third parties, including: IT providers for system development purposes and technical assistance; auditors and consultants to ascertain compliance with external and internal requirements as well as compliance with laws; bodies and agencies responsible for the application of laws and concerned parties pursuant to legal obligations to reporting; any successors or business partners of the Data Controller or of a company of the Data Controller’s group in case of sale, assignment or other extraordinary transactions; police, armed forces and other public administrations for the fulfilment of obligations set by laws, regulations or by European legislation.
Should said parties be located in extra-EU countries, the Data Controller ensures that extra-EU data transfer will take place in accordance with the applicable legal provisions.
6. Data Transfer
Data will be stored on servers located within the European Union. In any case, it is understood that the Data Controller has the right to share data with the other companies of the Tesmec Group and/or to transfer Data also to other extra-EU areas, if needed; in this case, the Data Controller hereby ensures that the extra-EU data transfer will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission.
The Data Controller shall apply all the necessary protections to the aforementioned transfers pursuant to the legislation on privacy in force.
7. Rights of the Data subject
As Data subject, you have the rights set forth in articles 13, paragraph 2, letters b), c) and d), 15, 16, 17, 18, 19 and 21 of the GDPR and precisely the rights to:
• receive confirmation of the existence or absence of Data concerning you, even if not yet registered, and their communication in an intelligible form;
• to receive information on: a) the origin of Data; b) the purposes and methods of processing; c) the logic applied in case of processing performed with the aid of electronic devices; d) the identification details of the Data Controller, Data Protection Officer, data processors and the designated representative pursuant to art. 3, paragraph 1, of the GDPR; e) the subjects or categories of subjects to whom Data may be disclosed or who may become aware of them as designated representative in the territory of the State and as processors;
• to obtain: a) the updating, correction or, when they are interested, integration of the Data; b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed. c) certification that the parties to which the data have been transferred or disseminated have been notified of the operations specified in points a) and b), also regarding their content, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.
• to object, in whole or in part: a) for legitimate reasons to the processing of data concerning you, even if linked to the purpose of collection; b) the processing of data concerning you for sending advertising material or for direct sales or for market researches or commercial communication, through the use of automated call systems without the intervention of an operator through e-mail and/or traditional marketing methods by phone and/or paper-based mail. It should be noted that the right to object, which the Data subject is entitled to, as set out in point b) above, for direct marketing purposes through automated methods also applies to the traditional ones and that in any case the Data subject is free to exercise even partially the right to object. Therefore, the Data subject may decide to receive communications through traditional methods or automated communications only or none of the two types of communication;
• where applicable, the Data subject also has the rights referred to in articles 16 - 21 of the GDPR (Right to correction, right to be forgotten, right to processing limitation, right to data portability, right to object), as well as the right to file a complaint to the Competent Authority;
• to revoke any consent given at any time.
With regard to the right to data portability, the interested party may request to receive or transfer their personal data held by the Data Controller in a structured, commonly used and readable format, for further personal use or to provide them to other data controllers.
With reference to the contractual relationship, in general terms the data that may be subject to portability are personal and contact data.
8. How to exercise rights
You may exercise your rights or submit a request at any time by sending: a registered letter with notification of receipt to Tesmec S.p.A. - with registered office in Milan, Piazza S. Ambrogio no. 16 (ZIP code 20123) - or an e-mail to: firstname.lastname@example.org.
The deadline for replying is one month. The aforementioned term can be extended by two months in particularly complex cases: if this occurs, the Data Controller will provide a communication relating to the reasons for the extension within one month. The Data Controller has the right to request the information necessary for the identification of the applicant. In general terms, the exercise of rights is free, except in the case of manifestly unfounded or excessive requests, for which the Data Controller may reserve the right to request a reasonable contribution from the interested party based on the administrative costs to be incurred.
9. Data Controller, Data Protection Officers, Data Processors
The Data Controller is Tesmec S.p.A. with registered office in Milan, Piazza S. Ambrogio no. 16 (Post code 20123) , tax code and VAT number: 10227100152, in the person of the legal representative pro tempore The list of categories of Data Processors is kept at the Data Controller's registered office.