Within the corporate processes, the protection of the privacy during the processing of personal data is the subject of great attention by Ro.Ve.R. Laboratories SpA (hereinafter “ROVER”).
The personal data collected are processed in compliance with Italian and EU legislation, with particular reference to the European Regulation 679/16 (hereafter also “GDPR”), and the legal provisions in force in the countries in which the Company operates.
ROVER As the owner agrees to protect your privacy and your rights and, according to the principles dictated by the aforementioned standards, the processing of the data provided will be based on principles of correctness, lawfulness and transparency.
PURPOSE OF THE TREATMENT
Our Company must acquire or already hold some data concerning you. The collection and processing of your data is carried out in order to allow our Company to conduct the activity of:
- management of the contractual relationship (as a customer, as suppliers or as a collaborator), more specifically: administrative, accounting, preventive orders and contracts management;
- litigation management;
- selection in relation to the needs of the company;
- fulfilment of transactions imposed by regulatory obligations;
- auditing and certification of financial statements (mandatory / optional);
- historical data storage;
- collection of references during the pre-contractual information phase.
METHOD OF TREATMENT
Data processing is carried out in the following ways:
- manual, with recording, processing and archiving on paper
- electronic, by recording, processing, storing and transmitting data with the aid of IT tools
The tools and the media used – paper, magnetic, computer or telematic – in the course of the processing activities are suitable to ensure the secu
rity and confidentiality of data.The custody of databases is carried out in protected environments, whose access is under control and in compliance with the provisions of the law.
In carrying out the processing activities, the Company undertakes to:
- ensure the accuracy and updating of the data processed, and promptly acknowledge any adjustments and / or additions requested by the interested party;
- adopt appropriate security measures to ensure adequate data protection, considering the potential impacts that the processing involves on the rights and fundamental freedoms of the data subject;
- notify the interested party, in the times and in the cases provided for by the binding regulations, of any violation of personal data;
- guarantee the compliance of processing operations with the applicable provisions of the law.
DATA CONSERVATION POLICY
The company keeps personal information in its systems in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed or to comply with specific regulatory or contractual obligations.
Where no temporal terms are specified by regulatory sources on conservation, ROVER will retain the data acquired for a period of 12 months from the end of the employment relationship; where the terms of conservation are subject to specific regulations, ROVER will comply with the terms of conservation envisaged.
COMMUNICATION AND DIFFUSION OF DATA
We inform you that without prejudice to the communications made in fulfillment of legal obligations, your personal data collected may be known by the Data Controller, the Data Processors and any third parties (parties involved in the management of the treatment).
The data may be communicated, with the explicit consent of the interested party and for the purposes indicated above, also to the following subjects or categories of subjects:
- banks and credit institutions;
- employees of the company, professionals (lawyers, accountants);
- contractors of our company;
- customers of the company;
- other offices of this company or of other companies, including foreign companies, with the same associate or belonging to the group or with whom a correspondent relationship is maintained;
- auditing firm;
- anyone legitimate recipient of communications required by law or regulation.
- public bodies, authorities or institutions;
The dissemination of the data acquired to the categories of subjects listed above, will remain however bound to the purpose of the commercial relationship established with the interested party and carried out on the basis of the acquired consent.
THE RIGHTS OF THE INTERESTED PARTY
The interested party can assert his rights, recognized by the art. 15-22 of the GDPR and the current legislation, such as:
- Right of access: right to obtain from the data controller confirmation that personal data is being processed and if so, to obtain access to personal data and further information on origin, purpose, category of data treaties, recipients of communication and / or data transfer, etc.
- Right of rectification: right to obtain from the data controller the correction of inaccurate personal data without unjustified delay, as well as the integration of incomplete personal data, including by providing an additional declaration.
- Right to cancellation: right to obtain from the data controller the deletion of personal data without unjustified delay in the event that:
- personal data are no longer necessary with respect to the purposes of the processing;
- the consent on which the treatment is based is revoked and there is no other legal basis for the treatment;
- personal data have been processed unlawfully;
- personal data must be deleted to fulfil a legal obligation.
- Right to oppose processing: the right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the holder.
- Right to limit processing: the right to obtain from the data controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the data controller to verify the accuracy of such personal data) , if the treatment is illegal and / or the interested party has opposed the treatment.
- Right to data portability: the right to receive personal data in a structured, commonly and automatically readable format, and to transmit such data to another data controller, only for cases where the processing is based on consent and only for data processed by electronic means.
- Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedies, the person concerned who considers that the processing concerning him / her is in violation of the GDPR has the right to lodge a complaint with the supervisory authority of the Member State in who lives or works habitually, or the state in which the alleged violation has occurred.
The release of consent, if proposed by ROVER, is mandatory for the pursuit of the intended purposes as their non-availability would make it impossible to finalize the business relationship.
For any clarifications or comments regarding this information or for the exercise of their rights, the interested party may contact the Data Controller at the following references:
RO.VE.R. LABORATORIES SPA
Address: Via Parini 2 – 25019 Sirmione (BS) Italy
Tel: (+39) 030 91981 – Fax: (+39) 030 990 6894