INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to European Regulation 679/2016 (GDPR)
On 25 May 2018, European Regulation 679/2016 (GDPR), which defines the general rules regarding the protection of personal data, become fully effective.
This is an important step which set outs, for every country in the European Union, the same rules regarding the processing of personal data.
Farchioni Olii S.p.A. considers safeguarding the personal data of natural persons fundamentally essential and compliance regarding the subject is a primary objective on which the company’s management shall be based.
THE CONTROLLER’S CONTACT DETAILS
Farchioni Olii S.p.A., with offices at Via B. Buozzi, no. 10, 06030 Giano dell’Umbria (PG), Italy
Tel. 0039 074292951 – Fax: 0039 0742929595
certified email: email@example.com
1. A DATA SUBJECT’S RIGHTS AND HOW TO EXERCISE THEM
The Regulation gives Data Subjects the following rights which may be exercised towards and against the Controller and any and each Joint Controller.
- Right of access: Art. 15 of the European Regulation gives a Data Subject the right to obtain from the Controller confirmation or otherwise that data concerning the Data Subject is subject to processing and, if so, to obtain access to such data.
- Right to rectification: Art. 16 of the European Regulation gives a Data Subject the right to obtain from the Controller the rectification, without undue delay, of any inaccurate personal data concerning the Data Subject. Taking into account the purpose(s) for which personal data is processed, the Data Subject has the right to have any incomplete personal data supplemented, including by providing a supplemental declaration.
- Right to erasure: Art. 17 of the European Regulation gives a Data Subject the right to obtain from the Controller the erasure, without undue delay, of the personal data concerning the Data Subject if one of the reasons provided for by the Regulation exists.
- Right to restrict processing: Art. 18 of the European Regulation gives a Data Subject the right to obtain from the Controller a restriction on the processing of the personal data concerning the Data Subject when one of the conditions provided for by the Regulation exists.
- Right to object: Art. 21 of the European Regulation gives a Data Subject the right to object, at any time, for reasons connected to the Data Subject’s particular situation, to the processing of the personal data concerning the Data Subject pursuant to article 6(1)(e) or (f), including profiling on the basis of these provisions.
- Right to data portability: Art. 20 of the European Regulation gives a Data Subject the right to receive the personal data concerning the Data Subject provided to a controller in a structured, commonly used and machine-readable format and a Data Subject has the right to have this data transmitted to another controller without hindrance by the Controller to which the Data Subject supplied such data in compliance with the conditions provided for by the Regulation.
- Right to revoke consent: Art. 7 of the European Regulation gives a Data Subject the right to revoke any consent given by the same at any time. Revoking consent does not prejudice the lawfulness of the processing based on consent which may have been done prior to such consent being revoked.
- Right to lodge a complaint: Art. 77 of the European Regulation gives a Data Subject the right, should he or she believe that the data concerning them has been processed in breach of the Regulation, to lodge a complaint with a Supervisory Authority, notably in the EU Member State in which the Data Subject habitually resides or works, or the place where the alleged breach took place.
A complete extract of the legal articles mentioned above is available from the IT Office. This office will be able to provide all the information that a Data Subject might need regarding how to exercise their rights; requests may be made in writing, accompanied by a valid identification document, to the IT Office, Via Madonna del Puglia, 1, 06035 Gualdo Cattaneo (PG), Italy.
The party who determines the purpose(s) for which and the means by which personal data is processed is Farchioni Olii S.p.A., with offices at Via B. Buozzi, no. 10, (06030) Giano dell’Umbria (PG), Italy, VAT no. 00522110543.
2. JOINT CONTROLLERS – RELIANCE ON THIRD PARTIES
In the event of a joint controller, the Controller will ensure that compliance with the principles below is guaranteed through a joint controller agreement.
In the event in which processing activities regarding personal data are entrusted to a third party (or third parties), the Controller will ensure that compliance with the principles below is guaranteed through a service contract.
The Controller will organise the resources and the processing of personal data in such a way that the requirements provided for by the GDPR and by domestic industry regulations are complied with. Specifically:
- Coordinating privacy reflects the operational coordination, assignments are consistent with the operational tasks, and the powers and authority connected to them.
- The natural persons who are assigned significant tasks and responsibilities (considering the quantity and categories of personal data, the risks to the rights and freedoms of natural persons) are identified, selected, and appointed on the basis of objective criteria which define the needs of the entity in terms of understanding, ability and experience. In the absence of any qualifications, the requirements and weighting assessments are predefined.
- Those who process personal data act under the Controller’s direct authority, or that of a Processor duly appointed by the same. Personnel are duly trained in accordance with a continuous training programme that takes account of the various needs in relation to the various roles covered.
- The Controller directs and supervises every person who processes personal data on its behalf.
- Parties to whom processing activities regarding personal data are entrusted are identified, selected and appointed on the basis of a pre-arranged, transparent process that guarantees objectivity in decision-making; the supplier must possess the ability and professionalism required by the organisation; the supplier must provide sufficient guarantees to implement suitable technical and organisational measures in such a way that processing meets the requirements of the GDPR and ensures that the Data Subject’s rights are safeguarded.
- Relationships with third parties who process personal data on behalf of the Controller are always formalised in writing. The relative contract respects the minimum requirements set out in art. 28 of the GDPR.
- The Controller directs and supervises every person to whom processing activities are delegated.
4. THE STAKEHOLDERS
a) The Controller processes the personal data of the following categories of natural persons:
- freelance professionals
b) Categories of parties indirectly involved:
- family members of employees and users
- employee creditors
- employee assignees
c) affected institutions/entities
- trade unions
5. THE CULTURE OF PRIVACY
For Farchioni Olii S.p.A., the ability to protect personal data represents not so much – and not only – a legal obligation but, rather, a preferred requirement: a competitive asset. In line with the perspective of accountability required by the GDPR, the Company addresses compliance in how it processes personal data with respect to the GDPR with an approach aimed at the risks and how to handle them. The respect for the rights, freedoms and data of natural persons is, for the Company, a binding, ethical imperative that guides every activity that is undertaken.
Farchioni Olii S.p.A. processes personal data only when there is a legal basis to do so – as referred to in art. 6 of the GDPR (on the basis of consent, to fulfil a contractual obligation, to fulfil the vital interests of the person or third parties concerned, to fulfil a legal obligation to which the Controller is subject, in response to the public interest or in exercising public powers, in support of the Controller’s prevailing legitimate interests or those of a third party to whom the data has been communicated).
The Company processes particularly sensitive personal data (i.e. data that can reveal a person’s racial or ethnic origin, their political opinions, religious or philosophical convictions, trade union membership, and also processes genetic data, biometric data intended to uniquely identify a natural person, data regarding health or sex life or sexual orientation) only under one of the conditions referred to in art. 9.2 of the GDPR.
The Company processes personal data regarding criminal convictions and crimes or related security measures, only under one of the legal bases referred to in art. 6.1 of the GDPR, and only under the control of a public authority or, if processing is authorised by EU or Member State law which provides for appropriate guarantees of the rights and freedoms of the Data Subject.
The Company processes personal data solely for specific, explicit, and legitimate purposes, without impropriety or deception towards Data Subjects and by strictly following the limits of the legal bases which legitimise such processing.
The Company has adopted appropriate measures to provide Data Subjects with all the information they may require (as referred to in articles 13 and 14 and the communications referred to in articles 15-22 and article 34 regarding the processing) in a concise, transparent, intelligible, and easily accessible form, using simple, clear language. Specifically, the Company, for each type of processing done, advises the Data Subject on the ways with which personal data is collected, used, consulted, or otherwise processed, as well as on the means by which personal data is or will be processed. The information and communications regarding the processing of such personal data shall be easily accessible and understandable.
9. PURPOSE LIMITATION
Farchioni Olii S.p.A. processes personal data for specific, explicit, and legitimate purposes, and ensures that such processing is not incompatible with these purposes.
10. DATA MINIMISATION
Farchioni Olii S.p.A. processes suitable and relevant personal data which is limited to that needed with regard to the purposes for which such data is processed.
Farchioni Olii S.p.A. processes accurate and, if necessary, updated personal data; adopting every reasonable measure to delete or rectify, promptly, any inaccurate data with regard to the purposes for which such data is processed.
12. STORAGE LIMITATION
Farchioni Olii S.p.A. stores personal data in a form which allows for the Data Subject to be identified for a period of time not exceeding that required to fulfil the purposes for which such data is processed.
13. INTEGRITY AND CONFIDENTIALITY
Farchioni Olii S.p.A. processes personal data in such a way as to ensure that the data is suitably secure and is adequately protected, through suitable technical and organisational measures, from unauthorised or unlawful processing, data loss, destruction, or accidental damage.
14. DATA PROTECTION BY DESIGN AND BY DEFAULT
Farchioni Olii S.p.A. adopts the methodological approach to any project on the basis of which protecting personal data shall be assessed from the planning stage. For any project, therefore, whether structural or conceptual, protecting personal data shall be considered from the moment of its design and shall provide for solutions to protect personal data.
The Company has implemented suitable technical and organisational measures to guarantee that only that specific personal data which is needed for each single purpose (for which the data is collected) is actually processed; in particular, the technical and organisational measures put in place have the objective of ensuring that – by default – data is processed in accordance with the specific purpose(s) for which the data is being processed.
15. MANDATORY NATURE
Failure to comply with the principles set out in this document, as well as with the directives, instructions, requests, and orders which might be issued by the Company to protect personal data and to comply with legislation in effect shall constitute a serious non-compliance.
This document has been approved by the Board of Directors and has been prepared by the Controller who will be responsible for updating and distributing it.
3. ACCESS TO THIS WEBSITE BY VISITORS IS SUBJECT TO THE FOLLOWING CONDITIONS
Access to this website by visitors is subject to the following conditions. The information, places and graphic elements, sounds, images, trademarks, and everything else published and/or reproduced on this website are owned by (or third parties have granted their use to) FARCHIONI OLII S.P.A. or to the companies in the FARCHIONI OLII S.P.A. GROUP. Reproduction of the website’s content is only permitted with the prior, written authorisation from FARCHIONI OLII S.P.A. It is, therefore, prohibited to modify, copy, reproduce, distribute, transmit or disseminate this website’s content without authorisation. Specifically, it is prohibited to copy software which controls the operation of this website, to create programs similar to such software, to reverse engineer and/or to use the source code of such programs. FARCHIONI OLII S.P.A. and the other companies in the FARCHIONI OLII S.P.A. GROUP do not guarantee that the information published on this website will be constantly updated, nor can they be held liable for any damage, including being infected by a computer virus, that might happen to the visitor’s equipment due to accessing and/or interconnecting with this website or as a result of downloading its content. The hypertext links found on this website may direct a visitor’s search to a web page found on a website other than this one. In this case, FARCHIONI OLII S.P.A. assumes no liability in relation both to the content published on those other websites and to the use that those third parties make of it, nor for any damage caused by or originating from accessing those sites, from connecting with the same, or from downloading their content. Every piece of personal information sent to the FARCHIONI OLII S.P.A. website will be processed in accordance with the law on privacy. Every act of communicating non-personal information to FARCHIONI OLII S.P.A. through this website (including suggestions, ideas, drawings, designs, etc.) grants FARCHIONI OLII S.P.A., and all the other companies in the FARCHIONI OLII S.P.A. GROUP, the exclusive, unlimited and irrevocable right to use, reproduce, display, implement, modify, transmit and distribute the same non-personal information. Communicating this information will automatically entail the transfer of the same, free of charge, exclusively and with the broadest rights and powers, to FARCHIONI OLII S.P.A. and to the companies in the FARCHIONI OLII S.P.A. GROUP. The legislation in effect covering the Italian Republic apply to this website.
General information, disabling and managing cookies
A cookie is a set of data that is sent from a website and stored by the user’s internet browser on their computer or other device (for example, a table or smartphone). Technical cookies and third-party cookies may be installed by our website or by its related sub-domains.
In any case, users can manage cookies, or have cookies disabled or deleted, by changing their internet browser settings. Disabling cookies may, however, slow, or even prevent, access to certain parts of the website.
The settings to manage or disable cookies may vary depending on the browser used, therefore, for more information on how to perform these operations, we recommend that users consult their device’s manual or use the “Help” function in their internet browser.
The following links, which refer to the most popular internet browsers, explain how to manage or disable cookies:
- Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Opera: http://help.opera.com/Windows/10.00/it/cookies.html
- Safari: https://support.apple.com/kb/PH19255
The use of technical cookies, i.e. cookies which are necessary for transmitting communications over an electronic communications network, or cookies strictly necessary for the supplier to deliver the service requested by the client, allows our website to be used securely and efficiently.
Session cookies may be installed in order to allow access to, and to remain in, the portal’s reserved area as an authenticated user.
Technical cookies are essential for the website to operate properly and are used to allow users the ability to browse our website normally and to make use of the advanced services available on it. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of the browsing activity and until the browser is closed, and persistent cookies which are stored in the memory of the user’s device until they expire or until they are deleted by the user him/herself. Our website uses the following technical cookies:
- Browsing or session technical cookies, used to manage normal browsing and to authenticate the user;
- Functional technical cookies, used to store the user’s personalisation preferences such as, for example, language;
- Analytics technical cookies, used to understand how users use our website in order to be able to assess and improve its operation.
Third-party cookies may be installed: these are analytical and profiling cookies set by Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing, and Facebook. These cookies are sent by the websites managed by the aforementioned third parties which are external to our website.
Third-party analytical cookies are used to gather information on how users behave on the website. Gathering this information is done anonymously and is done to monitor the website’s performance and to improve its usability. Third-party profiling cookies are used to create user profiles in order to propose advertising messages which are in line with the choices expressed by users themselves.
The use of these cookies is governed by the rules prepared by the same third parties and, therefore, users are invited to review the related privacy policies and the ways by which cookies can be disabled and managed:
For Google Analytics cookies:
- instructions on how to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
For Facebook cookies:
- instructions on how to manage or disable cookies: https://www.facebook.com/help/cookies/
For Youtube cookies:
- instructions on how to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
Profiling cookies may be installed by the Controller(s) through so-called web analytics software. These cookies are used to prepare detailed and real-time analysis reports relating to information on: website visitors, search engine of origin, keywords used, language of use, most visited pages.
The same cookies may collect information such as the user’s IP address, nationality, town/city, date/time, device, browser, operating system, screen resolution, browsing origin, pages visited and number of pages viewed, duration of visit, number of visits made.