Privacy policy ex art. 13 of Regulation (EU) 2016/679 for the processing of personal data

This privacy policy provided in compliance with art. 13 of Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) concerns the personal data requested by Sofidel S.p.a. to allow participation in the “Sofidel Innovation Award” initiative (hereinafter referred to as the “Initiative”).

 

  1. Data Controller and Data Protection Officer

The personal data of the participants in the Initiative (hereinafter referred to as “personal data”) will be processed by Sofidel S.p.A., Via Giuseppe Lazzareschi, 23 – 55016 Porcari (LU), as data controller (hereinafter referred to as “Sofidel” or “Controller”).

Sofidel’s Data Protection Officer (“DPO”) can be contacted:

  • by e-mail, at the address:  [email protected].
  • by ordinary mail, to the address indicated above.

 

  1. Types of data subject to processing

The personal data processed by the Data Controller are name and surname. 

 

  1. Purpose and legal basis for processing personal data

Personal data will be processed to manage the request to participate in the Initiative. The legal basis of the processing is represented by art. 6, par. 1, lett. b) of the GDPR, i.e. the request of the data subject. The provision of personal data is optional but, if not provided, participating in the Initiative will not be possible.

Once provided, the data could also be processed for the following purposes:

– fulfilment of any regulatory obligations to which the Data Controller is subject; the legal basis of the processing is represented by art. 6, par. 1, lett. c) of the Regulation, i.e. the existence of a legal obligation;

– any defensive purposes; the legal basis is envisaged in art. 6, par. 1, lett. f) of the Regulation, i.e. the need for defence in court.

 

  1. Storage of personal data

The Personal Data will be retained only for the time necessary for the purposes for which they are collected, i.e. until 31/12/2025, after which they will be permanently deleted. 

 

  1. Recipients of personal data

Personal data may be shared with:

  • subjects who typically act as data processor under art. 28 of the GDPR (for example, Mentarossa, Via Provinciale Lungomonte 33, supplier agency that is in charge of the management of the Initiative);
  • personnel authorised data processing under art. 29 of the GDPR;
  • companies of the Sofidel Group, acting as independent data controllers, for administrative-accounting purposes on the basis of legitimate interest in compliance with art. 6, par.1, letter f) and Recitals 47 and 48 of the Regulation;
  • subjects, bodies or authorities, independent data controllers, to whom it is mandatory to communicate personal data pursuant to provisions of law or orders of the authorities.

 

The list of the recipients of personal data is available at the registered office of the Data Controller and in any case can be requested from the Data Controller and the DPO at the contact details indicated above.

 

  1. Transfer of personal data outside the EU

The Data Controller hereby informs that personal data will not be transferred outside the territory of the European Union.

 

  1. Methods of processing personal data

The processing of personal data will take place through computer, manual and/or telematic media and/or tools, following a logic that is strictly related to the purposes of the processing and in any case guaranteeing the confidentiality and security of the data, and in compliance with the Regulation and the Provisions of the Guarantor for the protection of applicable personal data. 

 

  1. The rights of the data subject

The data subject is entitled to access at any time the personal data concerning them, in compliance with articles 15-22 GDPR. In particular, they may request correction, erasure, limitation of the processing of their data in the cases envisaged by art. 18 of the GDPR, revocation of consent, to obtain the portability of their data in the cases envisaged by art. 20 of the GDPR. 

The data subject may also make a request to object to the processing of their data ex art. 21 of the GDPR, in which they must provide evidence as to the reasons justifying such objection; the Data Controller reserves the right to assess this request, which may not be accepted if there compelling legitimate reasons to proceed with the processing that prevail over their interests, rights and freedoms subsist. 

Requests must be addressed in writing to the Data Controller or to the DPO at the above contact details.

 

  1. Complaint to the Data Protection Authority 

If the Data Subject believes that the processing of personal data carried out by the Data Controller is in violation of the provisions of the GDPR, they have the right to lodge a complaint with the Data Protection Authority, as envisaged by art. 77 of the GDPR, or to take appropriate legal action in compliance with art. 79 of the GDPR.

Back To Top