Who are we and what do we do with your personal data?

Porta Medicea S.r.l., hereinafter the Data Controller, protects the confidentiality of your personal data and provides it with the necessary protection from any event that may put it at risk of violation.

For this purpose, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of your rights under applicable law. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.

The Data Controller appointed a Data Protection Officer (DPO) who you can contact if you have questions about adopted policies and practices. The contact details of the Data Protection Officer are as follows: dpo@gruppoigd.it

 

How does the Data Controller collect and process your data?

The Data Controller collects and/or receives information about you, such as: name, surname, IT data and information relating to the activities you have performed on the work tools which belong to the Data Controller. Your personal data are processed in order to carry out control obligations arising from Provision issued on November 27th 2008 by the Authority for the protection of personal data. Your data may be communicated to the companies of the Group to which the Data Controller belongs and, in case of offences, to competent authorities. Third parties / recipients carry out their activities in compliance with specific legal obligations. Any communication that does not respond to these purposes will be subject to your consent.

Your personal data is also collected from third parties such as IT Service Providers or IT consultants. The Data Controller will not transfer your personal data abroad (non-EEA countries). Your personal data will not be in any way disseminated or disclosed to undetermined and unidentifiable subjects, even as third parties.

 

What happens if you do not provide your data?

Your personal data are necessary for the fulfilment of specific obligations arising from Provision issued on November 27th 2008 by the Authority for the protection of personal data.

 

How and for how long is your data retained?

Data processing is carried out on paper or through IT procedures by internal subjects authorised and trained for this purpose. The data is retained on paper, computer and electronic files located within the European Economic Area, and appropriate security measures are ensured.

The personal data processed by the Data Controller are retained for the time necessary to fulfill the obligations the Data Controller is required to comply with and for at least 6 months (and until one year) in accordance with Provision issued on November 27th 2008.

 

What are your rights?

The rights granted to you allow you to always have control on your data. Your rights are those of:

  • Access;
  • Rectification;
  • Withdrawal of consent;
  • Erasure;
  • Restriction of processing;
  • Opposition to the processing;
  • Portability.

Your rights are provided without any special charges or formalities for the request of their exercising, which is meant to be essentially for free. You have the right:

  • To obtain a copy, even by electronic means, of the data you requested the access to. In case you require further copies, the Data Controller may charge a reasonable fee;
  • To obtain the erasure of such data or the restriction of the processing or even the update and rectification of your personal data;
  • To obtain, in such last cases, that the other Data Controllers to whom, in case your data have been communicated or the recipients of such data, are informed about your request and
    about the result of the exercise of your rights so that they too can cancel, suspend or interrupt the processing or correct your data;
  • To obtain every useful communication regarding the activities carried out following the exercising of your rights without any delay and anyhow within a month from your request, except
    for the prorogation, justified, up to two months, which will have to be duly communicated to you.

For any further information and to send your request, please contact the Data Controller at privacy@gruppoigd.it.

 

Who can you complain to?

Without prejudice to any other administrative or judicial action, you may submit a complaint to the competent supervisory authority or to the authority that carries out its tasks and exercises its powers where you have your habitual residence or work or, if different, in the Member State where the violation of Regulation (EU) 2016/679 occurred.

Any update of this information will be communicated to you in a timely manner and by appropriate means and you will also be informed if the Data Controller will process your data for purposes other than those referred to in this information before carrying it out and in time to give your consent if necessary.