Information notice
Privacy Policy concerning the processing of personal data pursuant to articles 13 of (EU) Regulation 2016/679
Data subject: employees and para-subordinate staff.
Your personal data will be processed in accordance with the terms of the above legal provisions and the confidentiality obligations contained therein.
In addition, the Data Controllers may become aware of special categories of personal data and in detail: unions enrollment, health conditions. The processing of personal data for these special categories is carried out in compliance with Article 9 of the GDPR.
Purposes and legal basis of processing: specifically, your data will be processed for the following purposes, relating to the fulfilment of legal or contractual obligations:
- Data retention of data subjects on Group Systems;
- legal and economic terms of employment;
- Support in managing working relationships between interested parties and owners;
- Participation in training courses for professional growth and/or mandatory.
Your data will also be processed for the following purposes relative to the fulfilment of legal obligations:
- fulfillments related to trade union, tax, social security and legal obligations;
- legal compliance with regard to taxation and accounting.
Your data will also be processed for the following purposes relative to the performance of measures connected to contractual or preliminary obligations:
- Activities schedule.
Your data will also be processed for the following purposes necsseries to pursue data controller's legitimate interest:
- IT security;
- Recording of office access for quality management, information security and physical security.
Processing procedures. Your personal data may be processed by the following ways:
- entrusting of the data to the employment consultant for tax and social security obligations;
- Manual personal data processing with paper filing system;
- computer processing;
- reliance on the cloud business services platform.
All data are processed in compliance with the procedures specified in articles 6 and 32 of the GDPR and with the adoption of the appropriate security measures required.
Your data will only be processed by staff expressly authorised by the Data Controllers and, in particular, by the following categories of staff:
- Responsabili business unit;
- Admnistration office;
- in the context of HR management;
- System administrator.
Disclosure. Your data may be disclosed to external entities for the correct management of the relationship and specifically for the following categories of Recipients, including all the duly designated Data Processors:
- banks and lenders;
- Services platforms on the cloud;
- Competent doctor for the management of health surveillance;
- customers;
- pension and welfare institutions;
- Labor consultant;
- parent companies;
- insurance companies;
- trade unions;
- Workplace safety consultants.
Distribution: Your personal data will not be distributed in any way.
Your personal data may also be transferred, only for the aforesaid purposes, to the following countries:
- EU countries.
Data Storage Period. In accordance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 of the GDPR, the data storage period for your personal data is:
- 1 month for storing access logs to company IT systems and internet browsing;
- 1 month for office access registrations;
- 10 years from the termination of the employment relationship.
Contitolare: i contitolari del trattamento dei dati, ai sensi della Legge e nella persona del loro rappresentante pro tempore, sono:
- Aglea srl (Corso Magenta 56 , 20123 Milano (MI), VAT no. 03868780960, contactable as follows: e-mail amministrazione@aglea.com, telephone +390245495471) in the person of Andrea Cavalleri;
- Horsa S.p.A. (Via Cerchia di Sant’Egidio 890 , 47521 Cesena (FC), VAT no. 02415190400, contactable as follows: e-mail horsa@legalmail.it, telephone 0543463711)
You may also examine whenever you like the updated version of the present report by connecting to the following web site https://www.privacylab.it/informativa.php?10058449760&lang=en.
Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.
2. The data subject has the right to be informed of:
- the source of the personal data;
- the purposes and methods of processing;
- the logic applied if the data are processed by electronic devices;
- the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State's territory, as data processors or as persons in charge of the processing.
3. The data subject is entitled to obtain:
- the updating, rectification or, where interested therein, integration of the data;
- the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
- certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
- the portability of the data.
4. The data subject has the right to object, in whole or in part:
- on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.