Informativa
Privacy Policy concerning the processing of personal data pursuant to articles 13-14 of (EU) Regulation 2016/679
Data subject: employees and contract staff.
Awair srl in its capacity of Data Controller with regard to the processing of your personal data pursuant to (EU) Reg. 2016/679 (hereinafter the 'GDPR'), hereby informs you that the said regulation protects data subjects with regard to the processing of their personal data and that the said processing will take place in a fair, lawful, transparent manner which protects your privacy and your rights.
Your personal data will be processed in accordance with the terms of the above legal provisions and the confidentiality obligations contained therein.
Purposes and legal basis of processing: specifically, your data will be processed for the following purposes, relating to the fulfilment of legal or contractual obligations:
- Employment or Training Contract in the forms provided for by law and in compliance with the CCNL;
- Health surveillance obligations according to Legislative Decree 81/08;
- Internal control services;
- legal and economic terms of employment;
- Management of marriage leave pursuant to Law no.76 / 2016 and Law no.339 / 58;
- Management of severance pay advance and salary-backed loan;
- Planning and management of work activities in relation to company orders.
Your data will also be processed for the following purposes relative to the fulfilment of legal obligations:
- legal compliance with regard to taxation and accounting;
- Obligations relating to liquidation of unions enrollment or exercise of rights;
- Hygiene and labour safety.
Your data will also be processed for the following purposes relative to the performance of measures connected to contractual or preliminary obligations:
- Management of IT equipment;
- HR management in general;
- Quality Management;
- Activities schedule.
For the purposes of the aforesaid processing, the Data Controller may obtain knowledge of special categories of data, as follows: Data Access Log, Generic special category of personal data, Internet browsing log file, unions enrollment, racial or ethnic origins, health conditions. Personal data in these special categories are processed in compliance with art. 9 of the GDPR.
Processing procedures. Your personal data may be processed by the following ways:
- Manual personal data processing with paper filing system;
- contract data processing by third parties;
- computer processing.
All data are processed in compliance with the procedures specified in articles 6 and 32 of the GDPR and with the adoption of the appropriate security measures required.
Your data will only be processed by staff specifically authorised by the Data Controller, and specifically by the following categories of staff:
- Admnistration office;
- Awair's Partners;
- HR Department;
- IT department;
- in the context of HR management.
Disclosure. Your data may be disclosed to external entities for the correct management of the relationship and specifically for the following categories of Recipients, including all the duly designated Data Processors:
- constitutional authorities;
- banks and lenders;
- consultant and freelance professionals, also working as firms;
- pension and welfare institutions;
- Public/private subjects whose data transmission is mandatory or necessary in compliance with regulations or functional to the relationship management;
- data subject relatives;
- insurance companies;
- trade unions.
Distribution: Your personal data will not be distributed in any way.
Your personal data may also be transferred, only for the aforesaid purposes, to the following countries:
- EU countries: in accordance with the Microsoft Volume Licensing Services Agreement, Awair S.r.l. will use Microsoft's online services to store data (OneDrive for Business, SharePoint, Office 365, ...), in this situation Microsoft will store the following Company Data at rest only within the European Geographic Area: (1) the contents of the Exchange Online mailbox (body of the e-mail message, calendar entries and content of e-mail attachments), (2) the contents of the SharePoint Online site and the files stored on that site, (3) the uploaded files on OneDrive for Business and (4) the content of projects uploaded to Project Online. Microsoft's GDPR policy is available at http://www.microsoftvolumelicensing.com/Downloader.aspx?documenttype=OST&lang=Italian.
Data Storage Period. In accordance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 of the GDPR, the data storage period for your personal data is:
- 10 years pursuant to art. 43 of Presidential Decree 600/73; art. 2946 of the civil code on ordinary prescription; Title I, Chapter III, of Legislative Decree 81/08 and subsequent amendments.
Data Controller: the Data Controller, as defined by the Law, is Awair srl (Via Guido Cavalcanti, 5 , 20127 Milano (MI); VAT no.: 07830500968; contactable as follows: E-mail: info@awair.eu) in the person of Gianfranco Gennaro.
The Data Protection Officer (DPO) designated by the Data Controller pursuant to art. 37 of the GDPR is:
- Jaera S.r.l. nella persona del Dott. Gianrico Gambino (Piazza della Repubblica, 32 , 20124 Milano (MI); VAT no.: 10557200960; contactable as follows: E-mail: dpo@awair.eu).
You are entitled, by application to the Data Processor, to obtain the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, to object to their processing, and in general to exercise all your rights under articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.
You may also examine whenever you like the updated version of the present report by connecting to the following web site https://www.privacylab.it/informativa.php?19083420587&lang=en.
Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.
2. The data subject has the right to be informed of:
- the source of the personal data;
- the purposes and methods of processing;
- the logic applied if the data are processed by electronic devices;
- the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
- the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State's territory, as data processors or as persons in charge of the processing.
3. The data subject is entitled to obtain:
- the updating, rectification or, where interested therein, integration of the data;
- the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
- certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
- the portability of the data.
4. The data subject has the right to object, in whole or in part:
- on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.