The company Valmet Tissue Converting S.p.A., with its registered office in 55100 Lucca, Via Giovanni Diodati 50 (hereinafter also the "Data Controller"), as Data Controller will see to the confidentiality of your personal data and guarantee its necessary protection from any event that could put it at a risk of violation. The Data Controller applies policies and practices concerning the collection and use of personal data and the exercise of the rights recognized by the applicable legislation. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever it becomes necessary and in any case whenever regulatory and organizational changes that may affect the processing of your personal data arise.
The Data Controller has appointed a Data Protection Officer (DPO) that you can contact if you have questions about the policies and practices adopted. The contact details of the Data Protection Officer are as follows: dpo.ti.luc@valmet.com
The Data Controller collects and/or receives information about you, such as:
Your personal information will be processed for:
Purpose |
Legal Basis |
|
Execution of pre-contractual and contractual activities Fulfilment of legal obligations and depending on the contract and the relationship established, such as, among others, those arising from:
|
Your personal data is also collected from third parties such as, by way of example:
The personal data that the Data Controller processes for this purpose are, among others:
Purpose |
Legal basis |
Communication to third parties, such as
|
Execution of pre-contractual and contractual activities Fulfilment of obligations depending on the contract Fulfilment of legal obligations, such as, among others, depending on:
Observance of transparency and economic and social reporting obligations |
Your data will not be disclosed to third parties / recipients for their own independent purposes unless:
The processing of your personal data takes place in order to offer you products that are additional to those you have purchased, or even improved or more suitable to your needs, and to send you advertising material. The processing of your data (such as first name, last name, e-mail,) may take place by e-mail.
This processing may be carried out on the basis of a legitimate interest of the Data Controller (so-called soft spam). However, this is without prejudice to your right to object at any time to processing based on legitimate interest for reasons related to your particular situation by writing to the Data Controller at privacy.ti.luc@valmet.com
The communication of your data (first name, last name, e-mail address, role in the company) is carried out for marketing activities proper to the companies of the group to which the Data Controller belongs. The processing in question may be carried out on the basis of a legitimate interest of the Data Controller. However, this is without prejudice to your right to object at any time to processing based on legitimate interest for reasons related to your particular situation by writing to the Controller at privacy.ti.luc@valmet.com
Purpose |
Legal basis |
Implementation of the detection and notification of personal data violation (data breach)
|
Execution of activities depending on the established relationship Fulfilment of legal obligations (detection and notification of data breach events) Legitimate interest |
If you do not provide your personal data, the Data Controller will not be able to follow up the processing related to the pre-contractual negotiation, the management of the contract and the services connected to it or to the fulfilments arising therefrom.The Data Controller intends to carry out the processing based on certain legitimate interests that do not affect your right to privacy, such as those that:
How
The data processing is performed through paper supports or IT procedures by specially authorized and trained internal subjects. Such internal subjects are allowed access to your personal data to the extent that it is necessary to carry out the processing activities that concern you. The data belonging to particular categories are treated separately from the others also by means of pseudonymisation or aggregation methods that do not allow you to be easily identified.
The Data Controller periodically verifies the tools through which your data is processed and the security measures provided for which it provides for constant updating; verifies, also through the subjects authorized to the treatment, that personal data of which the processing is not necessary is not collected, processed, filed or stored; verifies that the data is stored with the guarantee of integrity and authenticity and their use for the purposes of the treatments actually performed. The Data Controller guarantees that the data, even after the verifications, are found to be excessive or irrelevant will not be used except for the possible retention, according to the law, of the deed or document that contains them.
Where
The data is stored in paper, computerized and software archives located within the European economic area. Your personal data may also be stored in the following non-EU countries - with full assurance of the guarantees provided by European legislation. For more details on the guarantees adopted by the Data Controller, please refer to the paragraph "Non-EU data transfer" of this information.
For how long
The personal data processed are kept for the time necessary to carry out the activities related to the management of the contract that you have stipulated with the Data Controller and for the fulfilments, including those required by law. arising therefrom.
In particular:
|
Duration of the contractual relationship Without prejudice to:
Except in the event of litigation if it involves an extension of the aforementioned terms, for the time necessary to pursue the related purpose |
Once all the purposes that legitimize the retention of your personal data are exhausted, the Data Controller will take care of deleting them or making them anonymous.
The personal data processed by the Data Controller related to direct marketing are kept for 24 months unless you revoke the consent you have given and/or object to the processing.However, you have the right to object at any time to the treatment based on legitimate interest for any reason related to your particular situation.
The Data Controller may transfer your personal data abroad (non-EU countries) and in particular:
Turkey, Mexico (Agents and intermediaries) - ex art. 49 lett.b) “the transfer is necessary for the performance of a contract between the Data subject and the Data Controller or the implementation of pre-contractual measures taken at the data subject’s request.”
Israel, South Korea (Agents) - The European Commission adequacy decision on the adequate level of data protection by the State of Israel and South Korea.
China, Brazil USA (Sister Companies) - Standard contractual clauses aimed at ensuring adequate safeguards, including data subjects' rights with regard to the transfer of personal data outside the EU.
Japan (Sister Company) – Adequacy decision EU-Japan.
The transfer may, also, take place to consultants, single dealer ex art. 49 lett. c) "the transfer is necessary for the conclusion or performance of a contract concluded between the data controller and another natural or legal person in favor of the data subject."
For the data subject's personal data processed by suppliers and/or subcontractors based in non-EU countries, the Data Controller puts in place all appropriate safeguards, provided by regulation, to protect the data.
In substance, you, at any time and free of charge and without special charges and formalities for your request, can:
The Data Controller must proceed in this way without delay and, in any case, at the latest within one month of receiving your request. The deadline can be extended by two months, if necessary, taking into account the complexity and the number of requests received. In such cases the Data Controller, within a month of receiving your request, must inform you and inform you of the reasons for the extension.
For any further information and in any case to send your request, contact the Data Controller at privacy.ti.luc@valmet.com
For reasons related to your particular situation, you can oppose the processing of your personal data at any time when this takes place for legitimate prevailing reason or if it concerns the processing of personal data whose disclosure is subject to your consent, sending your request to the Data Controller at the address privacy.ti.luc@valmet.com
You have the right to the deletion of your personal data if there is no legitimate prevailing reason with respect to the one that gave rise to your request, and in case in the event that you are opposed to the processing of data.
Without prejudice to any other administrative or judicial action, you can file a complaint with the competent control authority or that which carries out its tasks and exercises its powers in Italy where you have your habitual residence or work or if different in the State Member where the violation of Regulation (EU) 2016/679 occurred.
Any update of this privacy policy will be communicated to you promptly and by appropriate means and the same will be communicated to you if the Data Controller proceeds to process your data for purposes other than those referred to in this statement before proceeding and in time to give your consent if necessary