Privacy policy for other Stakeholders categories

informativa dipendenti

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF EMPLOYEES

PURSUANT TO ART. 13 AND 14 OF REGULATION (UE) 2016/679 (“GDPR”)

 

CATEGORIES OF PERSONAL DATA PROCESSED  

  • "Common" data related to employees and possibly their family members, collaborators, Company directors or common data referring to candidates for covering open company positions.
  • Health data (certificates relating to absences due to illness, maternity leave, accident/injury, data on the suitability of certain jobs and mandatory start-ups, belonging to protected categories), data revealing union membership or political opinions (appointment of offices in unions or political parties, request for check-offs ), religious convictions and belief  (request for enjoying  religious holidays), etc. (special categories of data, former "sensitive" data) of employees and possibly their family members, collaborators, Company directors.

 

DATA ORIGIN/SOURCE

In addition to direct collection from the person concerned (e.g. directly provided by you), data is also collected during  employment relationships, acquired by third parties (e.g. Revenue Agency, CAF, qualified professionals, INPS etc.)

 

PURPOSES OF DATA PROCESSING

LEGAL BASIS OF PROCESSING

DATA STORAGE TERMS 

Purposes connected with the establishment and management of the employment relationship, including the publication of data (name, surname, fixed and / or mobile telephone number, company and company department e-mail address) on the corporate intranet portal, which represents one of the tools necessary for the execution of work performance, in addition to  facilitating contacts between employees.

Execution of the employment contract 

Contractual duration and  15 years,after contract expiration.

In the case of a legal dispute, for the entire duration of the same, until expiration of enforceability terms of practicability of appeal actions.

Fulfillment of obligations or exercising of rights under national or European Union law or collective employment contracts in accordance with national law.

Need to comply with the legal obligations to which the data controller is subject, and with regard to particular categories of data, fulfill the obligations and exercise the rights of the data  controller or person  concerned  in the field of labor law and social security and social protection in accordance with the provisions of art. 9.2,  lett. b) of GDPR or for purposes of preventive medicine or occupational medicine, assessment of the employee's ability to work performed by a competent doctor, as pursuant to art. 9. co. 2, lett. h) and in compliance with the provisions of art. 9., co. 3 of GDPR

If necessary, in order to ascertain, exercise and / or defend the rights of the Data Controller in Courts of Law

Legitimate interest

Supervision of physical access (including video surveillance) in order to ensure safety of people and goods (in compliance with Article 4 of the Workers' Statute and subsequent modifications and amendments, the equipment installed is not designed to control remote working activities).

Legitimate interest

Video surveillance:

6 days from the time the images were taken (as indicated in the respective union agreements or ITL authorizations)

Supervision of physical access, other than video surveillance

180 days

Supervision of Logical access to company information systems in order to ensure safety of people and goods 

Legitimate interest

180 days

Publication of photography and possibly of the CV on the corporate intranet portal

Consent (optional and revocable at any time).

Contractual duration, except in case of consent revocation

Once the abovementioned storage terms have elapsed, Data will be destroyed, deleted or made anonymous, consistently  with technical cancellation and backup procedures.

 

DATA  PROVISION

The provision of data is mandatory for entering  into employment contract and for the fulfillment of legal obligations.

 Refusal to provide the data will  not therefore allow to stipulate and continue any  employment relationship .

 

CATEGORIES OF DATA RECIPIENTS

Data may be disclosed to external subjects acting as data controllers, for instance, authorities and supervisory and control bodies and in general public or private subjects, who are entitled to request such Data.

Data may also be disclosed, as data controllers, to subjects who need to access such data for accessory purposes connected with existing relationships within the limits strictly necessary to carry out any auxiliary tasks (mention is made by way of example of credit institutions and forwarding agencies) and, with the same limits, to our consultants, upon  our letter of appointment  imposing their obligation to confidentiality and security.

Data can be processed, on behalf of the data controller, by external subjects appointed as data processors,  who perform  specific activities on the controller’s behalf , such as  accounting, tax and insurance obligations, personnel management , correspondence, management of collections and payments, etc.

 

SUBJECTS AUTHORIZED TO CARRY OUT DATA PROCESSING

Data can be processed by employees of the company departments responsible for the performance of the aforementioned purposes, who have been expressly authorized to carry out data processing and who have received adequate operating instructions.

 

TRANSFER OF PERSONAL DATA TO EXTRA-EUROPEAN COMMUNITY COUNTRIES

Not Applicable

 

RIGHTS OF THE PERSON CONCERNED  - COMPLAINT TO CONTROL AUTHORITIES  

By sending an email to the Personnel & Organization Direction Dept., at the address   organizzazione@financo.it,    persons concerned can:
• ask the data controller to access data concerning him / her, as well as their  correction, integration, or their deletion , as well as  limitation to data  processing; 
• oppose data processing in case of legitimate interest by the data controller for reasons connected with the specific situation;
• receive such  data in a structured, commonly used and automatically readable format, as well as, if technically feasible, to transmit them to another data controller without any impediment (“data transfer right ”) ;
Persons concerned shall have the right to lodge a complaint to the competent Supervisory Authority 
 

[1] What does the right to data processing limitation entail ?

In the temporary submission of data for storage operation only, in the following cases as per art. 18 GDPR:

the person concerned  contests  accuracy of his/her personal data, for the timeframe necessary for the data controller  to verify the accuracy of such data ;
data processing is illegal and the person concerned opposes the cancellation of data and requests to limit their use ;
the data controller does not need data any longer, but such data is necessary to the person concerned to ascertain, exercise or defend a right in a court of law;
the person concerned opposed data processing as pursuant to art. 21.1 of GDPR, waiting for verification of the possible prevalence of the data controller’s  legitimate reasons over  the ones of the person concerned.

[1] When can the data transfer right be exercised ?

In the event data processing is based on the consent or contract or performer with automatized systems.

 

 

 

Cookies help us in providing our services; therefore, if you use our services you consequently accept our use of cookies. Info