The personal data provided will be processed in accordance with the EU Regulation 2016/679 (“GDPR”) in particular complying with the principles of necessity, transparency, lawfulness, fairness and proportionality of the personal data processing.
1. The Data Controller
The company Renner Italia S.p.A. is the Data Controller, with registered office in via Ronchi Inferiore 34, 40061 Minerbio (BO), VAT no. 02433001209: it autonomously decides on the purposes and methods of processing, as well as on the security procedures to be applied in order to guarantee the confidentiality, integrity and availability of data. The updated list of Data Protection Officers and Data Processors is kept in the headquarter of the Data Controller.
2. Subject of the processing
The Data Controller processes the personally identifiable information that you provided or otherwise acquired during the period in which you performed your duties as member of the Supervisory Body in the company for the purposes detailed in art. 4 of this Notice.
3. Method and duration of the data processing
The processing of your personal data is carried out by means of the operations indicated in the art. 4 par. 2 GDPR and in compliance with the principles of lawfulness, fairness and transparency and the other principles indicated in art. 5 GDPR.
The Data Controller will process your data for the purpose of establishing and managing your duties as a member of the Supervisory Body for the necessary time to fulfill the various purposes and in any case for no more than 10 years from the discontinuance of the office for service, contractual, tax and accounting or legal defense purposes.
4. Purpose of the processing and legal basis of the processing; mandatory or optional nature of the provision of data and needs for consent and consequences of absence of consent; automated decision-making processes.
The personal data collected will be processed manually and/or by means of electronic or telematic devices in the field of the existing professional relationship linked to your role as a member of the Supervisory Body for the following purposes:
- for purposes related to obligations imposed by the law, regulations and EU legislation;
- for purposes related to the management of corporate obligations;
- for purposes related to the management of relationship arising from the duties as a member of the Supervisory Body;
- for potential defensive purposes, such as litigation management.
To pursue the aforementioned purposes, the Data Controller will process your personally identifiable information (e.g. name and surname, place and date of birth, marital status, address, telephone number and e-mail address, bank account details, etc.) for the implementation of the professional relationship, for the fulfillment of legal obligations, as well as for the pursuing of a legitimate interest of the Data Controller, such as the defense in court. It is therefore not required to obtain your consent for these processing purposes.
The provision of your data is necessary for the implementation of the professional relationship and for the fulfillment of legal obligations; therefore, the non-provision of data results into the impossibility of performing duties as corporate member.
The processing of your data will in no way be subject to profiling and/or automated decisions.
5. Access and data transfer
Your data will be processed by means of computer and manual devices that guarantee safety and confidentiality.
Your data may be accessible and/or transferred for the purposes referred to point 4:
- to employees and/or collaborators of the Data Controller appointed as Data Processors;
- to third parties, for example credit institutions, service companies, maintenance personnel of hardware and software company tools, insurance companies, consultants, freelancers, professional training institutes, as well as to the competent authorities in compliance with a legal obligation, EU regulation or legislation (e.g. Prefecture, Police Headquarters, Law Enforcement, Carabinieri, Firefighters), public and/or private bodies in compliance with a legal obligation, EU regulation or legislation, or on the basis of instructions given by Authorities authorized by the law or by supervisory and control bodies.
The management and storage of personal data will be in paper archives in the Data Controller’s headquarters and/or in servers located inside the European Union owned by the Data Controller and/or third party companies duly appointed and indicated as Data Protection Officers. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy and/or to the European Union and/or non-EU countries. In this case, the Data Controller ensures from now on that the transfer will be in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
6. Rights of the party concerned
You can exercise your rights of art. from 15 to 22 GDPR, in particular the right of data access, rectification or cancellation, to request the limitation or to oppose to the processing, in addition to the right of data portability. Furthermore, the party concerned has the right to lodge a complaint with the Data Protection Authority.
In case of violation of your personal data, taking into account the provisions of art. 34 GDPR, the Data Controller will inform you this violation.
7. Contacts for the exercise of the rights of the party concerned
At any time, you can exercise your rights by sending a registered letter with return receipt to the address of the registered office of the Data Controller or an e-mail to the address firstname.lastname@example.org.