With the present the writing company, as Data Controller, whereas:
Pursuant to art. 29 of Reg. (EU) 2016/679, authorizes access to / processing of personal data and provides you with adequate instructions to ensure an adequate level of security. 1. REFERENCES OF LAW, DEFINITIONS This document (required by law) concerns all employees / collaborators. This is because the legislation in question for “personal data” means any information relating to a natural person and for “processing” any operation performed on such data, including simple access or consultation. (Example: it is therefore sufficient that you temporarily consult a document that shows the name of a person, or you access a phone book -some-containing names, to be considered subjects who in the conduct of their business within the company treat personal data). The regulation defines “data subject” the natural person to whom the data refers (eg: a customer, a supplier, a visitor, a colleague, etc.). 2. AUTHORIZATION SCOPE In general, only the access to data and processing operations strictly necessary for the performance of work tasks (access profiles defined and monitored at company management level) are permitted. In the eventual use of electronic tools, the user profile is configured according to this logic, ie guaranteeing an adequate level of consistency between the work tasks and the assigned permissions. Staff is required to respect the assigned permissions, avoiding any attempt to access resources that are not relevant to their profile. At the level of paper documentation, it is requested not to arbitrarily access archives / files / documents that are not necessary for the tasks assigned. Within the general framework outlined in this document, it is necessary to comply with the rules / instructions / instructions relevant to working environment (present or future) and with the functions / tools made available by the Data Controller. For any doubt or request for changes regarding the default access permissions, please contact the privacy team, referred to in paragraph 5 of this. 3. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA (GDPR – Art.5)
4. INFORMATION, CONSENT AND RIGHTS OF DATA SUBJECT (GDPR – Art.12-22) The GDPR provides that the data subjects receive adequate informations regarding the processing of their data, expressing, if necessary, a specific, free and informed consent. In addition, the need to secure the rights referred to in Chapter III of the GDPR is acknowledged, including the right of access, rectification, forgetting / cancellation, limitation, portability and opposition. The company has implemented adequate internal procedures aimed at guaranteeing the aforementioned rights, therefore it is required, should it be addressed by any subject, a request in the field of privacy, to promptly report it to the privacy team, referred to in paragraph 5 of here I’m. 5. PRIVACY TEAM The company has defined a specific internal organization to guarantee an effective application of the privacy compliance requirements. For any information / clarification or to report any profiles referred to in these instructions (eg: safety incident, new treatment activity, requests of the data subjects, etc.) it is possible to contact, without particular formalities, to: • Data Protection Officer – Dr. Gregorio Galli – Mob. 329.0516409 – gregorio@gallidataservice.com 6. PRIVACY BY DEFAULT AND PRIVACY BY DESIGN (GDPR – Art.25)
7. SAFETY OF PROCESSING AND OPERATING INSTRUCTIONS (GDPR – Art.32)
7.1 INSTRUCTION FOR DATA MANAGEMENT IN PAPER FORMAT
8.2. INSTRUCTION FOR DATA MANAGEMENT IN DIGITAL FORMAT The electronic devices and business applications, as well as the contents generated by the users, are work tools, to be used exclusively for professional purposes (on which the company can lawfully have management / verification activities). Users with electronic company tools are required to comply with the provisions contained in the specific Company Computer Regulations, which summarize the main concepts:
General instructions In general it is forbidden to any subject, except for activities expressly connected to their duties, to disclose information concerning personal data, make copies of any kind (on paper, computer, etc.) and destroy, steal or manipulate the contents of the databases if not expressly authorized by the Data Controller. 9. DATA BREACH (GDPR – Art 33,34) The GDPR provides that the Controller manages any event that could pose a security risk for personal data (data breach, violation of personal data). There is a “violation of personal data” when accidentally (culpably) or unlawfully (maliciously) an event causes the destruction, loss, modification, unauthorized disclosure, access to personal data transmitted, stored or otherwise processed (eg: theft devices / documents, loss of devices / documents, attack / computer virus, deletion or unintentional sending of data, etc.). In order to correctly activate the persons responsible for handling such events, you are asked to report to the privacy team any circumstances that he believes can be considered a “data breach”. 10. INSTRUCTIONS UPDATE MODE These instructions may be subject to periodic updating / integration, according to the methods deemed most appropriate, also in relation to the provisions of article 7 of the Workers’ Statute (“posting in a place accessible to all “). In relation to the extent of updates, the Company will use further effective dissemination tools, such as: forwarding by email, publication on the company intranet and / or dedicated platforms, sending individual hard copy, organizing dedicated training events, etc. 11. INTEGRATION D.LGS. 196/2003, DURATION AND VIOLATION
FORNAROLI POLYMERS S.P.A. Registered Office: Via Archimede, 57 – 20129 Milano (MI) – I LOCAL UNIT: Via Trebbia, 71 – 29121 Piacenza (PC) – ITALY Tel. +39/0523/484944 – Fax +39/0523/482660 VAT No. 09301380961 – Share capital Euro 2.000.000,00 fully paid-up Tax Registration No. and Registration number at the Milan Chamber of Commerce: 01338080334 Economic and Administrative Index of Milan no. 09301380961 Web Site: www.fornarolipolymers.com E-mail: info@fornarolipolymers.com PEC (certified email): fornarolipolymers@tmcert.it