regarding processing personal data
In accordance with GDPR (UE) 2016/679
Processing personal data in non-EU countries or international organizations
ALFACINCOTTI S.P.A., acting as Data Controller and / or Data Processor (hereinafter referred to as, “Controller” or “Processor”), pursuant to Articles 13, 14 and 15 of EU Regulation no. 2016/679 (hereinafter referred to as, “GDPR”), informs you that the data provided by you through the website http://www.alfacincotti.com (hereinafter referred to as, “Website”) is processed lawfully and fairly, in accordance with the provisions of the GDPR and in general with respect to the obligations of confidentiality which influences all of its activities.
The Controller and/or Processor for processing your personal data is AlfaCincotti S.p.A.
Registered and Administrative Headquarters: Largo Pederzana, 16 – 40055 Villanova di Castenaso (BO)
Operating Headquarters: Via privata Raimondo Montecuccoli, 20 -20147, Milano (MI)
Contact email: email@example.com
The Regional Manager, in charge of transferring data abroad, maintains an updated list of authorized subjects. This list is located at the controller’s administrative headquarters.
DPO (Data Protection Officer) whose function it is to control the transfer process and ensure that its’ rights, as guaranteed by GDPR, are protected.
The DPO can be contacted at the following email: firstname.lastname@example.org
Third parties, acting as external processors, co-controllers, or simply as recipients, which come into possession of your data, are stakeholders for the purposes of contracted operations related to processing.
The data that is collected pertains to your identity such as: identification number, registered residence or actual residence, place and date of birth, accounts; characteristic elements such as physical, physiological, psychological, genetic, economic, cultural, social; or any other characteristic that reveals racial or ethnic origin, genetic, biometric, life-related or sexual orientation.
The processing your personal data is relevant to the service that AlfaCincotti S.p.A. provides its customers, which consists of Insurance risk and claims management.
To provide its’ services, AlfaCincotti S.p.A. may need to manage the flow of your personal data to and from countries outside the European Union (eg. third-party country), or other international organizations, to be precise areas outside the territorial scope of the GDPR.
In which case, AlfaCincotti SpA, in its capacity as processor and / or controller, ensures that this flow does not affect the protected rights as guaranteed by the GDPR. Furthermore, that it takes place in complete compliance with one or more of the following legal basis for the processing:
A – Existence of an “adequacy” decision by the European Commission – GDPR art. 45 allows the processing of your personal data even in countries outside the EU; therefore, not subject to European legislation. In the event that their legal system provides for a regulation on personal data that has been deemed “adequate” by the European Commission, therefore in compliance with the principles and protections provided by the GDPR. It is necessary to check whether there are any adequacy decisions by the European Commission. (link: UE GDPR Adequacy Decisions)
B – Presence of adequate safeguards for the proper handling of your personal data – In case there are no adequate safeguards for the proper handling of your personal data, the legal basis for AlfaCincotti S.p.A. to process your personal data, are justified and founded by GDPR art. 46. As such, AlfaCincotti S.p.A. underwrites, as the Data Controller in the third-party country, a contract which contains clauses that are as such to offer an adequate level of protection for the data processing. Such as a satisfactory level of security and the protection of its rights, with effective mechanisms of guarantees. (GDPR art. 46)
If instead AlfaCincotti S.p.A. must transfer your personal data from a site within the European Union, to another company or branch (belonging to the same group) where one of which is located outside the European Union; the protection of your personal data will be guaranteed, pursuant to GDPR art. 47. From the stipulation of contractual clauses, called Binding Corporate Rules (BCR), signed, approved and binding for all companies and their branches, of the same group, acting outside the EU area. (GDPR art. 47)
C – Special exceptions for specific situations – If the third-party country does not guarantee an adequate level of protection, and AlfaCincotti S.p.A. has not yet concluded one of the agreements provided for in paragraph (B), the transfer of your data may take place, as is necessary for the execution of a contract between you and the Data Controller. Or for the conclusion or execution of a contract stipulated between the Data Controller and another natural or legal person in his interest and in your favor. Or on the basis of his explicit consent as expressed in the release displayed at the end of this disclosure. (GDPR art. 49)
AlfaCincotti S.p.A. in any case, prohibits the input of your data on the network, if not at least one of the legal bases for processing indicated in paragraphs A, B, or C is in effect.
The processing is carried out both with manual and / or IT tools, with organization and processing logistics strictly related to the same purposes. As to guarantee the security, integrity and confidentiality of the data. In compliance with the organizational, physical or logistical measures as required by current regulations.
Your personal data is stored on servers that are located within the European Union. It is understood that the controller, if necessary, will have the right to move the servers even to countries located outside the EU. This will be performed in complete compliance with one of the legal basis for processing as provided for in paragraph 4.
The data collected for the purpose of providing the principal services, as requested by the data subject, will be kept for the period strictly necessary to achieve the same purpose. However, AlfaCincotti S.p.A. may continue to keep such data for an extended period, but in compliance with current legislation, in order to handle any disputes related to the provision of services or transmission of data.
Your collected personal data, as related to the purposes previously stated, will not be disclosed. However, it may be disclosed to specifically authorized and designated external parties.
The GDPR guarantees a series of rights pursuant to GDPR arts. 15 – 21. To exercise these rights, are required to contact AlfaCincotti S.p.A. or the DPO.