pursuant to art. 13 and 14 EU Reg. 2016/679 for the protection of personal data
Pursuant to art. 13 and 14 EU Reg. 2016/679, therefore, we provide you with the following information
1. DATA CONTROLLER
Data Controller - pursuant to art. 4 and 24 of EU Reg. 2016/679 - is Next Yacht Group S.r.l., with registered office in Lungocanale Palombari dell’Artiglio 42, 55049, Viareggio (LU), VAT number 02466190465.
The Data Controller can be contacted at the following e-mail address: firstname.lastname@example.org
The Data Controller has also appointed a Data Protection Officer (DPO) who can be contacted for questions relating to the processing of your personal data at the following e-mail address: email@example.com
2. TYPE OF PROCESSED DATA
The Data Controller processes the data of individuals who represent the suppliers, are employed by, or are otherwise related in various capacities to suppliers for the purpose of performing construction contracts and subcontracts.
Specifically, the personal data processed are the following:
- data evidencing regular employment (regularity of contributions, wages and insurance) and a copy of the LUL (Employee register) and UNILAV (Employment Form);
- position, contractual classification level, qualifications and suitability to perform certain activities (e.g., safety and machinery training certificates);
- data contained in certificates of medical fitness for the performance of work duties;
- biographic data (including the image of the worker's face) for issuing access badges to company sites;
- data on the presence in the workplace.
3. LEGAL BASIS, LAWFULNESS AND PURPOSE OF THE DATA PROCESSING
We inform you that we will process your personal data in compliance with the conditions of lawfulness - pursuant to art 6 EU Reg. 2016/679 - within the limits and to the extent strictly necessary to accomplish the following purposes:
- management of occupational health and safety in accordance with legislative decree 81/08;
- protection of the company with respect to solidarity contribution constraints provided for by law;
- issuing the access badges to company sites;
The legal basis legitimizing the processing is the performance of a contract or pre-contractual measures, the fulfillment of legal obligations and, in the cases expressly provided for, the legitimate interest of the Controller in the protection of security and its business assets.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The personal data collected may be disclosed to recipients, appointed pursuant to Art. 28 EU Reg. 2016/679, who will process the data as Data Processors and/or to recipients who will process the transmitted personal data as Data Controllers.
Specifically, the data may be disclosed to the following persons/entities:
- firms as part of legal aid and tax advisory relationships, lending institutions, debt collection companies, IT consulting and support, and companies entrusted with surveillance and security services;
- companies and/or third-party construction sites at which personnel are to perform part of the work; - specially authorized in-house personnel;
- internal supervisory bodies and competent authorities/public bodies for the performance of the duties requred by the law.
5. TRANSFER OF DATA TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION
Data will not be transferred to third countries outside the European Union.It should be noted that the use of cloud services may involve the transfer of data to servers located abroad (both EU and non-EU), always in compliance with the applicable legal provisions and, in any case, ensuring respect for maximum security of the data.
6. PERIOD OF STORAGE OR CRITERIA USED TO DETERMINE SUCH PERIOD
Personal data acquired and processed for the purpose of fulfilling administrative/accounting and legal obligations will be kept for 10 years after the end of the contract and in any case to the extent required by law.
Regarding the personnel of contractors and subcontractors employed by the company, the personal data acquired will be stored for the time during which the Contract giver is jointly and severally liable for social contribution, time-limit of 2 years starting from the termination of the construction contract.
However, this is without prejudice to the right to object at any time to processing based on legitimate interest for reasons related to your particular situation.
7. RIGHTS OF THE INTERESTED PARTIES AND METHODS OF EXERCISE OF SUCH RIGHTS
In your capacity as an interested party, you can enforce your rights referred to in Chapter III (articles 15-22) of EU Reg. 2016/679 by contacting the Data Controller by e-mail at firstname.lastname@example.org, by registered letter with acknowledgement of receipt to the address of the company's registered office or by delivery of a hard copy.
The rights you enjoy, pursuant to EU Reg. 2016/679, are the following:
- withdrawal of consent;
- limitation of processing;
- opposition to processing;
These rights are guaranteed to you without any formalities for their exercise, which is essentially free of charge.
Without prejudice to any other administrative or judicial action, you can also lodge a complaint with the Supervisory Authority in accordance with the provisions of EU Regulation 2016/679 and the Privacy Code, as amended by Legislative Decree 101/2018.
8. METHODS OF DATA PROCESSING
The personal data provided will be recorded, processed, managed and filed in paper form and / or with the aid of electronic IT tools and in any case in such a way as to guarantee their security and confidentiality. Relations with contractors will be handled by expressly authorized in-house personnel. Personal data are processed without the intervention of automated systems or processes, and no profiling is carried out.
9. NATURE OF THE DATA PROVISION
The provision of data is understood to be necessary and failure to provide it, in whole or in part, will result in the impossibility for the Data Controller to follow up on the activities related to the main processing, i.e. the impossibility of managing the contract and the fulfilments, including legal ones, arising from the relationship established.
10. DISSEMINATION OF DATA
The personal data collected will in no case and in no way be disseminated to third parties not approved by the Data Controller and may be exhibited only at the request of the Judicial, Financial and Guarantor Authorities, as well as to all other subjects to whom the communication is required by law for the accomplishment of the aforementioned purposes.