CONSENT FOR PERSONAL DATA PROCESSING
(according to Regulation EU 2016/679)
Bomi Italia s.p.a. (holding of BOMI Group), with legal address in Vaprio d’Adda (MI) Via Campo Cioso 125, CF and VAT identification number 05965610966 (hereafter “Controller”), as the controller of processing, inform You that according to article 13 D.Lgs. 30.6.2003 n. 196 (hereafter, “Codice Privacy”) and article 13 Regulation (EU) n. 2016/679 (hereafter, “GDPR”) Your data will be processed in the following manner and for the following purposes:
- Processed data
The Controller processes personal data, identifiers (e.g. name, surname, legal form, address, telephone number, e-mail, bank and payment references (hereafter, “personal data” or also “data”) communicated by You to sign contracts for the provision of services by the Controller or to fill-in forms or request modules that are available on the company site www.bomigroup.com.
- Purposes of processing
Your personal data will be processed:
- Without Your explicit consent (article 24 letters a), b), c) Codice Privacy and article 6 letters b), e) GDPR), for the following Service Purposes:
- sign contracts for the services provided by the Controller;
- comply with pre-contractual, contractual and fiscal obligations determined by the legal relationship with You;
- comply with regulatory and statutory requirements, Italian and European law or instructions and orders given by Authorities (such as in matters related with prevention of money laundering);
- exercise the rights of the Controller, for example the exercise of the right to defense during trial;
- Only after Your specific and separate consent (articles 23 and 130 Codice Privacy and article 7 GDPR), for the following Marketing and Recruiting Purposes:
- send You via e-mail, letter and/or sms and/or telephone calls, newsletter, commercial communications and/or advertising material on products or services provided by the Controller and sharing of the level of satisfaction in relation to the quality of services;
- send You via e-mail, letter and/or sms and/or telephone calls, commercial communications and/or advertising material of third parties;
- contact You via e-mail, letter e/o letter and/or sms and/or telephone calls in case of vacancies in line with Your professional profile.
Please note that if You are already our customer or candidate, You may receive commercial communications related to services and products provided by the Controller similar to those that You have already used, except in the case of Your dissent (article 130 paragraph 4 Codice Privacy) or communications related with available vacancies or on-going recruitment.
- Modalities for the processing
The processing of Your personal data is done through the operations defined in article 4 Codice Privacy and article 4 n. 2) GDPR and specifically: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction of personal data.
Your personal data are processed using both paper and digital supports and/or automatic operations. The Controller will process personal data for the time necessary to comply with the purposes defined above and in any case not later than 10 years from the moment end of the legal relationship for the Service Purposes and not later than 2 years from the time of collection of data for the Marketing and Recruiting Purposes.
- Access to data
For the purposes defined in article 2.A) and 2.B) Your data may be accessible to:
- employees and collaborators of the Controller, in the role of processors for the processing and/or as system administrators.
- Provision of data
Without the need of an explicit consent (ex article 24 letters a), b), d) Codice Privacy and article 6 letters b) and c) GDPR), the Controller may provide Your data for the purposes defined in article 2.A) to Public Bodies (such as IVASS, Institute for the Supervision of Insurance), judicial Authorities, insurance companies in relation to the provision of insurance services, as well as to those subjects to which the provision of data is a duty defined by the law in relation to the purposes above defined. Those subjects will process the data according to their role of autonomous controllers. Your data won’t be publicly disclosed.
- Transfer of data
Personal data are stored on servers that are located in Milan (Italy) within the European Union. However it is understood that the Controller, where necessary, has the faculty to transfer the data on server located outside the EU. In this case, the Controller ensures that the transfer of data to non EU Countries will be done according and in compliance to the applicable law requirements, concluded following the standard contractual clauses defined by the European Commission.
- Nature of the consent and denied consent consequences
The consent to process data for the purposes defined in article 2.A) is mandatory. In case of denied consent we cannot guarantee to You the Services defined in article 2.A). The consent to process data for the purposes defined in article 2.B) is optional. You may decide to or not to consent the processing of data or afterwards deny the consent to process the data: in this case You won’t be able to receive newsletter, commercial communications, advertising material related to the Services provided by the Controller or communications related to job vacancies or invitation for job interviews. You will in any case continue to have the right to access to the Services defined in article 2.A).
- Rights of the data subject
In Your role of data subject, You have the rights defined in article 7 Codice Privacy and article 15 GDPR and specifically the rights to:
- obtain confirmation if and where are processed data that are related to You, even if not yet registered, and to obtain them in an intelligible form;
- obtain indication of:
- a) origin of personal data;
- b) purposes and modalities of the processing;
- c) the criteria applied in case the processing is done through the use of electronic equipment;
- d) information on Controller, processors and the representative defined according to article 5, paragraph 2 Codice Privacy and article 3, paragraph 1, GDPR;
- e) the subjects or categories of subjects to whom personal data may be communicated or that may get knowledge of according to their role of representative defined in the territory of the State, or processors;
- to obtain:
- a) update, rectification or, when there is an interest, integration of data;
- b) deletion, modification to make them anonymous or the block of data processed in breach of the law, included those that for which the processing isn’t necessary according to the purposes for which they have been initially collected or processed;
- c) statement that the operations at letters a) e b) have been made known, also in relation to their content, to those to whom the data have been communicated or disclosed, with the exception of the cases where the provision of information requested proves to be impossible or would involve a disproportionate effort.
- to object, in whole or in part:
- a) on legitimate grounds, the processing of Your personal data, even if relevant to the purposes of their collection;
- b) the processing of Your personal data to forward advertising material or perform direct selling or perform market analysis or forward commercial communication or recruiting, through the use of auto dialing systems without the intervention of operators, through e-mail and/or standard marketing activities through telephone and/or mail. It is understood that the right of the data subject to object, defined in the previous point b), for the purposes of direct marketing through automated systems includes also the traditional means and that it doesn’t affect the right to object of the data subject, even if objects in part. Therefore, the data subject may decide to receive only communication through traditional means or only through automated system or none of these two types of means of communication.
Where applicable, the data subject has also the rights defined in articles 16-21 GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Data Protection Authority.
- Modalities for the exercise of rights
You may exercise Your rights in any moment forwarding:
- registered mail with return receipt to Bomi Italia s.p.a., fao Compliance Department, Via Torri Bianche 9 – 20871 Vimercate (MB) - Italia
- e-mail at privacy@bomigroup.com
- Controller and processors
The Controller is Bomi Italia s.p.a. with legal address Via Campo Cioso 125 – 20069 Vaprio d’Adda (MI) and managements’s offices in Via Torri Bianche 9 – 20871 Vimercate (MB). The updated list of processor is retained in two copies at legal address and management’s offices of the Controller.