CUSTOMER, SUPPLIER AND PARTNER PRIVACY POLICY
PURSUANT TO EU REGULATION 2016/679
The undersigned Company FINWAVE SPA hereby informs you that, for the management of the contractual relationship in progress, it is the Data Controller of your data qualified as personal data pursuant to EU Regulation 2016/679, hereinafter referred to as GDPR; therefore, the following information is provided to the Data Subjects regarding the processing of their personal data.
Data Processor and Data Protection Officer (DPO)
The data controller is FINWAVE SPA with registered office in Corso Italia, 22 - 20121 Milan (MI) - in the person of its legal representative pro tempore who is domiciled at the Company's registered office.
Finwave SpA has appointed its own Personal Data Protection Officer, who can be contacted at the following e-mail address: dpo-finwave@finwave.it
Legal Basis and Processing Methods
The legal basis for the processing of your personal data is the performance of the contract and the fulfilment of legal obligations, to which the Data Controller is subject and to which you - as the Data Subject - are a party. As established by Article 6, paragraph 1, letter b), c) of the GDPR the provision of personal data is mandatory for the purposes contained below. Any refusal to provide them in whole or in part may result in the impossibility for Finwave SpA to execute the contract or to properly perform all the obligations, such as tax, administrative and technical obligations.
A further legal basis applied is the legitimate interest of the data controller in the processing of personal data, due to the data controller's compliance with voluntarily adopted protocol standards (e.g. ISO/CEC certification, etc.).
The Data Subject is hereby informed that, in accordance with the stated purposes of processing, his or her data will be processed by Finwave SpA.
Purposes |
Personal Data |
Recipient Categories |
Execution of measures prior to the conclusion of sales or service contracts |
Common data including biographical data, company, company role, company e-mail contact details, etc. |
|
Contractual obligations towards the Data Subject |
Common data including biographical data, company, company role, company e-mail contact details, etc. |
|
Obligation under applicable laws or regulations |
Common data including biographical data, company, company role, telephone numbers, company e-mail contact details, etc. |
|
Operational, management, accounting, design or consulting needs |
Common data including biographical data, company, company role, company e-mail contact details, etc. |
|
Initiate processes to improve the quality of the services provided, by sending questionnaires to a customer contact person |
Common data including biographical data, company, company role, company e-mail contact details, etc. |
|
Transfer of personal data
All data collected will be processed in Italy exclusively for the specified purposes and, only where necessary, will be transferred to third countries after verification of adequate protection of the data subject's rights.
Security Measures
Consistent with the provisions of Preamble 49 of the GDPR, the Data Controller processes, including through its suppliers (third parties and/or recipients), your personal data to the extent strictly necessary and proportionate to ensure network and IT security, i.e. the ability of a network or IT system to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
The Data Controller will promptly inform the Data Subject if there is a particular risk of a breach of his or her personal data, without prejudice to the obligations under Article 33 of the GDPR concerning personal data breach notifications.
Rights of the Data Subject
In addition to guaranteeing the right to lodge a claim with the Supervisory Authority, which for Italy is the Italian Data Protection Authority, the GDPR grants the Data Subjects the following rights:
- Right of access (Article 15): Possibility for the Data Subject to obtain from the Controller confirmation as to whether or not his or her personal data is being processed and to obtain further information, including the purposes of the processing, the categories of personal data and the recipients.
- Right to rectification (Article 16): Possibility for the Data Subject to obtain rectification of inaccurate personal data from the Data Controller.
- Right to be forgotten (Article 17): Possibility for the Data Subject to request the deletion of his or her personal data if one of the reasons provided for in the article exists, including: revocation of consent, unlawful processing and exercising the right of defence.
- Right to restriction of processing (Article 18): Possibility for the data subject to obtain the restriction of processing, which can be configured as a total or partial suspension of the processing of the data or also, in some cases, as a blocking of the same. This can only be requested in exceptional cases expressly determined by the rule, including the period necessary to establish the accuracy of personal data, unlawful processing, the exercise of a right in a court of law.
- Right to data portability (Article 20): The Data Subject has the right to request that his or her data be disclosed to him or her, when exercising his or her rights, in an easily comprehensible format.
- Right to object (Article 21): Possibility for the Data Subject for reasons relating to his or her particular situation to object to the processing of his or her data pursuant to Article 6, paragraph 1, letters e) and f).
- Right not to be subject to automated decision-making (Article 22) Possibility for the data subject to object to processes based solely on automated processing if they have legal effects on him or her or significantly affect him or her.
If you have any doubts or need clarification, or if you wish to exercise your rights, please contact Finwave SpA by writing to the following address: dataprivacy@finwave.it
We inform you that should you decide to exercise one or more of the above-mentioned rights, the Data Controller will disclose your personal data to the processors for related fulfilments (Article 19 GDPR).
Personal Data Retention Times
Your personal data will be retained as long as necessary to fulfil the legitimate purposes for which it was collected, i.e. also after the termination of the business relationship for the fulfilment of all legal and fiscal obligations connected with or arising from the conclusion of the contract.
Data collected for the purposes of improving the quality of services provided will be stored for 3 years after which they will be anonymised.