PRIVACY POLICY FOR POLLS / SURVEYS
PURSUANT TO EU REGULATION 2016/679
We understand that you care about how your information is used and shared, and we want to use this information responsible and diligently. Regardless of whether you are one of our employees or a collaborator, this privacy policy describes how we collect and process your personal data in your capacity or, to use legal terminology, as a “Data Subject”. All processing complies with the provisions of EU Regulation 2016/679 (GDPR) and relevant national legislation.
Data Processor and Data Protection Officer (DPO)
The data controller is the person who defines the purposes of the processing of personal data and, after having collected the data, "uses" the data in compliance with the principles of EU Regulation 2016/679 (hereinafter GDPR). The Data Controller is FINWAVE SpA, tax code and VAT number 03368590968, Corso Italia, 22 – 20121 Milan (MI) Tel. +39 02 02 8490 7101 certified e-mail finwave@legalmail.it
Finwave SpA has appointed its Data Protection Officer, who can be contacted at the following e-mail address: dpo-finwave@finwave.it
Legal Basis and Processing Methods
The legal basis for the processing is your (data subject's) freely given consent to take part in the Survey that Finwave has invited you to participate in.
The purpose of this privacy policy, with the table below, is to inform you of the reasons and recipients who may come into contact with your personal data.
Aware of the importance of your personal data, we will ensure that we process it using electronic means and/or paper media, taking all appropriate security measures to protect it while guaranteeing its free circulation.
Data processing purposes |
Personal Data Categories |
Recipient Categories |
Internal polls / surveys
Collection of opinions from staff and/or co-workers with the aim of improving business processes |
|
|
External polls / surveys
Collection of opinions, related and not related to customer satisfaction processes, from end customers and/or suppliers in order to improve business processes |
|
|
Transfer of personal data
We will not transfer your personal data to any company or individual that does not guarantee full data protection. If, for contractual purposes with our suppliers, your data is transferred to a third country, we will require the supplier to comply with the principles of the GDPR - and appoint the supplier as the data processor by adopting the mechanisms provided to guarantee the transfer - to ensure the effective protection of your personal data rights. You may always request the list of Data Processors by contacting Finwave at the addresses indicated in this privacy policy.
Security Measures
Our security system is based on the correct use by all employees and collaborators of the instruments made available to them. For this reason, we invite you to read and act in accordance with our company security procedures.
Any data you provide us with will be processed in accordance with the principles of lawfulness, transparency and fairness, in accordance with the company's security policy, published on the intranet, which allows us to guarantee, with your cooperation, the secure processing of personal data.
Should there be a particular risk of breach, we will notify you promptly.
Rights of the Data Subject
In addition to guaranteeing the right to lodge a claim with the Supervisory Authority, which for Italy is the Italian Data Protection Authority, the GDPR grants you the following rights:
- Right of access (Article 15): Possibility for the Data Subject to obtain from the Controller confirmation as to whether or not his or her personal data is being processed and to obtain further information, including the purposes of the processing, the categories of personal data and the recipients.
- Right to rectification (Article 16): Possibility for the Data Subject to obtain rectification of inaccurate personal data from the Data Controller.
- Right to be forgotten (Article 17): Possibility for the Data Subject to request the deletion of his or her personal data if one of the reasons provided for in the article exists, including: revocation of consent, unlawful processing and exercising the right of defence.
- Right to restriction of processing (Article 18): Possibility for the data subject to obtain the restriction of processing, which can be configured as a total or partial suspension of the processing of the data or also, in some cases, as a blocking of the same. This can only be requested in exceptional cases expressly determined by the rule, including the period necessary to establish the accuracy of personal data, unlawful processing, the exercise of a right in a court of law.
- Right to data portability (Article 20): The Data Subject has the right to request that his or her data be disclosed to him or her, when exercising his or her rights, in an easily comprehensible format.
- Right to object (Article 21): Possibility for the Data Subject for reasons relating to his or her particular situation to object to the processing of his or her data pursuant to Article 6, paragraph 1, letters e) and f).
- Right not to be subject to automated decision-making (Article 22) Possibility for the data subject to object to processes based solely on automated processing if they have legal effects on him or her or significantly affect him or her.
We inform you that should you decide to exercise one or more of the above-mentioned rights, the Data Controller will disclose your personal data to the processors for related fulfilments (Article 19 GDPR).
If you have any doubts or need clarification, or if you wish to exercise your rights, please contact us at the following address: dataprivacy@finwave.it
Personal Data Retention Times
Your data will be retained for:
- Internal employee and staff polls / surveys 2 years after collection
- External customer and supplier polls / surveys 3 years after collection