DEFINITION OF “DATA”
“Data” means data relating to consultants/suppliers who are natural persons processed by the Company for the purpose of entering into and executing contractual relationships (“Suppliers”).
DATA PROCESSING PURPOSES
Purposes relating to establishing and executing the contractual relationship between the Supplier and the Company.
To fulfill administration/accounting requirements, such as accounts and treasury management, invoicing (e.g. logging and checking invoices) in accordance with legislation.
If necessary to ascertain, exercise and/or safeguard Company rights in legal proceedings.
Marketing purposes: sending of communications for invitations/planning/execution of business events and fairs by automated (such as e-mail, SMS or MMS) and traditional means of contact (such as telephone calls with operator and traditional mail).
LEGAL BASIS FOR PROCESSING DATA
Executing the contract.
Requirement to meet the Company’s legal obligations.
Legitimate interest (legal protection).
Consent (which is optional and can be withdrawn at any time).
Once the aforementioned retention period has lapsed the Data will be destroyed or made anonymous.
DATA RETENTION PERIOD
Contractual term and, after expiry, 10 years (standard statute of limitations).
10 years.
In the case of litigation, for the entire duration of the same, until the time limit for appeal has expired.
Personal data and contact data: until revocation of consent.
DATA PROVISION
Data must be provided to agree and/or execute the contract. Refusing to provide Data means it will not be possible to establish the contractual relationship and/or fulfil the resulting contractual obligations.
DATA RECIPIENTS
Data may be communicated to external parties operating as data controllers, by way of example, authorities and supervisory and control bodies and, in general, public or private parties entitled to request Data. Law firms and notaries, insurance and insurance brokers.
Data may be processed, on behalf of the controller, by external subjects appointed as data processors, who carry out specific activities, by way of example, accounting, tax and insurance requirements, dispatch of correspondence, management of receipts and payments, agencies of events management, media relations agencies, consulting companies, audit firms.
SUBJECTS AUTHORIZED TO PROCESSING DATA
Data may be processed by employees in company departments that are responsible for carrying out the activities outlined above and have been authorized to process the Data and have received suitable operating instructions.
PERSONAL DATA TRANSFERS OUTSIDE THE EU
The data may be transferred abroad to non-European countries whose level of data protection has been deemed appropriate by the European Commission pursuant to Art. 45 of the GDPR.
In case of transfer of personal data abroad to non-European countries whose level of data protection has not been deemed appropriate by the European Commission, Standard Clauses pursuant to European Commission Decision of February 5, 2010 will be applied.
DATA SUBJECTS’ RIGHTS – COMPLAINT TO THE SUPERVISORY BODY
By contacting Ariston S.p.A. via mail address to Viale A. Merloni 45, Fabriano (AN), via e-mail sent to privacy.aristonthermo@aristonthermo.com, certified e-mail aristonthermo@pec.aristonthermo.com, data subjects can ask the Company for access to personal data, or the correction or deletion of personal data, and also have the right to restrict processing of the data in the cases set out in article 18 of the GDPR, and object to processing in the case of legitimate interests of the controller.
Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.
Data subjects have the right to lodge a complaint with the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
Data subjects have the right to withdraw consent at any time in relation to data processed for marketing purposes, and object to data being processed for these purposes. Data subjects have the possibility of stating a preference for being contacted for the aforementioned purposes through conventional methods and objecting to receiving communication through automatic methods only.
DATA PROTECTION OFFICER (DPO)
Data Protection Officer (“DPO”) appointed by Data Controller pursuant to Art. 37 and following of the GDPR is Mr. Gabriele Faggioli.
It is possible to contact the Data Protection Officer (“DPO”) via e-mail at:
DPO.AristonThermoGroup@aristonthermo.com