Transparency and disclosure

Visitor information

INFORMATION ON PERSONAL DATA PROCESSING VISITOR

Sampaolo Stampi s.r.l. would like to inform you about the processing of your personal data.

This information is provided in accordance with the principles of transparency and fairness and respecting your rights, pursuant to EU Regulation 2016/679 on the protection of personal data (GDPR).

DATA CONTROLLER

The data controller is Sampaolo Stampi s.r.l., via Peschiera, 7/a, Montelupone (MC), based on in the European Union, who can be contacted at the following addresses: telephone number 0733 226811, email sampaolo@sampaolo.it.

DATA SOURCE

The data is acquired directly from you, and is provided when you enter our offices and establishments.

In some circumstances your personal data may be provided by your organization, previously given during the plan of the visit.

CATEGORIES OF PERSONAL DATA

The processing concerns:

  • Personal identify data, such as the first name, business name or name of the organization for which you work
  • contact details: email, telephone number
  • Images taken from the video surveillance systems, for which processing please refer to the information specification

Personal data which can be qualified as “particular” are not normally processed, that is to say those data which reveal racial or ethnic origin, political opinions, religious or philosophical convictions, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.

If there is a specific need to collect and process data of a particular type, we will inform you about it, supplementing this information and obtaining a specific consent.

PURPOSE AND LEGAL BASIS OF PROCESSING

Your personal data will be processed for the following purposes:

  • organization and management of the visit to establishments and offices, including from a security point of view, for the correct and timely management of any security devices (PPE) required for access
  • protection of those who are temporarily in the establishments, for example to register their presence in case of accidents
  • prosecution of any type of wrongdoing against assets and personnel

The legal basis of the processing is constituted by the legitimate interest of the Data Controller for the protection of company assets and personal safety (art. 6, para. 1, letter f) of the GDPR ).

METHODS OF PROCESSING

The processing is carried out by means of procedures and tools, including information technology, suitable to guarantee confidentiality, the integrity and availability of data in the ways and to the extent necessary to pursue the above-mentioned purposes and in compliance with the technical and organizational security measures adopted by our organization.

Your personal data is processed only by authorized and trained personnel, who are allowed to access your personal data to the extent that it is necessary for the performance of processing activities.

Data that are surplus or irrelevant to the purposes of processing will be deleted or not used except for the possible retention, in accordance with law, of the document containing them.

AUTOMATED DECISION-MAKING AND PROFILING

Automated decision-making processes, including profiling or the use of intelligent or integrated video surveillance facilities shall not be adopted.

DURATION OF PROCESSING

Personal and contact data collected to allow access at the establishments and offices will be kept for a maximum of 6 months.

Images taken with video surveillance systems shall be kept for 48 hours, except in the case of unlawful acts.  In this case, the images will be kept as evidence until the end of the relevant proceedings, both internal and judicial, at any competent authority.

OBLIGATION OR OPTION TO PROVIDE DATA

The provision of personal data is mandatory for access to establishments and offices.

DATA RECIPIENTS

Your data may be disclosed to the reception, internal administrative and secretarial offices, staff and employees. All subjects who access your data are appropriately authorized, educated and bound to confidentiality obligations.

Your data may be communicated to:

  • public or private entities that may access it under the law, regulations or Community legislation, within the limits provided by these rules
  • to subjects our consultants, in the limits necessary to carry out their duties with our organization, subject to appointment that imposes confidentiality and security obligations
  • to entities that carry out or provide specific services, for example IT service providers, suppliers entrusted with the maintenance of the access system, surveillance services, and providers of maintenance services for video surveillance installations.

The communication of your personal data is limited to the data necessary for the achievement of the specific purposes for which they are intended. 

All the subjects who process data on behalf of the Firm are identified as Processors bound to comply with measures aimed at ensuring the protection of your personal data, pursuant to art. 28 of the GDPR.

Your data will not be disclosed (for example by publication on the web), unless we expressly request it and you give your explicit consent.

TRANSFER OF PERSONAL DATA OUTSIDE THE EU

Your personal data will not be transferred to third parties outside the European Union.

I SUOI DIRITTI

In ogni momento Lei potrĂ  esercitare i diritti che Le sono riconosciuti, ai sensi degli artt. da 15 a 22 del Regolamento UE 2016/679, ovvero:

  1. request confirmation of the existence or otherwise of personal data processed;
  2. obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be communicated, the retention period for the data or the criteria used to determine it;
  3. update or correct personal data so that it is always accurate;
  4. delete personal data when they are no longer necessary for the purposes of processing, if the legal conditions exist and the processing is not justified by another legitimate reason;
  5. Restrict the processing of personal data, where the conditions are met, including inaccuracy, opposition to processing, unlawful processing.
  6. to obtain the portability of the data, if the processing takes place on the basis of a contract and with automated means, that is to receive them in a structured format, commonly used and readable by an automatic device, also in order to pass them on to another data controller;
  7. the right to lodge a complaint with a Supervisory Authority: without prejudice to any other administrative or judicial action, the complaint may be submitted to the Data Protection Authority (in Italy www.garanteprivacy.it, tel 06.696771, email urp@gpdp.it). Or, if the conditions are met, including your different residence or the different Member State where the infringement took place, to the supervisory authorities established in another EU country.

To exercise these rights, you can contact the Data Controller, Sampaolo Stampi s.r.l., whose contact details are indicated at the beginning of this information, without delay.

If Sampaolo Stampi s.r.l. intends to start processing data for purposes other than those described in this information, it will inform you before proceeding and obtain your consent, if necessary.

UPDATES

Sampaolo Stampi s.r.l. updates the policies and internal practices adopted in the protection of personal data whenever necessary and in case of regulatory and organizational changes that have relevance to the processing of personal data.

Any updates to this information will be made available promptly and by appropriate means.