Policy in accordance with articles 13 and 14 of eu regulation 679/2016 on personal data processing for visitors

INNOVERY S.p.A. (hereinafter referred to as the “Data Controller” or “Company”) considers the protection of your personal data to be of utmost importance. We ensure that the processing of personal data, carried out through any means, whether automated or manual, complies with the rights recognized by EU Regulation No. 679/2016 (GDPR), as well as Legislative Decree No. 196/2003, as amended and supplemented by Legislative Decree No. 101/2018 and any other applicable national and/or community legislation.

According to the GDPR Regulation, before processing Personal Data, it is necessary to inform the individual to whom such Personal Data belongs (“Data Subject”) about the purposes and methods of processing within the scope of their customer/supplier relationship. The purpose of this document is therefore to provide, in a simple and clear manner, all the information that will be useful to enable you to communicate your Personal Data to the Controller in a conscious and informed manner and, at any time, request and obtain clarifications and/or rectifications and exercise your rights.

DATA PROCESSING AND CONTACTS CONTROLLER

Innovery S.p.a., in the person of its legal representative pro tempore, with registered office in Strada 4, Pal. A6, snc c/o Centro Direzionale Milanofiori 20057 – Assago (MI), Tax Code and VAT number 02556430987, PEC: amministrazione@cert.innovery.it, E-MAIL: privacy@innovery.net

INTERESTED PARTIES

Visitors to the headquarters/locations/offices of the Company and its Subsidiaries.

PURPOSES OF THE PROCESSING

Personal data are processed for the following purposes:

Access control at company offices;

Detection of permanence in these offices;

Identification of people present for the management of emergency situations.

LEGAL BASIS OF THE PROCESSING

The legal basis for the purposes indicated in the preceding paragraph is in the legitimate interest of the Data Controller and are therefore lawfully processed; the collection of such data does not require consent; Therefore, providing data for the above-mentioned purposes is compulsory; in the absence of such data, the Controller may not grant access to the offices.

CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING

In order to manage visitor access to the offices, the Controller processes your personal data identifying the COMMON NATURE (personal and contact data).

Personal data are provided by the interested persons during visits (interviews, work sessions, meetings with customers and suppliers, auditors, etc.) to the company’s offices/places.

PROCESSING METHODS

Personal data will be processed in non-automated form, on paper or by automated, computerised or telematic methods, in compliance with Article 5 of the GDPR and entered into the relevant databases that can be accessed by Innovery staff, duly appointed as “Personal Data Processors”.

Processing may also be carried out by third parties who provide specific processing, administrative or instrumental services necessary for the achievement of the above purposes. All data processing operations are carried out in such a way as to guarantee the integrity, confidentiality and availability of personal data.

PERSONAL DATA RETENTION PERIOD

Personal data are processed for the time necessary to fulfil the purposes set out in this privacy policy, and will be stored for a period of 30 days and then permanently deleted.

COMMUNICATION AND DISCLOSURE OF PERSONAL DATA

Personal Data will be accessible, within the scope of their respective functions, to employees and collaborators of the Controller duly designated for the execution of specific tasks and/or functions as Authorized/Personal Data Processors. Your data will neither be disclosed nor communicated to third parties other than those specifically provided for by law (e.g. Judicial Authorities, Health Authorities, also for the reconstruction of the chain of any close contacts of a worker who has tested positive for COVID-19, Civil Protection, etc.).

RIGHTS OF THE INTERESTED PARTIES

As an interested Subject, you are guaranteed all the rights specified in Art. 15 – the right to access, 16 – rectification right, 17 – deletion right, 18 – the right of restriction to processing, 20 – right of portability, 21 – right of objection, 22 – the right to object to automated decision-making under GDPR 679/16, as well as the right to lodge a complaint with the Garante.

The aforementioned rights can be exercised by sending a written communication via email to the following PEC address: amministrazione@cert.innovery.it; privacy@innovery.net.