INFORMATION AND CONTACT DATA OF THE HOLDER OF THE PROCESSING
Articles 12 – 13 of EU Regulation n. 679/2016
Holder of the processing
Westport Fuel Systems Italia s.r.l. registered office
Via La Morra n. 1, 12062, Cherasco (CN), VAT nr. 00525960043
Contact data of the holder of the processing
Phone: 0172 48681 eMail: firstname.lastname@example.org
Contact data of the Protection Officer
Westport Fuel Systems Italia s.r.l. does not fall within the hypothesis provided for art. 37 of the EU Regulation n. 679/2016
Westport Fuel Systems Italia s.r.l., (hereinafter referred to for brevity as “W.F.S.I. s.r.l. “) with registered office in Via La Morra n. 1, 12062, Cherasco (CN), VAT number 00525960043, as controller of your personal data, informs you, pursuant to Arts. 12 and 13 of EU Regulation no. 679/2016 (General Data Protection Regulation, henceforth referred to as “GDPR”), that your personal data will be processed by specifically authorized parties and limited to the purposes and methods specified below.
OBJECT AND PURPOSE OF THE PROCESSING
W.F.S.I. s.r.l. as Data Controller (henceforth referred to as “Controller”) informs you that your personal data, specifically biographical data, name and surname, residence/domicile address, VAT number, email address, telephone number, identifiers and IP addresses or domain names, will be processed according to purposes and procedures all below foreseen and specified.
Personal data of users of websites belonging to W.F.S.I. s.r.l. as aforementioned, will be processed according to GDPR procedures, for carrying out the features of the following websites.
Especially, the personal data provided to the Controller will be processed for the pursuit of the following purposes:
This information is effective only with reference to the websites:
and not with reference to other and different portals or web sites that may be consulted through the links therein, of which the undersigned the Controller is not in any way proprietary.
The processing of data generically provided will be done, even after automated collection during web browsing, only for purpose of assessment and/or control of accesses to the website and/or only for purpose of website functionality improvement, in order to assure the best browsing experience. For more information, please consult the specific Cookie Information.
LEGAL BASIS OF THE PROCESSING
Apart what specified for the navigation data, the communication of the personal data specified above from your part to the Data Controller, has the following legal basis as the sole premise of lawfulness of the processing:
The provision of your personal information, even belonging to special categories ex art. 9 of GDPR about the purpose mentioned in sub b), is therefore necessary for the whole fulfilment of purposes indicated by points a), b) and d) and, as a consequence, a possible failure to do so could result in the impossibility to supply website services and functions mentioned above.
On the contrary, the provision of your personal information is purely optional for the fulfilment of commercial and marketing activities listed by point c), and, as a consequence, a possible failure to do so does not preclude the fulfilment of the other purposes. The consent to data processing for marketing purposes you may have provided, can in any case be revoked by you at any time, with immediate effect on the aforementioned business and promotional activities and services, by simply emailing the Data Controller to email@example.com or by sending registered letter to the company headquarter – Human Resources dept. – Attn. Sabrina Marenda.
METHOD OF PROCESSING
The processing of personal data communicated is carried out by means of the operations indicated in art. 4 n. 2) of the GDPR, namely: “collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of data”.
The personal data communicated by you are processed in automated way for the strictly necessary time to achieve the purposes for which they were collected, using technical and organizational measures, taken to prevent data loss, illicit or incorrect use and unauthorized access, and therefore, to guarantee a level of security appropriate to the risk pursuant to art. 32 of GDPR, by specifically authorized subjects, in compliance with the provisions of art. 29 of GDPR, like employees and/or collaborators of Controller in their capacity as authorized parties and/or internal delegated representatives and/or system administrators, who may carry out operations of consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of law necessary to guarantee, among other things, the confidentiality and security of data as well as the accuracy, updating and relevance of the data in relation to the stated purposes and methods.
It should be noted, in particular, that the personal data you communicated will be processed only at the headquarters of the data controller, except for what infra mentioned, will not be disseminated, and, pursuant to art. 13, paragraph 1, letter (e), they may be processed only by authorized persons and/or by external processors (in person of individual professionals and/or complex professional associations), and/or by independent data controllers, of whom the list can be required to the Controller premises under writing request, such as explicitly hosting companies and/or technicians in charge with website management and / or maintenance, but only and exclusively for the purposes expressly and specifically indicated above.
AMBITO DI COMUNICAZIONE DEI DATI
In relation to the purposes indicated above, the data may be disclosed to the following persons and/or categories of persons indicated below, or may be disclosed to companies and/or persons who provide services, also external, on behalf of the Data Controller.
Among these, by way of example but not exhaustively are indicated for greater clarity: professional studies and consulting companies, even associated; subjects that provide IT and telematic services for the management of the information system (including e-mail and management of web portals and internet sites – cloud storage – hosting); competent authorities and/or Supervisory Organs for the fulfilment of legal obligations; subjects that perform control, revision and certification of the activities carried out by the Data Controller, all appointed by the undersigned company for data processing pursuant to art. 28 of the GDPR, or operate in total autonomy as separate Data Controllers.
The website can share some data collected with services situated outside Italy and European Union, especially with Google, Facebook and Microsoft (LinkedIn) even through social plugin and Google Analytics service. Extra UE data transfer is authorised by specific decisions of the decisions of European Commission and Data Protection Supervisor, especially the decision 1250/2016 (Privacy Shield), for which no further consent is required. The company mentioned above assure their adhesion to the Privacy Shield.
The Controller reserves, pursuant to art. 13, paragraph 1, lett. (f), the right to transmit your personal data for the sole purpose of administrative, technical and commercial management to the controlling foreign company, Westport Fuel Systems Inc., located in Vancouver, Canada, 1750 West 75th Ave, in the State of BC (British Columbia), for the purposes and according to the procedures all above foreseen and specified, here understood to be fully reproduced and reported. In this case, the Controller assure as for now that the transfer of data will be made according to applicable laws, especially complying to articles 44 – 45 – 46 – 47 – 48 and 49 of GDPR, also considering that data transfer towards Canada has been authorised by the adequacy decision of the European Commission dated December 20th, 2001 nr. 2002/2/CE and by the resolution of Data Protection Supervisor nr. 6 of April 30th 2003 [doc. web. n. 1075324].
PERSONAL DATA RETENTION PERIOD
We point out that, in compliance with the principles of lawfulness, limitation of purposes and conservation and minimization of data, pursuant to art. 5 of GDPR, the retention period of your personal data is established for a period of time not superior to the achievement of the purposes for which they are collected and processed, or for the entire duration of purposes; therefore, once the treatment purposes exhausted, your data will be eliminated from any physical and information technology support.
With special reference to CV/self-application, it should be noted that they will be immediately eliminated if not corresponding to profiles of interest of the Controller, while in case of current or future potential interest they will be kept for maximum 1 (one) year from the date of receipt. Within this time the Controller can assess applications and select personnel; once this purpose exhausted, in case of staff selection negative outcome, your personal data will be eliminated from any physical and information technology support.
With special reference to data treatment for marketing purposes, it should be noted that the Controller will handle user personal data until he revokes his consent and/or exercises his right to oppose to the treatment and, anyway, no longer than 24 (twenty-four) months from data collection. The Controller reserves his right to ask the user to renew his consent and / or update his personal data, before such time has expired.
AUTOMATED DECISION-MAKING PROCESSES AND PROFILING
The Controller informs you that, for the purposes of processing your personal data, it does not make use of automated decision-making processes, namely those aimed at making decisions based solely on technological means on the basis of predetermined criteria (i.e. without human involvement), not even is conducting profiling, namely the activity aimed at using your personal data to analyse or predict aspects of professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or travel, etc.
RIGHTS OF THE INTERESTED PARTY
Right of access pursuant to art. 15 of the GDPR and Right of Rectification pursuant to art. 16 of the GDPR
As an interested party, pursuant to art. 15 GDPR, You have the right to obtain from the Controller confirmation of the existence or otherwise of the processing of personal data concerning yourself, of obtaining access to them and to all the information referred to in the same art. 15, paragraph 1, letters (a) to (h), by issuing a copy of the data processed in a structured format, in common use, readable by an automatic and interoperable device.
You, pursuant to art. 16 GDPR, also have the right to obtain from the Controller the correction and/or integration of the data being processed if they are not updated and/or inaccurate and/or incomplete.
Cancellation right pursuant to art. 17 of the GDPR and right to limit the processing pursuant to art. 18 of the GDPR
As an interested party, you have the right to obtain from the Controller, without undue delay and exclusively in the cases referred to in art. 17, paragraph 1, letters from (a) to (f) of the GDPR, the deletion of data concerning you – with the exception of the hypotheses specifically provided for by art. 17 paragraph 3.
As an interested party, and in the case one of the hypotheses referred to in art. 18, paragraph 1, letters from (a) to (d), of the GDPR, you have the right to request and obtain from the Controller, the limitation of the processing of Your personal data, or that such data are not subjected to further processing and can no longer be modified. the Controller ensures that the limitation of processing is implemented through appropriate technical devices that ensure its inaccessibility and non-modification.
Data portability right pursuant to art. 20 of the GDPR
As an interested party, you have the right to receive from the Controller the personal data concerning you in a structured format, commonly used and readable by automatic device, and also have the right to transmit such data to another data controller, or to obtain from the Controller, where technically feasible, the direct transmission of such data to another Data Controller specifically identified.
Right to oppose to the treatment pursuant to art. 21 of the GDPR
You have the right to object at any time to the processing of personal data concerning you, for reasons related to your particular situation, in cases where the processing of your data is necessary (1) for carrying out a task of public interest and/or connected to the exercise of public authority for which the Controller is invested; (2) for the pursuit of a legitimate interest of the Controller or a third party; (3) for profiling activities performed by the Controller based on the previous points.
You also have the right to object to the processing of your personal data for reasons related to your particular situation if they are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89 paragraph 1 of the GDPR, except in the case where the processing is necessary for the performance of a task of public interest.
HOW TO EXERCISE THE ABOVE RIGHTS
You can exercise the rights mentioned above making a request to the Controller by means of communication via e-mail to the address firstname.lastname@example.org or by registered letter with return receipt sent to the company registered office – Human Resources dept. – Attn. Sabrina Marenda.
The Controller will confirm the receipt of your request and provide you with information on the action taken, referring to the exercise of your rights as provided for articles 15 up to 22 of GDPR, within 1 (one) month from receipt of the request. If necessary, and taking into account the complexity and the number of requests, W.F.S.I. s.r.l. may extend this period of 2 (two) months, subject to a reasoned communication to be sent within 1 (one) month from receipt of the request.
The Controller will communicate any rectification and/or integration to all recipients, as identified by the art. 4, paragraph 1, n. (9) of the GDPR, to which such data have been transmitted, unless this proves impossible and/or involves a disproportionate effort.
Following the submission of your request for access or correction, if W.F.S.I. S.r.l. has reasonable doubts about Your identity, you will be asked for further information to confirm it. These communications will be sent by email from email@example.com
In the event that the Controller do not comply with your request within 1 (one) month from receipt of the request, the Controller will inform you of the reasons for the non-compliance, informing you from now on your right to propose a complaint to a Supervisory Authority, as specified in accordance with art. 13, paragraph 2, letter (d) and regulated by articles 77 and further of GDPR.