Who are we and what do we do with your personal data?
The company Valmet Tissue Converting S.p.A., with its registered office in 55100 Lucca, Via Giovanni Diodati 50 (hereinafter also the "Data Controller"), as Data Controller will see to the confidentiality of your personal data and guarantee its necessary protection from any event that could put it at a risk of violation. The Data Controller applies policies and practices concerning the collection and use of personal data and the exercise of the rights recognised by the applicable legislation. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever it becomes necessary and in any case whenever regulatory and organisational changes that may affect the processing of your personal data arise.
The Data Controller has appointed a Data Protection Officer (DPO) that you can contact if you have questions about the policies and practices adopted. The contact details of the Data Protection Officer are as follows: email@example.com
How does the Data Controller collect and process your data?
The Data Controller collects and/or receives information about you, such as:
The personal data will be processed for the following purposes:
1) the management of supply contractual relationship and the fulfilment of any other obligations including regulatory obligations, arising therefrom
Execution of pre-contractual and contractual activities
Fulfilment of legal obligations and contractual obligations besides obligation deriving from the relationship established, such as, among others, those arising from:
Fulfilment of economic, financial and social reporting obligations
Your personal data is also collected from third parties such as, by way of example:
2) for the communication to third parties and the dissemination
Communication to third parties, such as;
Execution of pre-contractual and contractual activities
Fulfilment of obligations depending on the contract
Fulfilment of legal obligations, such as, among others, depending on:
Observance of transparency and economic and social reporting obligations
The Data Controller may transfer your personal data abroad (non-EU countries) and in particular:
China, Brazil USA (Sister Companies) - Standard contractual clauses aimed at ensuring adequate safeguards, including data subjects' rights with regard to the transfer of personal data outside the EU.
Japan (Sister Company) – Adequacy decision EU-Japan.
The personal data of the interested party could be transferred globally. The Data Controller guarantees the adoption of adequate measures pursuant to the applicable legislation.
The communication and dissemination concern the categories of data whose transmission and/or disclosure are necessary for the performance of the activities and purposes pursued by the Data Controller in the management of the relationship established. The relative data processing does not require the consent of the data subject in the event that it takes place against legal obligations or to fulfil the obligations deriving from the contractual relationship or if other exclusion hypotheses occur (in particular application of the provisions of the Code of Ethics and/or legitimate interest of the Data Controller) expressly provided for or dependent on the legislation and regulations applied by the Data Controller, or even through third parties identified as data processors.
3) for information security activities
Execution of activities depending on the established relationship
Fulfilment of legal obligations (detection and notification of data breach events)
How, where and for how long is your data stored?
The data processing is performed through paper supports or IT procedures by specially authorized internal subjects. Such internal subjects are allowed access to your personal data to the extent that it is necessary to carry out the processing activities that concern you.
The Data Controller periodically verifies the tools through which your data is processed and the security measures provided for which it provides for constant updating; verifies, also through the subjects authorized to the treatment, that personal data of which the processing is not necessary or whose purposes are exhausted, is not collected, processed, filed or stored; verifies that the data is stored with the guarantee of integrity and authenticity and their use for the purposes of the treatments actually performed.
The Data Controller guarantees that the data, even after the verifications, are found to be excessive or irrelevant will not be used except for the possible retention, according to the law, of the deed or document that contains them.
The data is stored in paper, computerized and software archives located within the European economic area. and adequate security measures are ensured.
For how long
The personal data processed are kept for the time necessary to carry out the activities related to the management of the contract that you have stipulated with the Data Controller and for the fulfilments, including those required by law. arising therefrom.
Duration of the contractual relationship Without prejudice to:
Except in the event of litigation if it involves an extension of the aforementioned terms, for the time necessary to pursue the related purpose
Computer data (access log to systems and to the network and / or IP addresses)
The duration of the storage depends on the presumed and / or detected risk and the prejudicial consequences that derive from it, without prejudice to the measures to make the data anonymous or to limit its treatment.
In any case, the data must be kept (with effect from the knowledge / detection of the hazard event or data breach) for the time necessary to notify the authority of the violation of the data detected through the procedures implemented by the Data Controller and in any case take remedial actions.
Once all the purposes that legitimize the retention of your personal data are exhausted, the Data Controller will take care of deleting them or making them anonymous.
What are your rights?
The rights that are recognized to you allow you to always have control of your data. Your rights are the following:
In substance, you, at any time and free of charge and without special charges and formalities for your request, can:
The Data Controller must proceed in this way without delay and, in any case, at the latest within one month from receiving your request. The deadline can be extended by two months, if necessary, taking into account the complexity and the number of requests received. In such cases the Data Controller, within a month of receiving your request, must inform you and inform you of the reasons for the extension.
For any further information and in any case to send your request, contact the Data Controller at firstname.lastname@example.org.
How and when can you oppose the processing of your personal data?
For reasons related to your particular situation, you can oppose the processing of your personal data at any time when this takes place for legitimate prevailing reason or if it concerns the processing of personal data whose disclosure is subject to your consent, sending your request to the Data Controller at the address email@example.com
You have the right to the deletion of your personal data if there is no legitimate prevailing reason with respect to the one that gave rise to your request, and in case in the event that you are opposed to the processing of data.
Who can you lodge a complaint with?
Without prejudice to any other administrative or judicial action, you may file a complaint with the control authority, unless you reside or work in another Member State. In the latter case, or where the breach of the data protection legislation occurs in another EU country, the authority to receive and hear the complaint will be the control authority established therein.