Privacy policy


PRIVACY STATEMENT

SUBJECT: informative report under article 13 of the Regulation (EU) 2016/679 (the “GDPR” – General Data Protection Regulation) relating to the protection of individuals with regard to the processing of personal data collected from the data subject.

a. INTRODUCTION

During business communications the processing of personal data referring to natural persons can’t be exluded; we kindly ask you to forward this document to those employees or collaborators.

If Your Company ensures anonymous or pseudonymised communications you can ignore this document.

b. DATA CONTROLLER

The data controller is Flexin Group Srl with registered office in Sasso Marconi (Bo) –  Via Cartiera, 53  – VAT Number IT02818791200 , Phone no. +39 051 6781494, e-mail:   admin@flexingroup.com.

c. DATA PROTECTION OFFICER

Not falling within the cases provided for by the GDPR’s art. 37 and according to the WP243 guideline, a Data Protection Officer has not been designated.

 

d. LEGAL BASIS, PURPOSES AND OBLIGATIONS OF DATA PROCESSING

Your personal data are processed for the following purposes:

X Legal obligations: invoicing, tax recording and other administrative purposes;
X Contractual obligations: supplying of goods or services;
X Fulfilment of requests from the data subject;

 

The provision of Data for Legal and contractual purposes is mandatory; The provision of data is necessary to enable us to process your requests. Consent expression is not required.

The failure to communicate your personal data will impede the fulfilment of any contractual obligations.

 

e. LAWFULNESS OF THE PROCESSING

The data processing is lawful as:

a)   The data Subject has given consent for one or more purposes;
X b)   Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
X c)    Processing is necessary for compliance with a legal obligation to which the controller is subject;
d)   Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e)   Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
X f)    Processing is necessary for the purposes of the legitimate interests pursued by the controller (fulfilment of a contract or in the pursuit of the Company’s purposes).

 

f. RECIPIENTS OF THE PERSONAL DATA

Your personal data could be shared with the internal employees as well as the following third-party entities:

  • Business, legal, labor consultant;
  • Specific subjects consultants: (Health and safety in the workplace, information technology, maintenance of hardware or software products);
  • Parties which have to be informed according to a legally binding obligation;
  • Monitoring organisations, especially in case of inspections;
  • Logistics and transportation companies (in execution of contractual obligations);
  • Third-party companies or practitioners (in execution of contractual or legal obligations).

 

The name of the subjects listed above is available at any time upon request by the data subject.

 

g. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

The transfer of personal data outside the EU or to international organisations is not foreseen.

 

h. DATA RETENTION PERIOD

The period of personal data retention, where there are no legal obligations or cancellation requests, is based on the existence of the purposes listed at point “d” or on the need of regular performance of the company business.

 

i. RIGHTS OF THE DATA SUBJECT

The Data Subject has the right to request at any time of access, rectification, erasure, portability of Personal Data as well as to object, revoke or restrict the data processing or propose a complaint to the Data Protection Supervisor Authority.

 

j. AUTOMATED DECISION-MAKING PROCESSES

Personal data are not processed with automated decision-making processes