We wish to inform you, in compliance with provisions regarding safeguarding of personal data, that the personal and vital statistics data you provide shall be subject to processing by UFI FILTERS SPA.
1) Which data do we process?
Data necessary for identification (first and last name, company name, head office, address, VAT No., etc.) and data necessary to permit correct execution of the business relationship and data which binds us.
2) How do we gather data and why do we process data?
Data is gathered from customers, suppliers and other parties and stored in our headquarters. Data is gathered and recorded on hardcopy and on electronic media for the explicit and lawful purposes which we specify below:
1. For the purpose of meeting regulatory obligations envisioned by laws, decrees, rules and/or by other acts equivalent thereto as well as by EU regulations (eg. legal treatment and remuneration of personnel, recruiting, selection, personnel training, fulfillment of tax or accounting obligations).
2. For the purpose of managing business relationships existing with the clientele, with suppliers and other parties, banks, etc. (eg. monitoring relationships with customers and assistants, meeting technical and service information requirements).
3) Is it compulsory to provide data? What happens if data is not provided?
Provision of the requested personal data necessary for the purpose under point No. 1 (obligations arising from Italian and EU law) is compulsory and refusal to do so makes it impossible to set up relationships with UFI FILTERS SPA. Provision of personal data necessary for the purpose under point No. 2 (performance of normal operating management) is not compulsory but refusal to do so may make it impossible for us to perform one or more of the agreed services or make it impossible to stipulate new contractual relationships.
At any rate art. 24 letter b) of Legislative Decree 196/2003 excludes (prior) consent when processing “is necessary to fulfill obligations arising from a contract in which the interested party participates or to perform, prior to finalization of the contract, specific requests made by the interested party”.
4) To whom may data be notified? What is the scope of dissemination?
It is sometimes necessary, as part of administrative-accounting, tax and business activities, to notify some of the data being processed (eg. banks, chartered accountants, external consultants, public offices, shippers, etc.). A list of these parties, with their names, is available at our headquarters. The scope of dissemination is international.
UFI FILTERS SPA undertakes not to notify or disclose any information that regards it for purposes other than those mentioned above and not to sell, share or transfer its data bases.
We obviously answer for injunctions and decrees from Legal Authorities, collaborate in legal proceedings and comply with orders given by supervisory and auditing Authorities and Bodies.
5) What are your rights? How can you assert them?
You can turn to our registered office for the purpose of asserting your rights, doing so in any form (email, fax, letter).
You are entitled, regarding processing of your personal data (Art. 7 Legislative Decree 196/2003):
• to know at any time which of your personal data is in our possession and how it is used
• to have this data updated, supplemented, corrected or cancelled
• to ask for stoppage or to oppose processing of this data, sending a request accordingly in any form (fax, email, letter) to the registered office of our company.
• to assert these rights you may grant, in writing, proxy or power of attorney to individuals or associations.
6) Who materially processes data?
Each employee of our company, strictly relating to the functions he is entrusted with. Requests, in any case, must be sent to the registered office of UFI FILTERS SPA.
7) For the purpose of describing what has been done to protect the integrity and confidentiality of your data, UFI FILTERS SPA has prepared a security policy document which is kept at its headquarters in Porto Mantovano (MN).
You may assert your rights with regard to the owner of processing, in accordance with art. 7 of Legislative Decree 196/2003, at any time. For your convenience Legislative Decree dated June 30th, 2003, No. 196
Personal Data Protection Code >br/> are reproduced in full hereunder.
Art. 7. Right of access to personal data and other rights
1. The interested party is entitled to receive confirmation of whether or not his personal data exists, even if not yet recorded, and to its communication in an intelligible format.
2. The interested party is entitled to indication:
a) of the origin of his personal data;
b) of processing purposes and procedures;
c) of the logic applied in case of processing carried out using electronic equipment;
d) of identification data as to the owner, persons in charge and representative designated in accordance with article 5, paragraph 2;
e) of the parties or categories of parties to whom personal data may be notified or who may become aware of this data in their capacity as designated representative in the national territory, as persons in charge or as appointees;
3. The interested party is entitled to obtain:
a) updating, correction or, when interested, integration of the data;
b) cancellation, transformation into an anonymous form or blockage of data processed in breach of the law, including that for which preservation is not required for the purposes for which data was gathered or subsequently processed;
c) certification that the procedures under letters a) and b) have been brought to the attention, as to their contents as well, of those to whom data was notified or disclosed except for the case when this performance is impossible or entails use of means clearly out of proportion with respect to the right being safeguarded.
4. The interested party is entitled to oppose, as a whole or in part:
a) for lawful reasons, processing of personal data regarding him even if pertinent to the purpose of gathering;
b) processing of personal data regarding him for the purpose of sending advertising materials or direct sales or performing market research or commercial communication.
Art. 8. Assertion of rights
1. The rights specified in article 7 are asserted by informal request to the owner or the person in charge, even through an appointee to whom suitable reply must be given without delay.
2. The rights specified in article 7 cannot be asserted by request to the owner or the person in charge or by petition in accordance with article 145 if processing of personal data was performed:
a) according to the provisions of decree law dated May 3rd, 1991, No. 143, converted, as amended, by law dated July 1991, No. 197 as further amended, regarding money laundering;
b) according to the provisions of decree law dated December 31st, 1991, No. 419, converted, as amended, by law dated February 18th, 1992, No. 172 as further amended, regarding support to the victims of extortions;
c) by Parliamentary Investigation Commissions set up in accordance with article 82 of the Constitution;
d) by a public official, other than public economic agencies, according to explicit legal provisions, for the sole purposes relating to monetary and currency policy, to the payment system, to supervision of brokers and credit and financial markets as well as to safeguarding of their stability;
e) in accordance with article 24, paragraph 1, letter f), limited to the period during which effective and concrete prejudice could arise to performance of defensive investigations or to the assertion of the right before the Court;
f) by suppliers of electronic communication services accessible to the public related to incoming telephone communications unless this could lead to effective and concrete prejudice to performance of the defensive investigations envisioned in law dated December 7th, 2000, No. 397;
g) for reasons of justice, with judicial authorities at all levels or the Higher Council of the Judiciary or other self-regulatory bodies or the Ministry of Justice;
h) in accordance with article 53 without prejudice to the provisions of law dated April 1st, 1981, No. 121.
3. Even in case of report by the interested party, the Privacy Guarantor shall take action, in the cases specified in paragraph 2, letters a), b), d), e) and f), according to Articles 157, 158 and 159 and, in the cases specified under letters c), g) and h) of that paragraph according to Article 160.
4. Assertion of the rights under article 7, when it does not regard objective data, may be performed unless it regards correction or integration to evaluation types of personal data such as those regarding judgments, opinions or other subjective types of comments as well as indication of conduct to maintain or decisions to be taken by the owner of data processing.
Art. 9. Procedure for asserting these rights
1. The request may be sent to the owner or person in charge also by registered letter, fax or email. The Privacy Guarantor may specify other suitable systems with reference to new technological solutions. The request, regarding assertion of the rights under article 7, paragraphs 1 and 2, may also be made verbally, in this case being briefly noted down by the appointee or person in charge.
2. The interested party, while asserting the rights under article 7, may grant, in writing, proxy or power of attorney to individuals, agencies, associations or organisms. The interested party may also have himself assisted by a person in his trust.
3. The rights under article 7 which refer to personal data regarding persons who are deceased may be asserted by those who have their own interests or who act to safeguard the interested party or for family reasons that merit protection.
4. The identity of the interested party is checked according to suitable elements of assessment, even by means of available deeds or documents or by exhibition or attachment of a copy of an ID document. The person who acts on behalf of the interested party must exhibit or attach a copy of the power of attorney or proxy signed in the presence of an official or signed and submitted together with a non-certified photostat of an ID document of the interested party. If the interested party is a legal entity, agency or association then the request is submitted by the individual entitled to do so according to relevant by-laws or regulations.
5. The request under article 7, paragraphs 1 and 2, is put forward freely and without constraints and may be renewed, unless there are justified reasons, at time intervals not lower than ninety days. <
Art. 10. Reply to the interested party
1. For the purpose of ensuring effective assertion of the rights under article 7, the owner of data processing is required to take suitable measures designed, in particular:
a) to make access to personal data by the interested party easier, even through use of suitable computer programs designed to carefully select data regarding the single interested parties identified or identifiable;
b) to simplify the procedures and reduce the times required for replying to the applicant, even through front offices.
2. Data is extracted by the person in charge or by appointees and may be notified to the applicant even verbally or submitted for his examination through electronic equipment as long as, in these cases, comprehension of data is easy, considering the nature and amount of information involved. If requested, data shall be transferred to hardcopy or to electronic media or prepared for online transmission.
3. The reply to the interested party, unless the request refers to a specific processing or to specific personal data or categories of personal data, shall include all the personal data regarding the interested party that is anyway processed by the owner. If the request is submitted to a person exercising a health-related profession or to a health organization then the provisions in article 84, paragraph 1 must be complied with.
4. When data extraction is particularly difficult then the reply to the request by the interested party may even take place by exhibition or delivery of a copy of deeds and documents containing the personal data requested.
5. The right to obtain communication of data in intelligible form does not regard personal data related to third parties unless decomposition of processed data or removal of certain elements makes personal data related to the interested party incomprehensible.
6. Data communication must be done in an intelligible form even by means of comprehensible script. Parameters must be provided by appointees, for comprehension of their meanings in case of communication of codes or abbreviations.
7. When, following the request under article 7, paragraphs 1 and 2, letters a), b) and c), no data is found regarding the interested party then it may be required payment of expenses not to exceed the costs actually incurred for the data search in the specific case.
8. The payment under paragraph 7 cannot, in any case, exceed the amount specified by the Privacy Guarantor by a general measure and who can specify it as a lump sum in the event that data is processed using electronic equipment and the reply is given verbally. The Privacy Guarantor, by the same measure, may envisage that the payment can be requested when personal data is contained on a special media for which reproduction is specifically required or when there is substantial employment of means, by one or more owners, in relation to the complexity or the amount of the requests and when the existence of data regarding the interested party is confirmed.
9. The payment under paragraphs 7 and 8 may also be made by post or bank transfer or by credit card or payment card whenever receipt of the reply is possible at time of payment or, in any case, no later than fifteen days after the reply.
Art. 11. Processing procedures and data requirements
1. The personal data subject to processing is:
a) processed legally and correctly;
b) gathered and recorded for specific, explicit and lawful purposes and used in other processing procedures according to terms compatible with these purposes;
c) exact and, if necessary, updated;
d) pertinent, complete and not excessive related to the purpose for which it was gathered and subsequently processed;
e) preserved in a form that permits the interested party to be identified for a time period not exceeding that required for the purposes for which the data is gathered or subsequently processed.
. Personal data processed in breach of regulations regarding processing of personal data cannot be used. <
Thank you for reading this!