ICMQ SPA, as Data Controller of personal data, based in Via de Castillia 10, 20124 Milan, hereby wishes to provide adequate information to natural persons who work in the name and on behalf of suppliers, customers, partners and other subjects involved in contractual or pre-contractual activities (eg control bodies, public administration bodies) of ICMQ SPA, pursuant to art. 13 and 14 of the GDPR 679/16 – “European regulation on the protection of personal data” and the national legislation on data protection.
Data object of the treatment
The personal data processed are personal and contact data provided or received by the interested party on the occasion of:
• visits or phone calls or emails;
• direct contacts obtained following the audit activity, participation in events, training courses, certification exams, etc .;
• direct contacts following the sending of requests via the e-mail address on the website;
• requests for commercial information, proposition of offers;
• requests through our website or through the website of suppliers, customers, partners, other subjects
• transmissions and transactions subsequent to the order for the supply of the service or good (supplied / purchased);
• collaboration proposals, sending c.v., etc;
• in the case of activities carried out remotely with multimedia support, in particular during training and certification and audit exams, data that can be deduced from audio, video and documents aimed at giving evidence of the regularity of the activities carried out may be processed.
Purpose of the processing
The personal data of natural persons who operate in the name and on behalf of suppliers, customers, partners and other subjects are processed for:
a. forward communications with different means of communication (telephone, mobile phone, text message, email, fax, paper mail, etc.);
b. formulate requests or process requests received;
c. exchange information aimed at the execution of the contractual relationship, including pre and post contractual activities;
d. execute the obligations connected or instrumental to the contract with Public or Private Bodies;
e. execution of obligations provided for by laws, regulations or community legislation, as well as to comply with provisions issued by public Authorities entitled to do so or by supervisory and control bodies to which ICMQ SPA is subject (e.g. tax assessments, documents to be acquired in the case of construction site activities, etc.);
f. assess compliance with the laws and regulations for carrying out activities (in particular in the case of activities carried out remotely with multimedia support);
g. for ancillary purposes such as “News Alerts” via email or text message;
h. anonymously to carry out statistics and market research;
i. for the publication of technical data such as certified companies and personnel lists;
j. subscription of users to the ICMQ Spa newsletter and receipt of promotional and information material.
The interested party may refuse to give the Data Controller his personal data.
The provision of personal data, for the purposes from a) to h), is however necessary for a correct and efficient management of the pre-contractual and contractual relationship with suppliers, customers, partners and other subjects involved in the activities of the Data Controller. Therefore, any refusal to provide data may compromise in whole or in part the contractual relationship itself or the pre and post contractual activities.
For the purposes referred to in point j) the provision is not binding; any refusal would prevent you from completing your subscription to the ICMQ Spa newsletter.
For the purposes from A) to I), the processing is necessary for the execution of a contract of which each subject is a party or for the execution of pre-contractual or post-contractual measures adopted at the request of the supplier, the customer, the partner, other subjects or of ICMQ SPA pursuant to art. 6.1, lett. b) of the RGDP), or for the fulfillment of a legal obligation pursuant to art. 6.1, lett. c) of the RGDP). For purposes j) the processing is carried out to fulfill the request of the interested party.
The data of the interested parties will be processed in compliance with the principles of lawfulness, correctness and transparency, using manual or automated tools, also by inserting them in databases, lists and lists suitable for storing, managing and transmitting data, in the manner and within the necessary limits. to the pursuit of the aforementioned purposes.
ICMQ SPA has established adequate security measures in order to protect the data of natural persons who operate in the name and on behalf of suppliers, customers, partners and other subjects.
The data will be processed exclusively by persons authorized for processing within ICMQ SPA, in relation to the purpose of the processing, including the data security profile and on the basis of logic and procedures determined in accordance with the purposes indicated above.
The data is not the subject of an automated decision-making process or profiling.
The personal data processed by the Data Controller will not be disclosed, that is, it will not be disclosed to indeterminate subjects, in any possible form, including that of making them available or simple consultation. Instead, they may be communicated to the Owner’s workers and to some external subjects (auditors, experts, teachers, etc.) who collaborate with them, always in compliance with the purposes indicated. In particular, these are employees / collaborators who, on the basis of the roles and work duties performed, have been entitled to process personal data, trained to do so within the limits of their competences and in accordance with the instructions given to them by the Data Controller. They may also be communicated, within the strictly necessary limits, to subjects who, for the purpose of issuing our orders or requests for information and quotes or formulating offers, our services, must supply / deliver goods and / or perform / receive on our / your performance or services assignment. Staff from Assessment Bodies (staff certification examination centers) could also access. The data could be accessed by our appointed technicians or external consultants or agents of companies that provide these services. Finally, they may be communicated to the subjects entitled to access it by virtue of the provisions of the law, regulations, community regulations. Subjects who exercise control activities on the work of ICMQ SPA (by way of example: members of the Board of Statutory Auditors, Auditors, Supervisory Body, Accredia staff, etc.). The updated list of data processors, where required, is available at the ICMQ SPA headquarters.
Even if at the moment all the subjects who process the data on behalf of ICMQ SPA as external data processors are established within the European Union, in the future it may be necessary to provide such data also to subjects that may be established outside the Union. European Union, in countries that do not guarantee personal data an adequate level of protection pursuant to the European Data Protection Regulation RE. EU 679/2016. ICMQ SPA will eventually transfer data outside the European Union only after adopting the precautions established by the European Regulation and after having obtained the necessary guarantees from the indicated subjects and with the consent of the interested parties.
The Data Controller keeps and processes personal data for the time necessary to fulfill the purposes indicated. Subsequently, the personal data will be stored, and not further processed, according to what is documented in the “Treatment register”. The retention period can vary significantly based on the purposes, the type of data processed, the legal obligations.
When it is no longer necessary to keep personal data, they will be deleted or deindexed or destroyed in a secure manner in accordance with our rules.
Once the storage terms indicated above have elapsed, all data will be destroyed or made anonymous, compatibly with the technical procedures for cancellation and backup.
Rights of the interested party
Pursuant to articles 15 to 22 of the Regulations, you may exercise the following rights:
a) ask for confirmation of the existence or otherwise of their personal data;
b) obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
c) obtain the rectification and cancellation of data;
d) obtain the limitation of the processing;
e) (where applicable) obtain data portability, i.e. receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without hindrance;
f) oppose the processing at any time and also in the case of processing for direct marketing purposes;
g) oppose an automated decision-making process relating to individuals, including profiling.
h) ask the data controller to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability;
i) withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation.
The same, where exercisable by you, may be asserted by writing to ICMQ SPA Privacy Contact using the following contact details: Privacy Contact ICMQ, Via de Castillia 10, 20124 Milan email@example.com, Telephone 02-7015081, specifying the subject of the request , the right that the interested party intends to exercise and attaching a photocopy of an identity document certifying the legitimacy of the request.
Proposition of complaint
The interested party has the right to lodge a complaint with the supervisory authority of the State of residence. For more information on the right to lodge a complaint, you can visit the following web page: https://goo.gl/GLbTN9.
Requests for clarification
In case of doubts, requests for clarification or anything else that may concern the processing of their personal data, the interested party can contact them by sending an email to firstname.lastname@example.org.
Changes to the information
The Data Controller reserves the right to make changes to this information which is made available, in the updated version and communicated to the interested parties in the ways, identified from time to time as more functional.