PURSUANT TO EU REGULATION 2016/679
Data Processor and Data Protection Officer (DPO)
The data controller is the person who defines the purposes of the processing of personal data and, after having collected the data, "uses" the data in compliance with the principles of EU Regulation 2016/679 (hereinafter GDPR). The Data Controller is FINWAVE SpA, tax code and VAT number 03368590968, Corso Italia, 22 – 20121 Milan (MI) Tel. +39 02 02 8490 7101 certified e-mail firstname.lastname@example.org
Finwave SpA has appointed its Data Protection Officer, who can be contacted at the following e-mail address: email@example.com
Legal Basis and Processing Methods
The legal basis for the processing is your (data subject's) freely given consent to take part in the Survey that Finwave has invited you to participate in.
Aware of the importance of your personal data, we will ensure that we process it using electronic means and/or paper media, taking all appropriate security measures to protect it while guaranteeing its free circulation.
Data processing purposes
Personal Data Categories
Internal polls / surveys
Collection of opinions from staff and/or co-workers with the aim of improving business processes
External polls / surveys
Collection of opinions, related and not related to customer satisfaction processes, from end customers and/or suppliers in order to improve business processes
Transfer of personal data
Our security system is based on the correct use by all employees and collaborators of the instruments made available to them. For this reason, we invite you to read and act in accordance with our company security procedures.
Any data you provide us with will be processed in accordance with the principles of lawfulness, transparency and fairness, in accordance with the company's security policy, published on the intranet, which allows us to guarantee, with your cooperation, the secure processing of personal data.
Should there be a particular risk of breach, we will notify you promptly.
Rights of the Data Subject
In addition to guaranteeing the right to lodge a claim with the Supervisory Authority, which for Italy is the Italian Data Protection Authority, the GDPR grants you the following rights:
- Right of access (Article 15): Possibility for the Data Subject to obtain from the Controller confirmation as to whether or not his or her personal data is being processed and to obtain further information, including the purposes of the processing, the categories of personal data and the recipients.
- Right to rectification (Article 16): Possibility for the Data Subject to obtain rectification of inaccurate personal data from the Data Controller.
- Right to be forgotten (Article 17): Possibility for the Data Subject to request the deletion of his or her personal data if one of the reasons provided for in the article exists, including: revocation of consent, unlawful processing and exercising the right of defence.
- Right to restriction of processing (Article 18): Possibility for the data subject to obtain the restriction of processing, which can be configured as a total or partial suspension of the processing of the data or also, in some cases, as a blocking of the same. This can only be requested in exceptional cases expressly determined by the rule, including the period necessary to establish the accuracy of personal data, unlawful processing, the exercise of a right in a court of law.
- Right to data portability (Article 20): The Data Subject has the right to request that his or her data be disclosed to him or her, when exercising his or her rights, in an easily comprehensible format.
- Right to object (Article 21): Possibility for the Data Subject for reasons relating to his or her particular situation to object to the processing of his or her data pursuant to Article 6, paragraph 1, letters e) and f).
- Right not to be subject to automated decision-making (Article 22) Possibility for the data subject to object to processes based solely on automated processing if they have legal effects on him or her or significantly affect him or her.
We inform you that should you decide to exercise one or more of the above-mentioned rights, the Data Controller will disclose your personal data to the processors for related fulfilments (Article 19 GDPR).
If you have any doubts or need clarification, or if you wish to exercise your rights, please contact us at the following address: firstname.lastname@example.org
Personal Data Retention Times
Your data will be retained for:
- Internal employee and staff polls / surveys 2 years after collection
- External customer and supplier polls / surveys 3 years after collection