BETA MOTOR Spa, Tax Code and VAT No. 00408970481, with registered offices in Via Pian Dell’Isola, 72, 50067 Rignano Sull’Arno (FI), represented by the Chairman of the Board of Directors and legal representative pro tem Bianchi, Giuseppe, (hereinafter “Data Controller”), as the processing controller, is informing you pursuant to Article 13 EU Regulation no. 2016/679 (hereinafter “GDPR”) that your data will be processed using the procedures and for the purposes set out below:
1. Subject of the Processing
The Data Controller will be processing your personal identification data (in particular, name, surname, tax code, email, PEC, telephone number, and any other information that can identify the data subject, hereinafter “personal data” or just “data”) communicated for the first processing.
2. Purpose for Processing
Your personal data will be processed:
for the following purposes:
manage any selection process for the purpose of employment;
fulfill the obligations provided for by law, regulations, European Community legislation or by order of the Guarantor Authority;
to send your data to the External Processors appointed by the Data Controller, corresponding to the categories of persons (natural or legal) listed in the processing register;
to prevent or detect fraudulent activities or harmful abuses also perpetrated by third parties;
to exercise the rights of the Data Controller, for example the right of defense in court;
3. Processing procedures
The processing of personal data will be performed using the operations indicated in Article 4 No. 2 GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The personal data of the data subject may be processed on paper, or in electronic and/or automated form.
4. Duration of the processing
The Data Controller will retain your personal data for the time necessary to fulfill the purposes set out in Article 2.1 of this information notice and in any case no more than 10 years after the last update of your data by the Data Controller.
5. Access to the data
Your data may be made accessible for the purposes referred to in Article 2. :
– to employees and contractors of the Data Controller as assigned Internal and/or External Data Processors;
– to third parties (for example: servers, website management and maintenance providers, suppliers, credit institutions, professional firms, service cooperatives, etc.) to whom your data may be disclosed for the performance of activities in outsourcing on behalf of the Data Controller and as External Processors appointed by the Data Controller.
6. Data Storage and Transfer
The management and storage of your personal data will take place on the Data Controller’s servers located within the European Union and / or belonging to third party companies duly appointed and assigned as Data Processors. Currently the servers are located in Italy. The data will not be transferred outside the European Union. In any case, that it be understood that if necessary the Data Controller will have the right to move the location of the servers in Italy and / or in the European Union and / or to non-EU countries. In such a case, the Data Controller hereby ensures that the transfer of the data outside of the EU will take place in compliance with the applicable legal provisions, and if necessary, by concluding agreements guaranteeing an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.
7. Data communication
Without express consent (per Article 7 GDPR), the Data Controller may communicate your data to supervisory bodies, judicial authorities or to any other subjects to whom the communication is required by law or by order issued by the competent authorities. Your data will not be disclosed in any case.
8. Rights of the data subject
As a data subject, you have rights under Article 15 GDPR and specifically the right:
i. to obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form; ii. to obtain indication of: a) the origin of personal data; b) processing purposes and methods; c) the logic applied in the event of processing electronically; d) the identity of the Data Controller, Processors and, in the case described by the combined provisions of Articles. 3, paragraphs 2 and 27, paragraph 1, GDPR, of their representative established in the European Union; e) the subjects or categories of subjects to whom your personal data may be communicated and who may have knowledge said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) assigned to do the processing; iii. to obtain: a) the updating, correction or, when it is in your interest, the addition of data; b) the cancellation, transformation into anonymous form or the blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to those to whom the data was communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; iv. to oppose, in whole or in part: a) on legitimate grounds, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for doing market research or commercial communications, through the use of automated calling systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or by post. It should be noted that the data subject’s right of opposition, as set out in point b) above, for direct marketing purposes by means of automated methods, extends to traditional methods and that, in any case, the possibility for the data subject to exercise the right of opposition even only in part remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication. Where applicable, you also have rights under Articles 16 – 21 GDPR (Right of correction, right to be forgotten, right to limit processing, right to data portability and right of opposition), as well as the right to lodge a complaint with the Supervisory Authority.
9. Procedures for the exercise of your rights
You may exercise your rights under Articles 16-21 of the GDPR at any time by sending:
– a registered letter with receipt confirmation to BETAMOTOR Spa, Tax Code and VAT No. 00408970481, with registered offices in Via Pian Dell’Isola, 72, 50067 Rignano Sull’Arno (FI),
– a PEC [certified email] to [email protected]
10. Data Controller, Data Processors and Data Protection Manager (DPO)
The Data Controller is BETAMOTOR Spa, Tax Code and VAT No. 00408970481, with registered offices in Via Pian Dell’Isola, 72, 50067 Rignano Sull’Arno (FI), represented by the Chairman of the Board of Directors and legal representative pro tem Bianchi Giuseppe,
The updated list of internal and external Data Processors is kept at the registered offices of the Data Controller and may be consulted upon written request.
11. Changes to this Policy Notice
12. Right to withdraw consent
The Data Controller would like to inform you that, pursuant to Article 7, paragraph 3, GDPR, you have the right to withdraw your consent at any time.