Privacy Policy*
-
-
- PROCESSING POLICY FOR PERSONAL DATA RELATING TO REPORTS
Dear Sir or Madam,
the Company Emu Group S.p.a., in line with ethical principles, in implementation of the commitment to legality, recognising the high social function inherent in reports, in compliance with current legislation on whistleblowing, as envisaged by European Regulation 679/2016, provides you with the following information.
1. Data Controller and Data Protection Officer.
The Data Controller, or the person responsible for decisions regarding the purposes, methods and security of personal data, is the company Emu Group S.p.a. based in Marsciano (PG) – postal code 06055, via Luigi Einaudi snc, tel. +39 075 874 021, P.E.C. info@pec.emu.it, email: privacy@emu.it
2. Purposes and legal basis for processing.
The personal data that you will provide us with the report and the additional data that may be collected in follow-up to the report will be processed for the purposes pursuant to the legal bases indicated below:
Purpose
(Why do we process your data)
|
Legal basis
(On the basis of which legal provision do we process them.)
|
Consequences
(What happens if you refuse to provide personal data and/or authorise the processing)
|
To follow up on reports received.
|
Art. 6, Sub. 1, Lett.c) GDPR (the processing is necessary for the fulfilment of the obligations provided for by the Company by Italian Legislative Decree 24/2023 and subsequent amendments and supplements).
|
Reports can also be sent anonymously.
|
3. Recipients and categories of data processed.
The personal data provided by you and any subsequent data acquired during the service will be processed exclusively by personnel authorised for this purpose or by data processors appointed for this purpose. Further information on authorised persons, data processors and system administrators can be obtained from the Human Resources Department.
In addition to the persons expressly delegated by you, your data may be communicated to the following recipients:
Purpose
|
category of data
|
recipients
|
For the exercise of judicial institutional activities.
|
Identification data, reporting data.
|
Court Authorities
|
To satisfy the request for access in order to defend their rights in the event of disciplinary measures.
|
Identification data, reporting data.
|
Persons involved in the reporting subject to their consent.
|
4. Transfer abroad – automated processes
Your personal data are not transferred outside the European Union, nor are they processed using automated decision-making processes.
5. Personal data retention period and criteria used
Reports are retained for a period of 5 years after closure, unless extended due to legal obligations.
6. Rights of the data subject
Data subjects shall have the right, in the cases envisaged, to obtain access, rectification or erasure of their personal data, or the restriction of processing data which concerns them, or to object to processing (arts. 15 et seq. of the Regulation).
7. Right to complain
Data subjects who believe that the processing of their personal data by us takes place in breach of the provisions of the Regulation have the right to lodge a complaint with the Supervisory Authority, as provided for by art. 77 of the Regulation, or taking legal action (art. 79 of the Regulation).
8. Collaboration
The protection of your data and compliance with the principles envisaged by law, with particular reference to the principle of transparency, are values of primary importance to us; we would be grateful if you could help us by reporting any misunderstandings of this document or by suggesting improvements to the Data Controller's references as indicated above.
Version 1.0
|
Creation 20/11/2023
|
Update == ====
|