The European Data Protection Regulation (GDPR) replaces the European directive 95/46/EC. The Regulation aims to provide a modern, uniform and solid framework for data protection in Europe based on the principle of accountability. The new forecasts have an impact in organizational, operational and technological terms, and at the same time establish a more severe sanctioning system than the previous one.
The biggest change in the data protection regulatory landscape concerns the extensive jurisdiction of the GDPR, as it applies to the processing of personal data carried out within the activities of an establishment by a data controller or a data processor in the European Union, regardless of whether the processing is carried out in the European Union or not. Furthermore, the Regulation applies to the processing of personal data of data subjects who are located in the Union, carried out by a data controller or by a data processor who is not established in the Union, when the processing activities concern: the offer of goods or the provision of services to the aforementioned data subject in the Union, regardless of the obligation of a payment by the data subject; or, monitoring their behavior to the extent that such behavior takes place within the European Union.
The Regulation also applies to the processing of personal data carried out by a data controller who is not established in the Union, but in a place subject to the law of a Member State under public international law.
The GDPR requires companies to implement adequate technical and organizational measures to implement the principles of data protection and safeguard individual rights: this is the so-called “Data Protection by Design and by Default”.
The “Data Protection by Design” ensures that the company considers the problems related to privacy and data protection in the design phase of any system, service, product or process and therefore during its cycle of life.
The “Data Protection by Default” requires La Galvanina S.p.A. to ensure that the Company processes only the data necessary to achieve a specific purpose and for a period of time no longer than the one that is necessary for the purpose for which the data were collected and subsequently processed.
La Galvanina S.p.A. has adopted a Management Model for the Protection of Personal Data pursuant to the GDPR, also taking into account the provisions of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, defining binding rules and procedures for the Company and for its employees. La Galvanina S.p.A. revises and updates, where necessary, periodically its Policy on Data Protection and Information Security, and defines evolutionary guidelines that it translates into an implementation plan of updates. In the various documents published in the “Privacy” section of its websites, La Galvanina S.p.A. provides, in accordance with artt. 13 and 14 of the GDPR, all the information required by the legislation, which are different according to the purpose for which the Personal Data of the Data Subjects are processed. For any further clarification regarding the content of La Galvanina’s Privacy notices, the user is invited to contact our contact person on the matter identified, at the email address: firstname.lastname@example.org.
Suppliers notice/commercial partners and their employees/collaborators