Please read the disclosure in its entirety and click on the next button at the bottom of the page to continue
DISCLOSURE ON PERSONAL DATA PROCESSING
- INTRODUCTION
- Pursuant to Article 13 of (EU) Regulation 2016/679, relating to the protection of the individuals with regard to data processing (hereinafter, “GDPR”), Piaggio Aero Industries S.p.A. in extraordinary receivership (hereinafter, the “Company”) hereby informs you that the personal data provided to the same within this Internet portal dedicated to creditors (hereinafter, the “Data”) will be subject to processing in observance of the applicable legislation regarding data protection and the related confidentiality obligations.
- For the purposes of this Disclosure (hereinafter, the “Disclousure”), processing is understood to be any operation or series of operations, carried out with or without automated processes and applied to personal data or sets of personal data, such as the collation, registration, organisation, structuring, retention, adaptation or amendment, extraction, consultation, use, communication via transmission, diffusion or any other form for making it available, the comparison or interconnection, limitation, cancellation or destruction, according to the definition as per Article 4.1 of the GDPR (hereinafter the “Processing”).
- DATA TO WHICH THE DISCLOSURE REFERS
- Pursuant to Article 4.1 of the GDPR, “personal data” is “any information regarding an identified or identifiable individual (hereinafter the “Data Subject”); the individual who can be identified, directly or indirectly, with particular reference to an identifying reference such as the name, an identification number, data relating to the location, an on-line identification reference or one or more characteristic elements of their physical, physiological, genetic, psychic, economic, cultural or social identity, is considered identifiable”.
- The Data includes that relating to individuals processed by the Company for the entering into and execution of the contractual relationship with the creditor, including therein names, company e-mail address, etc. of the legal representative, as well as your employees and/or partners, involved in the activities as per the agreement.
- All the information relating to your Data Processing according to the provisions of the GDPR will be provided in the following paragraphs.
- PURPOSES OF THE PROCESSING AND LEGAL BASES
- The Data will be processed by the Company for the following purposes:
- the entering into and execution of the contractual relationships with the creditor in the light of the extraordinary receivership; in this case, the legal basis for the Processing is the execution of the contract between the Company and the creditor;
- sending of communications, news, documents and any other information for the correct management of relationships between the Company and the creditor during the extraordinary receivership procedure; in this case, the legal basis for the Processing is the law, in particular Law Decree no. 347 of 23 December 2003 – Urgent measures for the industrial restructuring of large companies in a state of insolvency (Marzano Law);
- comply with provisions issued by the authorities entitled to do so by law and by supervisory and control bodies (such as the competent Court, delegated judge, Ministry of the Economic Development, etc.); in this case, the legal basis for the Processing is the need to fulfil the obligations and exercise the rights of the Data Controller or the Data Subject;
- to enforce and/or defend the rights of the Company in civil, criminal and/or administrative disputes. In this case, the legal basis that legitimates the Processing is the need to ascertain, exercise or defend a right in court.
- The Data will be processed by the Company for the following purposes:
- PROCESSING FORMALITIES
- The Processing of the Data is characterised by correctness, legality and transparency. The Processing of the Data may be carried out also using automated methods aimed at storing, handling and transmitting it and will take place via organisational and technical measures suitable, where applicable and with regard to the state of the art, for ensuring – amongst other aspects – the security, confidentiality, integrity, availability and resilience of the systems and the services, by means of the use of suitable procedures which avoid the risk of loss, unauthorised access, unlawful use and disclosure.
- DATA RETENTION PERIOD
- The Data collated for the purposes indicated in paragraph 3.1 lett. a) will be retained for the entire duration of the agreement and, after the termination of the same, for a period of no more than 10 years. Once the retention deadlines indicated above have elapsed, the Data will be destroyed or made anonymous.
- The Data collected for the purposes indicated in point 3.1 letter b) will be kept for the entire duration of the extraordinary receivership procedure and, after its termination, for a period of time not exceeding 10 years. After this period of retention, the Data will be destroyed or made anonymous.
- The Data processed for the purposes referred to in paragraph 3.1 lett. c) above will be processed for the period provided for or authorized by applicable law.
- The Data processed for the purposes referred to in paragraph 3.1 lett. d) above will be processed for the entire duration of the dispute, until the end of the terms set for appeal actions.
- DATA PROTECTION MODEL
- The Company, in its capacity as data controller for processing, as per Article 4.7 of the GDPR (hereinafter the “Data Controller”) has drawn up a model for the protection of the personal data (hereinafter, the “Model”), identifying roles and responsibilities with regard to Data Protection and identifying, in particular, the heads of the company organisational units as the parties responsible – limited to the processing they are responsible for – for the execution of the Model in accordance with the applicable legislative requirements (hereinafter, the “Internal Referents”). Currently the competent Internal Referent relating to this Disclosure is the Director of the Chief Financial Officer Department, domiciled for the appointment care of the administrative offices of our Company, Viale Generale Disegna no. 1, 17038 Villanova D’Albenga (SV) Italy.
- The Data may be processed by employees of the Company departments responsible for pursuing the above-indicated purposes (hereinafter “Authorised Employees”). These Authorised Employees have been designated as Individuals in charge of processing and in this connection have received suitable operating instructions.
- The Company has also identified third parties (e.g. suppliers, partners) who carry out one or more sets of processing on behalf of the Data Controller as data processors (hereinafter the “External Processors”). A complete and updated list of External Processors is available on the company intranet.
- CATEGORIES OF PARTIES TO WHOM THE DATA MAY BE COMMUNICATED IN THE CAPACITY OF DATA CONTROLLER OR WHO MAY BECOME AWARE OF THE SAME IN THE CAPACITY OF DATA PROCESSORS
- The Data may be communicated to parties operating in the capacity of data controller (pursuant to Article 4.7 of the GDPR) or processed, on behalf of the Company, by parties designated as External Processors, to whom suitable operating instructions are imparted. These parties are essentially included in the following categories:
- Public Administration;
- consultancy firms (legal, tax advice, etc.) and autonomous professionals;
- certifying bodies who provide support in the planning and provision of training activities for obtaining the required certificates;
- companies which offer support for the achievement of specification authorisations, including governmental bodies;
- companies which offer support during the handling of public relations with the media;
- companies which see to health and safety in the workplaces;
- banks and lending institutions;
- companies forming part of the same corporate group of the Company;
- supervisory and control authorities and any public party entitled to request the Data, including ENAC (Italian Civil Aviation Authority);
- parties to whom the faculty to access the Data has been acknowledged by legal provisions or regulatory or EU legislation.
- The Data may be communicated to parties operating in the capacity of data controller (pursuant to Article 4.7 of the GDPR) or processed, on behalf of the Company, by parties designated as External Processors, to whom suitable operating instructions are imparted. These parties are essentially included in the following categories:
- TRANSFER OF THE DATA OUTSIDE THE EU
- Data will not be transferred from outside the EU for the Processing relating to this Disclosure.
- RIGHTS OF THE DATA SUBJECT
- In accordance with the GDPR, the Data Subjects are acknowledged the rights as per Articles 15 to 22 of the GDPR, where applicable. Specifically, the Data Subjects may request the Data Controller for access to the Data, the cancellation in the presence of the legal requirements as well as the limitation of the processing in the cases envisaged by Article 18 of the GDPR. And in other word if:
-
- the Data Subject challenges the accuracy of the personal data, for the period required by the Data Controller to check the accuracy of said personal data;
- the processing is illegal and the Data Subject opposes the cancellation of the personal data and instead requests that the use thereof be limited;
- although the Data Controller no longer needs the same for processing purposes, the personal data is required by the Data Subject for ascertaining, exercising or defending a right before the courts;
- the Data Subject has opposed the processing in accordance with Article 21.1, pending verification with regard to any prevalence of the legitimate reasons of the data controller with respect to those of the Data Subject.
-
- The Data Subjects have the right at any time to oppose, in full or in part, the processing of the Data necessary for the pursuit of the legitimate interest of the Data Controller.
- The Data Subjects have the right to complain to the competent supervisory Authority (in particular in the member nation in which they usually reside or work or the nation in which the alleged violation has taken place).
- These rights can be exercised, via registered mail sent to Piaggio Aero Industries S.p.A. in A.S., Viale Generale Disegna 1, 17038 Villanova d’Albenga (SV) Italy, for the attention of Director of the Chief Financial Office Department.
- In accordance with the GDPR, the Data Subjects are acknowledged the rights as per Articles 15 to 22 of the GDPR, where applicable. Specifically, the Data Subjects may request the Data Controller for access to the Data, the cancellation in the presence of the legal requirements as well as the limitation of the processing in the cases envisaged by Article 18 of the GDPR. And in other word if:
- IDENTITY AND CONTACT INFORMATION OF THE DATA CONTROLLER
- We inform you that the Data Controller for your data is Piaggio Aero Industries S.p.A. in extraordinary receivership, represented by the pro tempore legal representative, with registered offices in Largo Angelo Fochetti 29, Rome (RM), Italy.