Privacy and Safety Policy

PRIVACY POLICY

In accordance with article 13 of the UE regulation 2016/679

GATTI SPA (controller), as the processing controller, in accordance with art 13 of the UE Regulation 2016/679 (Privacy regulation) and subsequent amendments and integrations, collect and then processes personal data of its customers and suppliers (data subject)

  1. Types of processed data

Personal data subject to processing are:

“Common” personal data. These information include, for example, personal data, contact data (e-mail address and telephone number)

  1. purpose and method of processing

data subject’s personal data are processed during the ordinary controller activity, in order to pursue the following purposes.

  1. Complete and correct fulfilment of obligations of the contractual relationship established (Contract)
  2. Administrative and accounting fulfilments strictly linked to the contract
  3. Fulfilments of specific obligations provided by the Law, a regulation or a community legislation
  4. Promotional activities related to product and services similar to the ones already bought
  5. Marketing: promotional and commercial activities involving also newsletter mail.

The processing of personal data takes place under the authority of the controller, by persons specifically put in charge, authorized and trained in processing method, in accordance with art. 30 of the Codice Privacy and art. 29 of the Privacy Regulation, through manual, computerized or telematic tools, with logics strictly related to the purposes and in any case in order to guarantee the confidentiality and safety of personal data. The processing of personal data may also take place, on behalf of the controller, by the Data Processors specifically designated in accordance with art. 29 of the Codice Privacy and art. 28 of the privacy regulation.

  1. Lawfulness of processing and nature of the provision

With reference to the purposes referred to in paragraph 2, points 1,2,3 above, the provision of personal data is mandatory and constitutes a necessary requirement for the execution of the Contract and the related tax and administrative obligations. Failure to provide data determines the inability to receive the service covered by the Contract itself. The legal basis of the related processing is the correct execution and management of the Contract.

With reference to point 4) -activities towards acquired customers-, the legal basis is the legitimate interest of the controller. The customer may stop receiving these communications by e-mail at any time.

With reference to point 5) – marketing activity – the legal basis is consent. In case of lack of consent, it will not be possible to proceed with marketing activities.

  1. Subjects or categories of subjects to whom personal data can be communicated and scope of communication.

In relation to the purposes of the process indicated above, and within the strictly relevant limits to the same, personal data of the subject party will be or may be disclosed to the following categories of subjects:

1 to the Financial Administration and other public authorities, where required by law or upon their request;

2 to credit institutions for payment orders or other financial instrumental for the execution of the Contract;

3 external subjects that exercise control activities, such as independent auditors, board of statutory auditors, supervisory body;

4 companies and organizations for credit management and / or for the protection of interests and rights;

5 subjects designated as external data processors pursuant to art. 28 of the Privacy Regulation, for related or consequent activities to the execution of the Contract

The updated list of the indicated parties and the Data Processors can be provided by the data subject upon request.

  1. Extra-EU data transfer

Personal data will not be transferred to non-EU countries; unless for reasons arising from the execution of the contract, or the fulfilment of legal obligations, a transfer to non-EU countries and / or organizations is necessary, that transfer will take place in compliance with applicable law. The transfers will be made through adequate guarantees, such as adequacy decisions, standard contractual clauses approved by the European Commission or other legal instruments.

  1. Data retention period or criteria for determining the period

Personal data of the data subject are kept by the controller for the time necessary to fulfill the purposes referred to in paragraph no. 2 (points 1 to 3), as well as for that prescribed by civil, fiscal and regulatory rules and in any case no longer than 10 years from the termination of the contract.

Regarding the promotional purposes towards customers already acquired (paragraph 2, point 4) the data of the data subject will be processed until the exercise of the right of opposition (activated at the beginning, on the occasion of sending the individual communications and / or through direct contact of the controller) and in any case no later than 24 months from collection.

For the marketing purposes explained in paragraph 2) point 5, the retention period is 24 months from the acquisition of consent.

Once the retention periods have elapsed, data will be anonymized or deleted, unless it is necessary to keep them for other purposes foreseen by express provision of the law.

  1. Rights of the data subject.

Article 15 and seq. of the Privacy Regulation give the data subject the right to:

  • access to personal data, (or a copy of such personal data), as well as to further information on current treatments;
  • correct or update of personal data processed by the Data Controller, if they are incomplete or out of date;
  • delete personal data from the controller’s databases in the cases provided for by current legislation;
  • limitate processing of personal data by the Data Controller;
  • Obtain a structured format, commonly used and readable by an automatic device for personal data concerning him;
  • opposite to the processing of personal data by the Data Controller (eg promotional activities)

The data subject can exercise his rights by writing to GATTI SPA at the following email address: privacy@gattispa.com

In any case, you always have the right to lodge a complaint with the competent Control Authority (Garante per la Protezione dei Dati Personali).

  1. Changes to the privacy policy

The controller has the right to modify, update, add or remove parts of this information, by giving notice to the data subjects.

Information updated in October 2020

ENVIRONMENTAL QUALITY AND SAFETY POLICY

GATTI S.p.A. has decided to operate under an Integrated Environmental Quality and Safety Management System which conforms to the requisites of UNI EN ISO 9001 – UNI EN ISO 14001 – UNI EN ISO 45001.

GATTI S.p.A. intends guaranteeing that current laws and provisions will be observed and that permanent preventive assessments regarding risks to the health of workers which could be caused by its processing processes on all production sites, will be carried out. It shall also ensure that no negative consequences occur for individuals and the environment.

GATTI S.p.A. intends following an efficient organized work system aimed at ongoing improvement: therefore it will focus on ongoing training of its personnel, making them aware and responsible for the consequences of their work, allocating adequate human and financial resources to implementing this Policy and its Objectives; therefore, GATTI S.p.A. shall observe:

the following quality principles:

  • to design and maintain a Quality Management System in compliance with UNI EN ISO 9001 in order to increase production and organizational and commercial benefits;
  • to provide the necessary resources for the ongoing improvement of the efficacy of the Quality Management System;
  • complete and punctual definition of clients’ requirements (declared and implicit);
  • full satisfaction of clients’ requirements.
  • perfecting of working methodology in all production phases.
  • promotion of the improvements and innovation of offered products through the involvement of personnel and participation at courses, trade fairs and other activities;
  • satisfaction of compulsory requirements regarding products;

the main principles for the environment in which it operates:

  • commitment to the protection of the surrounding environment;
  • commitment to the prevention of pollution;
  • commitment to the improvement of the health and safety conditions of its own operators, contractors and involved parties;
  • commitment to operating in an open and collaborative way with the local authorities of the sites where their operating activities are carried out, also through meetings, debates and information;

the following principles for safety in work places and their healthy conditions:

  • ongoing improvement of the safety level for workers in carrying out their work
  • punctual observance of applicable laws and provisions
  • ongoing identification and assessment of the risks of prevention and protection measures
  • utilization of environmentally compatible products which are as least dangerous as possible
  • consultation of all personnel in achieving health and safety targets
  • reduction of the number of accidents and the prevention of industrial diseases
  • the allocation of adequate resources to implementing the safety management system

GATTI S.p.A. intends setting an example in preventive management for all Companies in the sector. Therefore, the company commitment will extend to integration of the policies, programs and procedures linked to quality and safety and with all the operating and management activities of the Organization.

The Management shall re-examine and circulate this Policy periodically.