Data protection information pursuant to Articles 13, 14, 21 and 77 of UE Reg. n.679/2016 (GDPR)
Si prega di cliccare qui per la versione in lingua Italiana.
The aim of this document is to provide you with information on how we process your personal data and to notify you of your statutory rights with regard to data protection.
This information will be updated as required and published on this site, where you will also find data protection information for visitors to our website.
We process personal data that we receive as part of our business relationships with customers and suppliers. In addition, we process personal data that we obtain by legitimate means from public sources (e.g. commercial register, press, the Internet) or that is legitimately transmitted to us by other ALTANA companies or other third parties (e.g. credit agencies), to the extent that is necessary for us to provide our services.
We process personal data in compliance with the provisions of the General Data Protection Regulation (GDPR) of the European Union, the Italian laws and the provisions of the Italian Data Protection Authority:
4.1 In performance of contractual obligations (Article 6 para. 1 (b) GDPR)
Data are processed in order to perform contracted services or to carry out pre-contract measures in the procurement or sales process. The purposes depend primarily on the specific product or service concerned.
4.2 In the context of legitimate interests (Article 6 para. 1 (f) GDPR)
We process personal data where required for the performance of the contract to protect our legitimate interests or those of third parties. Examples:
- Consultation of and exchange of information with credit agencies (e.g. Cerved Lince) to determine credit and default risks;
- Advertising or market research or opinion polls, unless you have objected to the use of your data;
- Assertion of legal claims and defense in the context of legal disputes;
- Guaranteeing the IT security and IT operation of the company;
- Preventing and resolving criminal acts;
- Video surveillance to ensure adherence to site rules and to prevent actual damage and criminal activities;
- Measures to enforce the security of buildings and plant (e.g. access controls).
4.3 With your consent (Article 6 para. 1 (a) GDPR)
If you have consented to us processing your personal data for specific purposes (e.g. Newsletter, access to our plants), your consent forms the lawful basis for this processing. Consent may be withdrawn at any time. When consent is withdrawn this does not affect the lawful basis for the processing of data up to the point at which consent is withdrawn.
4.4 For compliance with a legal obligation (Article 6 para. 1 (c) GDPR)
We are subject to various legal obligations (e.g. tax and customs duty legislation). These involve the transmission of personal data to responsible authorities and offices (e.g. tax office, customs authorities).
The purposes of processing include age and identity verification, screening against anti-terror lists, compliance with tax-law and communications required by law (e.g. antimafia), monitoring and reporting obligations and the evaluation and management of risks in the context of safety and environmental protection policy.
Your personal data will only be transmitted where there is a lawful basis for this. Within the company, only people who require the information to perform our contractual and statutory obligations will be given access to your personal data.
In addition, the following may receive your data:
- Data processing contractors engaged by us (Processors under Article 28 GDPR), in particular in the area of IT services, sales, logistics and printing services, to process your data on our behalf in accordance with our instructions.
- Public offices and institutions (e.g. tax office, customs authorities) provided there is a statutory or official obligation.
- Other processors for which you have given us your consent (e.g. in the context of research projects).
- Transfer within the group of companies taking into account recital 48 of the EU-GDPR.
Data will be transferred to controllers/processors in third countries (countries outside the European Economic Area) if:
- it is necessary to do so to fulfill your orders (e.g. cooperation with our production facilities in third countries),
- it is required by law (e.g. tax reporting obligations) or
- you have given us your consent, or
- this is permitted by balancing of interests and taking into account consideration reason 48 of the EU-GDPR within affiliated companies
Other than this we will not send any personal data to controllers/processors in third countries or international organizations. However, for certain tasks we do use service providers that may be domiciled, have a parent company or maintain data centers in a third country. Such transfer is permitted when the European Commission has decided that the third country has an adequate level of protection (Article 45 GDPR). If the Commission has not reached such a decision, we may only transfer personal data to a service provider in a third country if suitable contractual guarantees have been agreed and there are enforceable laws and effective legal remedies.
We process and store your personal data for as long as is required to perform our contractual and statutory obligations.
When data are no longer needed for the performance of contractual or statutory obligations, these are regularly deleted unless they must be retained for fixed-term further processing for the purposes of compliance with retention periods provider for by the Civil Code (ten years) and by tax law (five years).
You have the right to:
- Information (Article 15 GDPR)
- Rectification (Article 16 GDPR)
- Erasure (Article 17 GDPR)
- Restrict processing (Article 18 GDPR)
- Data portability (Article 20 GDPR)
- Object (Article 21 GDPR)
You also have the right to complain to a responsible data protection supervisory authority (Article 77 GDPR).
You may exercise your rights in any form. Our contact details can be found in section 1.
Pursuant to Article 4 (4) GDPR, ‘profiling’ means any form of automated processing of personal data to evaluate, analyze or predict certain personal aspects relating to a natural person (e.g. performance at work, economic situation, personal preferences or interests, reliability, behavior or movements).
We do not use profiling.
12.1 Right to object to processing for the purpose of legitimate interest
For reasons arising from your particular situation, you have the right to object at any time to the processing of your personal data that is done pursuant to Article 6 para. 1 (f) GDPR (processing necessary for the purposes of legitimate interests). This also applies to profiling pursuant to Article 4 (4) GDPR based on this provision.
If you object, we will cease processing of your personal data unless we are able to demonstrate legitimate reasons for processing that override your interests, rights and freedoms, or unless the processing is for the purpose of enforcing, exercising or defending legal claims.
12.2 Right to object to the processing of data for the purposes of direct advertising
We may also process your data in the context of the statutory provisions for the purpose of direct advertising. You have the right to object at any time to the processing of your personal data for the purposes of such advertising. This also applies to profiling where this is connected to such direct advertising.
If you object to the processing for the purposes of direct advertising we will no longer process your personal data for this purpose.
12.3 Address for lodging objections
You may lodge your objection in any form.
Our contact details can be found in section 1.