Information on the processing of data belonging to employees of client and supplier companies
CROS NT – during the contractual negotiations and the execution of a contract with its customers and suppliers, or while performing checks, controls and audits – may become aware of personal data concerning the employees of client and supplier companies. Therefore, pursuant to current legislation, CROS NT releases the following information to datas subjects.
GENERAL PRINCIPLES OF DATA PROCESSING
Data processing will be performed through collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction and will be carried out by the data controller, data processor and persons authorized to process data.
Personal Data will be processed lawfully, fairly and in a transparent manner; will be collected for specified, explicit and legitimate purposes and processed in a manner that is not incompatible with such purposes; they will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, accurate and up-to-date; they will be processed with the utmost confidentiality, mainly with electronic and automated means, and stored both electronically and on paper, and on any other type of suitable means, in accordance with the principles of the General Data Protection Regulation, the requirements given by the supervisory authority and, in any case, in such a way as to ensure adequate level of security, including protection, with adequate technical and organizational measures, from non-authorized or unlawful processing, or even accidental loss. Data will be stored in a manner that permits the identification of the data subjects for the extent strictly necessary to the achievement of the purposes for which they were processed.
CROS NT undertakes the responsibility to observe specific security measures in order to prevent data loss, illegitimate or unfair use and unauthorized access, in full compliance with statutory and regulatory provisions.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
Data Controller is Cros NT S.r.l., a sole shareholder company, with registered office in Verona, Via Germania n. 2, VAT Number 03274820236.
For the purposes of exercising the rights provided for in the GDPR, and for any request relating to your personal data, you may contact the Data Controller by sending a communication to the following e-mail address: firstname.lastname@example.org
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
CROS NT S.r.l., a sole shareholder company, has appointed as Data Protection Officer (DPO) Avv. Simone Baggio, whose office is in Bassano del Grappa (Vicenza) – Italy, Via Mure del Bastion, 38, email address: email@example.com
Purposes of the processing of personal data
The processing of the personal data of employees of client or supplier companies is aimed at carrying out contractual negotiations and executing the contract concluded with the holder of the employment relationship or at performing checks, controls and audits before or after the execution of the contract itself.
Legal basis of data processing
The processing of personal data belonging to employees of third-party companies is required for pursuing the legitimate scope of the undersigned company, and precisely it is necessary in order to execute the contract between CROS NT and the organization to which the employee belongs, or in the context of contractual negotiations, or again during checks, controls and audits.
Categories of personal data being processed
Data which are subject to processing are common data (which relate to the employment relationship, job tasks, personal and fiscal data, contractual data, etc.). Data relating to health condition and biometric data may be processed as well, to the extent that is strictly necessary for the achievement of the purposes indicated. No judicial data will be processed.
POSSIBLE RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data may be known by employees, autonomous collaborators, subsidiaries and sister companies, and controlling companies, to the extent that such knowledge is necessary for the achievement of the purposes indicated.
The personal data acquired by the undersigned company will not be subject to dissemination.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
CROS NT S.r.l. is going to transfer your personal data for the purposes specified to Cros NT LLC, with registered office in 1340, Environ Way, 3rd Floor, Chapel Hill (USA), by adopting data protection clauses set forth by the European Commission.
PERIOD OF STORAGE OF PERSONAL DATA
Personal data will be stored by the undersigned company for the entire duration of the contract with the organization holding the employment contract and for ten years after the termination of the contract itself, and/or in any case in compliance with the requirements of the current civil, fiscal and administrative legislation on data storage. A longer period of storage of personal data may be due to requests made by the Public Administration or by another judicial, governmental or regulatory body, or caused by the participation of the undersigned company in judicial procedures involving the processing of personal data.
Personal data processed by CROS NT before the conclusion of a contract with the employers of the worker will be stored for the time that is strictly necessary in the context of contractual negotiations, or again during checks, controls and audits.
RIGHTS GRANTED TO THE DATA SUBJECT
Data Subjects are entitled to obtain access to personal data from the Data Controller, for free and without any limitation to third parties’ rights and freedoms. Particularly, they have the right to receive confirmation of whether or not their own personal data are being processed, and to receive the following information: a) the origin of the personal data, in case they were not collected from the data subject; b) the categories of personal data; c) the purpose and modality of treatment; d) the existence of an automated process, profiling included, and in that case the logic applied, the importance and any expected consequence of such processing for the data subject; e) updating or rectification; f) the deletion or limitation of the processing of their data (anonymization, blocking of unlawful data processing, including those whose storage is not required in relation to the purposes for which they were collected or then processed); g) the recipients or the categories of recipients to whom personal data have been or will be communicated, especially if they belong to international organizations or third countries (in the latter case, the data subject has the right to be informed of the existence of adequate guarantees pursuant to article 46 relating to data transfer); h) when possible, the expected period of storage of personal data or, in case it is not possible, the criteria used in order to determine such period.
Data Subjects have the right to withdraw their consent to data processing and to oppose data processing. Anyhow, the withdrawal of consent to data processing shall not affect the lawfulness of data processing based on the consent given before its withdrawal.
Data subjects also have the right to data portability.
RIGHT TO LODGE A COMPLAINT
Data subjects have the right to lodge a complaint to the Supervisory Authority, which is represented in Italy by the Data Protection Authority, with its headquarters in Rome, Piazza Monte Citorio, 121.
SOURCE OF PERSONAL DATA AND, WHERE APPROPRIATE, POSSIBILITY THAT DATA COME FROM SOURCES ACCESSIBLE TO THE PUBLIC
Personal data have been provided by the organization to which the employee belongs.
EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
The undersigned company does not use any automated decision-making process which may produce significant legal effects to the data subject.