Privacy policy

Last updated January 02, 2020

INFORMATION NOTICE REGARDING THE PROCESSING OF VISITORS’ PERSONAL DATA IN ACCORDANCE WITH EU REGULATION 2016/679 (“GDPR”)

DATA CONTROLLER
NovaCapital Srl
Via Broletto 44 20121 Milano
T: (+39) 02 85672200 F: (+39) 02 85672901
C.F. e P.I. 02380270427
(“Company”)

 

PERSONAL DATA PROCESSED

Full name, place and date of birth and other elements indicated in the identification document, as well as the image displayed through the closed circuit video surveillance systems in operation at the Company's offices.


MINIMUM INFORMATION

Closed-circuit video surveillance systems are in operation at the Company's head offices, appropriately indicated before the relative range of action by the affixing of specific signs according to the General Provision on the Video-surveillance of the Privacy Authority of 8 April 2010. The cameras are installed outside and inside the building and record the access passages and the areas around the perimeter of the building.

 

DATA PROCESSING PURPOSES DATA

  • Purposes related to identifying data subjects as visitors on the Controller's premises, checking physical access points (including video surveillance) for the security of people and property. 
  • Identification of persons in the building also to manage possible emergency situations, through attendances automatic detection (via app or via tag).
  • Purposes connected to COVID19 restraint

LEGAL BASIS FOR PROCESSING

  • Legitimate interest (protection of the company and its assets. Security)
  • Legitimate interest (protection of the company and employees).

DATA RETENTION PERIOD
Video surveillance:
24 hours from the moment in which the images were taken, exception for special needs for further conservation in relation to festivities or the closure of offices or businesses, as well as in cases where it is necessary to adhere to a specific inquiry by the judicial or police authorities. The recordings in any case are never kept for more than a week

Monitoring physical access points, other than through video surveillance

  • 6 month 
  • Duration of the health emergency and applicability of the related regulations. 

 

DATA PROVISION

Compulsory: refusal to provide data means that the data subject cannot access the Controller's premises as a visitor. Entering video surveillance areas involves gathering, recording, retaining and generally using the images of data subjects.

 

DATA RECIPIENTS

Data may be communicated to parties operating as data controllers, such as supervisory bodies or authorities, or public organizations authorized to request data, such as public security/legal authorities.

Data may be processed on behalf of the controller by parties appointed as data processors, such as security companies, and companies providing maintenance for video surveillance systems, providers of assistance related to the automatic detection system.

 

SUBJECTS AUTHORIZED TO PROCESSING DATA

The data may only be processed by employees in company departments who are responsible for carrying out the activities outlined above and have been authorized to process the data and received suitable operating instructions.

 

PERSONAL DATA TRANSFERS OUTSIDE THE EU

The data may be transferred abroad to non-European countries, and in particular in the USA, a country whose level of data protection has been deemed appropriate by the European Commission pursuant to art. 45 of the GDPR (Privacy Shield)

The decision of adequacy of the European Commission can be consulted at the following link: http://eur-lex.europa.eu/legal-content/IT/TXT/PDF/?uri=CELEX:32016D1250&from=IT

 

DATA SUBJECTS’ RIGHTS – COMPLAINT TO THE SUPERVISORY BODY

By contacting Ariston Thermo S.p.A. via mail address V.le A. Merloni 45 – Fabriano (AN),  via e-mail sent to privacy.aristonthermo@aristonthermo.com, the data subjects may ask the data controller for access to the data concerning them, rectification of inaccurate data, integration of incomplete data, erasure of data and limitation of processing in the cases provided for by art. 18 GDPR, where applicable, as well as oppose, at any time, in whole or in part, on grounds relating to their particular situation, the processing of data necessary for the pursuit of the legitimate interests of the data controller.

The right to portability of the data referred to in art. 20 GDPR cannot be exercised because the processing is carried out in the legitimate interest of the data controller. 

With regard to the images recorded, the right to correct or amend data as outlined in article 16 GDPR does not apply due to the intrinsic nature of the data (images captured in real time regarding an objective fact).

Data subjects shall be entitled to lodge a complaint with the relevant supervisory authority in the Member State where they have their habitual residence or employment or in the State where an alleged infringement has occurred.

 

DATA PROTECTION OFFICER (DPO)

Data Protection Officer (“DPO”) appointed by Data Controller pursuant to Art. 37 and following of the GDPR is Mr. Gabriele Faggioli.

It is possible to contact the Data Protection Officer (“DPO”) via e-mail at: DPO.AristonThermoGroup@aristonthermo.com