INFORMATION NOTICE TO VISITORS ON THE PROCESSING OF PERSONAL DATA REQUIRED FOR ACCESS TO THE PREMISES
(Articles 13 and 14 of EU Regulation 2016/679 “GDPR”)
Pursuant to Articles 13 and 14 of EU General Data Protection Regulation 2016/679, we inform you that the data you provide will be entered into the databases of the Company and processed solely for the purposes of registering visitors during visits or interventions at the premises, meetings or work sessions on site, delivery or pickup of goods, packages, or correspondence. A constant update of the individuals present within the buildings is necessary for the implementation of safety and evacuation plans as required by Law no. 81 of April 9, 2008.
The Data Controller ensures that personal data processing is carried out in compliance with fundamental rights and freedoms, as well as human dignity, particularly regarding confidentiality, personal identity, and the right to personal data protection.
1. TYPE OF DATA PROCESSED
The data will be processed to manage the access and circulation of people and vehicles within the areas under the Data Controller’s responsibility using paper and electronic tools by authorized personnel assigned to reception duties and, if necessary, by personnel responsible for access control and emergency management.
The following personal data may be processed:
Personal, identifying, and contact data (such as name, surname, date of birth, ID document number, telephone contacts, email);
Vehicle license plate data;
Data relating to access to premises (guest badge timestamps).
2. PURPOSES OF PROCESSING AND LEGAL BASIS
The purposes of processing are administrative in nature and fall under the legitimate interest of the Data Controller, particularly concerning the protection of company property, access control to the premises, and the tracking of individuals present for emergency management.
3. METHODS OF PROCESSING
Personal data is processed at the offices and in the IT systems of the Data Controller or, where necessary, by the subjects indicated in Section 5, using both paper and IT tools, including automated systems, to store, manage, and transmit data, while adopting all precautionary measures to ensure its security and confidentiality.
Data is processed in compliance with the principle of data minimization as per Articles 5(1)(c) and 25(2) of the Regulation. Data is processed lawfully and fairly, collected for specific, explicit, and legitimate purposes, kept up to date when necessary, and is relevant, complete, and not excessive in relation to the purposes of the processing.
The Data Controller does not use automated profiling processes.
4. DURATION OF PROCESSING AND STORAGE
Data will be retained for the time strictly necessary to achieve the purposes for which it was collected and, specifically, will be kept for the period of 1 year, as required by legislation on workplace safety and emergency management.
5. DISCLOSURE AND SHARING OF PERSONAL DATA
Data is processed by authorized personnel, appropriately trained and operating under the authority and responsibility of the Data Controller.
Personal data may, if necessary, be disclosed (meaning made known to one or more specified subjects) to:
Entities whose right to access data is recognized by national or EU legal provisions;
Entities to whom the communication of personal data is necessary or functionally relevant for managing access to the Company’s premises in the manner and for the purposes described above;
Collaborators and employees of the Data Controller within their duties and/or contractual obligations, including data processors and designated personnel, appointed in accordance with the Regulation.
Personal data may also be processed by third parties providing instrumental services, including communication services, email, delivery services, IT support, and other providers related to the aforementioned purposes. Only data strictly necessary for the performance of such services will be shared.
Without express consent, the Data Controller may also communicate personal data to supervisory bodies, judicial authorities, and all other entities to whom communication is mandatory by law (e.g., transparency obligations) for the aforementioned purposes. Personal data will not otherwise be disseminated.
The list of any external data processors is available at the offices of the Data Controller.
6. DATA SUBJECT’S RIGHTS
We also inform you that, with respect to your personal data, you may exercise the rights provided in Chapter III of the EU Regulation 2016/679 (GDPR) at any time. Specifically, you have the right to request: access to your data, rectification, deletion, integration of incomplete data, restriction of processing, and full or partial objection to the use of your data. You may exercise these rights by writing to the following email address:
privacy@bisiachcarru.it
Pursuant to Article 77 of the GDPR, you also have the right to lodge a complaint with the Supervisory Authority for the Protection of Personal Data if you believe that the processing of your data violates the Regulation.
7. DATA CONTROLLER
The data controller is Bisiach & Carrù S.p.A., with registered office at Corso Piemonte 36, 10078 Venaria Reale (TO), Turin, and can be contacted via email at: privacy@bisiachcarru.it
