Privacy Policy
The compliance that guides Advolo

 

Principles applied

The firm follows the guidance present in the European Regulation by drawing inspiration from the principles therein in the management of personal data.

 

Processing of personal data

Personal data collected are processed lawfully, fairly and transparently.

The data are collected for specified purposes (mainly to provide the client with the requested consulting service – occupational safety, training, instrumental tests, machinery and plant design, technical documentation, technical directives), explicit and legitimate, and subsequently processed in a way that is not incompatible with these purposes.

They are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

They are accurate and, if necessary, corrected/updated in a timely manner.

Are kept in a form that allows identification of data subjects for a period of time not exceeding the achievement of the intended purposes.

Processed in a manner that ensures adequate security.

 

Lawfulness of processing.

The processing carried out is lawful insofar as at least one of the following conditions occurs:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • the processing is necessary for the performance of a contract to which the data subject is a party or the performance of pre-contractual measures taken at the request of the data subject;
  • processing is necessary to comply with a legal obligation to which the data controller is subject;
  • the data subject has given his or her explicit consent to the processing of such personal data for one or more specific purposes;
  • the processing is necessary to fulfill the obligations and exercise the specific rights of the data controller or the data subject in the field of labor and social security law and social protection;

 

Consent of the data subject

Where consent is required from the data subject, the firm has prepared a request using simple and clear language.

The data subject’s right to withdraw his or her consent at any time is also clearly pointed out.

 

 

“Particular” categories of personal data

There are certain categories of data defined as “special” whose processing is prohibited. These categories are as follows: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health or sexual life or sexual orientation.

An exception to this prohibition is made if and only if:

  • the data subject has given his or her explicit consent to the processing of such personal data for one or more specific purposes;
  • the processing is necessary to fulfill the obligations and exercise the specific rights of the data controller or the data subject in the field of labor and social security law and social protection;
  • processing is necessary for purposes of preventive or occupational medicine, assessment of the employee’s ability to work, diagnosis, health or social care or treatment, or management of health or social care systems and services on the basis of Union or member state law or in accordance with the contract with a health professional
 

 

Disclosure

The notice provided to the data subject will contain the following information:

  • the identity and contact details of the data controller and/or its representative;
  • The contact details of the data protection officer DPO (Data Protection Officer, if any);
  • the purposes of the processing for which the personal data are intended;
  • the recipients or categories of recipients, if any, of the personal data;
  • the intention, if any, of the data controller to transfer personal data to a third country;
  • the period of retention of personal data or the criteria used to determine this period; and
  • the right to access one’s own data, their rectification or deletion, restriction of processing, possible opposition, as well as the right to portability;
  • the right to withdraw consent
  • the specification of whether it is compulsory to provide personal data as well as the possible consequences of not providing such data
  • the possible existence of an automated decision-making process, including profiling
 

 

Rights of the data subject

The firm grants the data subject the following rights under the new regulation:

  • confirmation as to whether or not personal data is present and if so, to have access to it in addition to the details in the information notice
  • right to rectification
  • right to erasure /oblivion
  • right to obtain restriction of processing
  • right to data portability
  • Right to object to the processing of personal data concerning him/her
 

 

Notification of personal data breach

In the event of a personal data breach, the data controller shall notify the competent supervisory authority of the breach without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the personal data breach is unlikely to present a risk to the rights and freedoms of natural persons. Where notification to the supervisory authority is not made within 72 hours, it shall be accompanied by the reasons for the delay.

When the personal data breach is likely to present a high risk to the rights and freedoms of natural persons, the data controller shall notify the data subject of the breach without undue delay.

 

Owner

Is the entity, natural person, legal entity, public authority, service or other body, which determines the purposes and means of processing. Personal data (possibly collected) are processed lawfully, correctly and transparently.

The data controller is:

  • Advolo s.r.l. based in Forlimpopoli, Piazzale A. Gramsci, 1 (in the person of Michele Rinieri)
 

 

Data Processor.

Is the entity, natural person, legal entity, public authority, service or other body, which processes the data on behalf of the Data Controller. Any chosen Data Processors present sufficient guarantees to implement appropriate technical and organizational measures. The relationship between Data Controller and Data Processor is governed and documented by a contract between the parties.

The Data Processor processes data in accordance with current privacy regulations, applying all the security measures provided; moreover, it does not use another data processor without prior written authorization, from the Controller. According to the owner’s choice, it deletes or returns all personal data after the service/contract between the parties is finished.

The data processors are:

  • Medoc Sicurezza srl with headquarters in Forlì, Viale Vittorio Veneto, 1/a for occupational medicine
  • Kronos srl headquartered in Forlì at via Balzella 41/G for computer support
  • Studio Pollini Davide based in Gambettola at Via J.F. Kennedy, 25 int. a for labor consulting and payroll
  • Francesco Casadei Gardini Certified Public Accountant based in Forlì at Via G. Pedriali, 18 as an accountant and auditor.
  • External professionals for consulting on behalf of the firm

 

Person in charge of processing

It is not expressly regulated, but Article 29, “Processing under the authority of the Controller or Manager,” provides for such figures. In fact, they are the individuals who act on behalf of the Owner or Manager and materially process personal data. The person in charge must be trained in order to be able to carry out their activities to the best of their ability.

 

 

Data protection officer “DPO or DPO”

This is the person, appointed by the data controller, who oversees the correct application of the Regulations. He is in fact a subject matter expert who stands in support of the various privacy stakeholders.

This figure is generally referred to in documents as “DPO – Data Protection Officer,” or in English “DPO – Data protection officer.”

The data protection officer is designated according to professional qualities and specialized knowledge of the legislation; he or she may be an employee of the data controller or data processor or perform his or her duties under a service contract.

The contact details of the data protection officer are communicated to the supervisory authority by the data controller or processor.

The data protection officer has full autonomy and resources in the performance of his duties. He or she is bound to confidentiality regarding his or her activities and may perform additional duties that do not conflict with the role occupied.

Duties:

  • Advise the data controller or processor as well as the employees performing the processing on the obligations arising from these regulations;
  • supervise compliance with this regulation;
  • provide assistance regarding the DPIA data protection impact assessment;
  • cooperate with the supervisory authority;
Download the pdf document
Advolo S.r.l.
Piazzale A. Gramsci,
47034 Forlimpopoli (FC)
Tel. and Fax. 0543-724065

VAT number: 04031800404 Business Register FC Cap. Soc. € 50,000.00 i.v.
Useful links
Careers
Code of Ethics
Institutes and Associations
                        
2024    advolo srl   All rights reserved      Privacy Policy      Cookie Policy      Quality Policy