The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. Based on this principle, the European Union has issued the Regulation (EU) 2016/679 (GDPR)is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.
IGQ is committed to ensure that the fundamental principles of privacy provided by the GDPR, including the guarantee of regulatory compliance, are implemented as follows:
- LAWFULNESS, FAIRNESS AND TRANSPARENCY (GDPR, Art. 5, c.1, l.a)
Any processing of data is legitimized by specific requirements, such as an express consent of the interested party, a legal obligation, a contract between the parties, a legitimate interest of the owner. The data are processed correctly and transparently towards the data subject.
- PURPOSES (GDPR, Art. 5, c.1, l.b)
Personal data are collected and processed only for predetermined, explicit and legitimate purposes
- ADEQUACY, RELEVANCY AND LIMITEDNESS (GDPR, Art. 5, c.1, l.c)
The use of personal data is always reduced to the minimum necessary essential for achieving the stated purposes; personal data are collected and processed only if functional to achieve the stated purposes; personal data are processed using methods and instruments proportional to the purposes to be achieved
- ACCURACY, COMPLETENESS, UPDATE (GDPR, Art. 5, c.1, l.d)
Personal data are punctually verified, so that their accuracy, completeness and updating are guaranteed
- CONSERVATION (GDPR, Art. 5, c.1, l.e)
Personal data is kept for a limited period of time to achieve the stated purposes
- SECURITY (GDPR, Art. 5, c.1, l.f)
The data are always collected and processed after the adoption of appropriate security measures
- CONFIDENTIALITY (GDPR, Art. 5, c.1, l.f)
The data are processed by suitably identified, authorized and instructed subjects. The Board of Directors has entrusted the Director with the role of Data Controller. Appropriate procedures and registrations make this policy operational.
Information on the processing of personal data
art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data – GDPR
All persons whose data is processed by IGQ have the following rights:
RIGHTS OF THE DATA SUBJECT (GDPR Articles from 15 to 22)
At any time, the data subject may exercise the right to:
- request confirmation of the existence or otherwise of personal data;
- obtain information about
- the purposes of the processing,
- the categories of personal data,
- the recipients or categories of recipients to whom the personal data have been or will be disclosed,
- where possible, the envisaged period for which the personal data will be stored.
- obtain the correction and erasure of personal data;
- obtain the restriction of processing of personal data;
- obtaining data portability, ie receiving them from a data controller, in a structured, commonly used and machine-readable format, and transmitting them to another data controller without hindrance;
- object to the processing at any time and also in the case of processing for direct marketing purposes;
- object to an automated individual decision-making process, including profiling;
- make a complaint to the Italian Data Protection Authority.
Requests shall be sent to the Data Controller by writing to firstname.lastname@example.org
The personal data controller is IGQ – Istituto Italiano di Garanzia della Qualità, Via Giosuè Carducci 125 / A – 20099 Sesto San Giovanni (MI), in the person of the Director.
DATA PROTECTION OFFICER
The Data Protection Officer (DPO) has not been designated as IGQ does not process personal data falling within the definition of art. 37 of the GDPR.
PURPOSE OF DATA PROCESSING
GQ processes personal data only for the purpose of providing interested parties with the services requested. Where necessary IGQ requires the explicit consent of the data subjects to continue with the data processing.
Personal data arer processed by automated tools for the time necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
DATA STORAGE PERIOD
Personal data are processed with automated and manual tools for the time necessary to achieve the purposes for which they were collected.
DATA PROVIDED VOLUNTARILY BY DATA SUBJECTS
The optional, explicit and voluntary sending of electronic mail or other data to IGQ, through the e-mail addresses indicated on the website www.igq.itor obtained by other means, involves the subsequent acquisition of the sender’s address, necessary to reply to requests, as well as any other personal data included in the message and are not disclosed to third parties.
PROCESSING OF PERSONAL DATA ACQUIRED VIA THE WEB
The personal data provided by users who forward, through the site www.igq.it, , requests for information on the services offered by IGQ are used only to provide the requested information and are not disclosed to third parties.
Processing activities of the data connected to the web services are handled only by IGQ internal staff.
OPTIONAL PROVISION OF DATA
The user is free to provide personal data contained in the request forms to the Data Controller to access the services offered.
Failure to provide such data may make it impossible to obtain what is requested.
Personal data relating to the processing in question will not be communicated in any way to third parties.
The personal data processed will not, in any way, be brought to the attention of undetermined subjects.
TRANSFER TO OTHER COUNTRIES
The personal data processed will not be transferred to other countries .