PERSONAL DATA PROTECTION POLICY GROUP
EFORT-WFC Group (“Group”)
EFORT W.F.C. Holding S.p.A. as the Holding of the EFORT-WFC Group, it is aware of the importance of ensuring adequate safeguards for those affected by the processing of personal data, in each of the Group companies, in carrying out their respective business activities.
With this Policy, EFORT W.F.C. Holding S.p.A. intends to provide Directors, employees and all those who represent the company towards third parties, with information regarding the fundamental principles of conduct which they must comply with in the context of the processing operations carried out by individuals, whether external or internal to their own structure.
The processing of personal data must comply with the following general principles and rules:
• lawfulness, legality, legitimacy, correctness and transparency: the processing operations must be based on a valid assumption of lawfulness, be carried out for lawful purposes and made evident, as well as comply with applicable laws and regulations and must be carried out in compliance with the principles of correctness and transparency;
• determination of the purposes: the collection and registration of personal data must take place for the pursuit of legitimate purposes of the processing, identified in advance and communicated to the interested parties, ensuring that any subsequent or related processing is not incompatible with the purposes of the collection;
• necessity and proportionality: the processing operations must be carried out only when necessary for the pursuit of the purposes and must exclusively concern personal data that are adequate, relevant, complete, promptly updated and not exceeding what is necessary for the pursuit of the purposes of the processing. If the processing of personal data is not necessary for the pursuit of the purposes, the data must be made anonymous;
• reasonable duration: personal data must be processed for a period of time: not exceeding that required to pursue its purposes, allowing its timely cancellation even if it is inaccurate or irrelevant, with respect to the purposes of the processing. The data after this deadline must be destroyed or made anonymous, without prejudice to the need to keep them if this is required by current and binding laws;
• information and consent: the collection of data must be preceded by suitable information that must be provided in the manner and content prescribed by the applicable legislation. For the processing of certain types of data, the prior written consent of the interested parties is required for certain purposes and methods, as an essential condition for the processing itself.
• access rights of interested parties: within the limits set by applicable laws, interested parties always have the right to have confirmation of the existence or otherwise of personal data concerning them, to know the details and the origin of the same; to be informed about the subjects or categories of subjects to whom such data may be communicated, to request its updating, rectification or integration, and, if the conditions are met, cancellation. Furthermore, the right to object to processing for marketing purposes or commercial initiatives, or for reasons beyond compliance with mandatory rules or the need for processing aimed at completing a contractual relationship, must also be reserved; The interested party must be aware of the contact details (e-mail or physical address to which to address requests and / or requests)
• security: in accordance with the laws in force and also implementing specific company policies, the most appropriate security measures must be adopted to ensure the protection of personal data, in order to prevent illegal behavior, risks of loss, destruction, tampering and access by part of unauthorized parties.
The principles and rules set out in this Policy may be expressed in the procedures implemented by each local entity, based on the applicable legislation, without affecting compliance and applicability.