PRIVACY POLICY – articles 13 and 14 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL – 27 April 2016

NORD OVEST SPA, Tax Code/VAT N. 00455030049, in the person of its Legal Representative, is the Data Controller of your personal data.
As interested party we inform you that:
The Data Controller’s registered office is in Via Motorizzazione n.19,21,29, 12100, Cuneo, CN, Italy.

The Data Controller’s contact details for the plant in Select one. are:
telephone: 0171415600
email: privacy@nord-ovest.com
certified email: privacy@pec.nord-ovest.it

Personal data are collected and processed by NORD OVEST SPA in an adequate, pertinent, legitimate, appropriate and transparent manner, for limited purposes.

The defined, explicit and legitimate collection and processing purposes are:

1. Fulfilment of contract obligations;
2. Fulfilment of accounting, administration and other obligations set by laws, regulations and circulars for tax purposes;
3. Administration and accounting;
4. Fulfilment of obligations set by national laws;
5. Fulfilment of obligations set by EU laws, rules and regulations;
6. Protection of the legitimate interest of the Data Controller or third parties, in a fair balance of the parties rights and as long as they override the interests, rights and freedoms of the Data Subjects;

Should the Data Controller require to treat personal data for additional purposes other than those for which the data were collected, data subjects will be informed by integrating this policy or publishing a new edition of the information note.

In the event of additional processing of data for public interest, scientific or historic research, or for statistical purposes (guarantees and exceptions – art. 89), should communication to the data subjects be impossible or require a disproportional effort, the Data Controller may carry out the additional processing without notification until the information is made public, as long as appropriate measures are adopted to protect the rights, freedom and legitimate interests of the data subjects.

Personal data will be processed exclusively by authorised subjects, under the authority of the Data Controller and based on the regulatory principles and logical and technological security procedures (art 32, paragraph 4).

The Data Controller may transfer, transmit or communicate personal data only to the following categories of subjects (recipients):

Third parties may process data as designated Data Processors (art. 28).

The Data Controller does not intend to disclose personal data to third-party countries or international organizations.

The data collected for the purposes mentioned in points 1), 2), 3), 4), 5) will be stored, as required by the law, for at least 10 years from the date in which they were last used for accountancy purposes. The Data Controller may extend the retention period beyond 10 years from the last time the data was used, to keep a comprehensive record of all company activities and provide proof in the event of tax, company or commercial disputes. The Data Controller may not extend the data processing period beyond the period of time required for the purposes for which the data were collected and processed.

Additionally, Data Subjects have the right to:

• access the personal data concerning them;
• request the rectification and erasure of their personal data;
• request to limit the purposes for which the Data Controller can process their data
• object to the processing;
• receive the personal data concerning them in order to transmit them to another Data Controller (data portability);
• revoke their consent to data processing when it is based on consent (art. 6, paragraph 1, letter a); art. 9, paragraph 2, letter a));
• complain with the Data Protection Authority;
• be informed as to whether the provision of their data is a legal or contractual obligation, or a necessary requirement.

Data are acquired directly from data subjects