Privacy Events
PRIVACY POLICY STATEMENT
GENERAL INFORMATION
We hereby inform you (hereinafter "data subject", pursuant to Article 4, (1) of the GDPR) that registration for Florim events and access to the company headquarters or other locations where Florim organises meetings/events may involve the processing of your personal data. Specific information (in accordance with Article 13 of the GDPR) regarding the various processing contexts is provided below, bearing in mind the application of the following general principles:
- all data are processed in a lawful, fair and transparent manner with respect to data subjects, in accordance with the general principles set forth in Article 5 of the GDPR;
- specific security measures are implemented to prevent the loss of data, illegal or improper use, or unauthorised access;
- the Data Controller is the undersigned Florim Ceramiche S.P.A. SB
- Data subjects may contact the Data Controller at privacydpo@florim.com to exercise all their rights under Articles 15-22 of the GDPR (right of access, rectification, erasure, restriction, portability, and to object to processing and profiling) and to withdraw a consent granted previously or to lodge a complaint with the Italian Data Protection Supervisory Authority.
1. DATA FOR REGISTRATION TO AND PARTICIPATION IN EVENTS
Your personal data may be collected to allow you to register for and participate in events organised by the Data Controller, or by third parties, and hosted at the Data Controller's offices.
|
Purposes of processing (Article 13 (1) (c) of the GDPR) |
The purpose of this processing is to allow the data subject to register and participate in events, as well as to register attendance at them. The processing is also necessary to manage safety requirements at the premises where said events will take place. |
| Categories of personal data |
- personal details (name, surname); - contact details (email address, address, company you work for, occupation, sales contact person) |
|
Lawfulness of processing (Article 13 (1) (c) of the GDPR) |
The processing of personal data is carried out to meet the request of the data subject to register and participate in specific events (fulfilment of contractual or pre-contractual measures requested by the data subject, Article 6 (1) (b) of the GDPR). The processing is also carried out in compliance with the requirements on safety in the workplace (Article 6 (1) (c) of the GDPR). |
|
Scope of communication (Article 13 (1) (e) and (f) of the GDPR) |
The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (e.g.: support for the management of IT systems, event planning companies or customer service companies). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. The data may be disclosed to the competent authorities in specific cases. In any case, personal data will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area. |
|
Data processing methods (Recital 39, GDPR) |
Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access. |
|
Data storage period (Article 13 (2) (a) of the GDPR) |
Personal data are stored only for the time necessary to carry out the services requested in relation to the events organised. |
|
Nature of the provision (Article 13 (2) (e) of the GDPR) |
The provision of your personal data for the purposes indicated above is optional. However, failure to provide it may make it impossible for you to register and participate in the events organised. |
2. VIDEO SURVEILLANCE
There are video surveillance systems present at the Data Controller's offices.
|
Purposes of processing (Article 13 (1) (c) of the GDPR) |
The video surveillance systems are installed in accordance with current legislation, by virtue of a specific assessment of the lawfulness and proportionality of such processing, in order to protect the company's assets and the safety of the people who are there. The presence of these systems is reported in accordance with the relevant guidelines, also using specific signs that disclose this. |
|
Lawfulness of processing (Article 13 (1) (c) of the GDPR) |
The processing is necessary to pursue the legitimate interests of the Data Controller to protect and safeguard company assets and the persons located therein (Article 6 (1) (f) of the GDPR). |
|
Scope of communication (Article 13 (1) (e) and (f) of the GDPR) |
The data are processed exclusively by personnel authorised and trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (e.g.: support for the maintenance of video surveillance systems; concierge services/security guards): these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In specific cases (e.g. investigations and verifications), the recordings may be made available to the competent authorities. In any case, personal data collected through video surveillance systems will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area. |
|
Data processing methods (Recital 39, GDPR) |
Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. Images will be processed using IT and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access. |
|
Data storage period (Article 13 (2) (a) of the GDPR) |
Footage is stored for up to a maximum period of 72 hours. |
3. IMAGES TAKEN WHEN YOU PARTICIPATE IN EVENTS
You may be filmed or photographed when you participate in events organised or hosted by the Data Controller.
|
Purposes of processing (Article 13 (1) (c) of the GDPR) |
Participants in events held at the Data Controller's premises may be filmed and photographed. The photographs or recordings will be used for the purposes of communicating and promoting the services and initiatives of the Data Controller and may be published on the website and social media, and in the media and the press. The Data Controller guarantees that the images will not be used in contexts that may affect the personal dignity and decorum of the data subjects. The use of the images is free of charge and no future claims can be made in this regard. |
|
Lawfulness of processing (Article 13 (1) (c) of the GDPR) |
Personal data are processed where the data subject provides his or her consent (Article 6 (1) (a) of the GDPR). Consent will be acquired during events data subject takes part in. |
|
Scope of communication (Article 13 (1) (e) and (f) of the GDPR) |
The data are processed exclusively by personnel authorised and trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (e.g.: support for the management of IT systems, event planning companies, marketing or communications companies). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. The data may be disclosed to the competent authorities in specific cases. The images may also be communicated to third parties and disseminated through the website, communication tools, print media, social networks, social media, television, through publication in magazines or presentations at seminars and conferences, etc. |
|
Data processing methods (Recital 39, GDPR) |
Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access. |
|
Data storage period (Article 13 (2) (a) of the GDPR) |
With the exception of the data that is disseminated, personal data will be stored for the time necessary to carry out the purposes set out above. |
|
Nature of the provision (Article 13 (2) (e) of the GDPR) |
The provision of data is optional and subject to the consent of the data subject. However, if you do not give your consent, you will not be able to access the Data Controller's premises or take part in the event. |
4. DATA FOR SUBSCRIPTION TO PERSONALISED INFORMATIVE NEWSLETTERS
Personal data are processed for purposes connected with sending informative newsletters, where the data subjects fill out specific forms on this site.
|
Purposes of processing (Article 13 (1) (c) of the GDPR) |
When you fill out specific forms on this website, your personal data are collected in order to send you periodic communications that promote the image and professionalism of the Data Controller (catalogues and other promotional objects; services offered by the Data Controller or by companies in the same group; notice of trade fairs, exhibitions, exhibits; invitations to participate in such events). Communications will be sent as newsletters to the email address indicated by the data subject, and may be personalised in some cases. |
| Categories of personal data |
- personal details (name, surname); - contact details (email address); - data relating to the professional sphere (field of employment); - information relating to the personal sphere (country). |
|
Lawfulness of processing (Article 13 (1) (c) of the GDPR) |
Personal data are processed for the purposes and in the manner described in this paragraph with the consent of the data subject (Article 6 (1) (a) of the GDPR). |
|
Scope of communication (Article 13 (1) (e) and (f) of the GDPR) |
The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (support for the management of the website; consulting firms or customer service companies). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In any case, personal data will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area. |
|
Data processing methods (Recital 39, GDPR) |
Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and automated tools. The profiling and personalisation of newsletters will be carried out on the basis of the following criteria: (i) territorial/geographical criteria, taking into account the country of the data subject; (ii) field of employment of the data subject. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access. |
|
Data storage period (Article 13 (2) (a) of the GDPR) |
Personal data are stored for the time necessary for the management of the relationship with the requesting party. |
|
Nature of the provision (Article 13 (2) (e) of the GDPR) |
The provision of your personal data for the purposes indicated above is optional. However, failure to provide it may affect the correct sending of the requested informative newsletters. |