Notice on the processing of data for Visitors

ai sensi degli articoli 12, 13 e 14 del Regolamento 2016/679/UE

Dear Sir/Madam,

Pursuant to Articles 12, 13, and 14 of Regulation 2016/679/EU, we inform you that your personal data provided during your visit to the premises of TECNOBODY S.P.A. (hereinafter referred to as "Data Controller"), VAT No. 02323900163, represented by its legal representative, Mr. Alessandro Carminati, with registered and operational offices at Via Lodi No. 10, Dalmine (BG), will be processed for the purposes related to your identification and for the implementation of access and security procedures at our premises.


Source, Purpose, Legal Basis, Nature of Data Processed and Data Provision

Your identifying personal data, possibly requested when accessing the company premises, will be collected and subsequently processed by TECNOBODY S.P.A. directly for the purposes related to your identification, carrying out security procedures, and controlling access to the premises to protect company assets (prevention and potential collection of evidence for the protection of people and property from possible assaults, thefts, robberies, damages, and acts of vandalism), for organizational and/or production needs, as well as to comply with legal obligations, regulations, or EU laws.
The provision of your data is mandatory, and for the achievement of the above purposes, we rely on the balancing of interests carried out by the Data Protection Authority under the decision of 10/04/2010. This processing is legally based on Article 6(1)(f) of Regulation 679/16, as it is necessary for the legitimate interest pursued by the data controller.
For this reason, consent for data processing is not required under Article 6 of the European Regulation 2016/679, since the processing of personal data is carried out based on the provisions of Article 6(1)(b) of the European Regulation 2016/679, in particular, it is necessary for your identification and for the implementation of security and access control procedures at the premises.
Failure to provide the data will entitle the Company to deny you access to our premises.


Communication of Data to Third Parties

Without prejudice to communications made in compliance with legal obligations or upon request from the competent Authorities, the data will not be disseminated and, for the above purposes, will be processed by employees and collaborators of the company who are specifically authorized to process the data pursuant to Article 29 of Regulation 2016/679/EU. These subjects are required to process the data in a lawful, correct manner, and only to the extent necessary to perform their work tasks (data minimization principle).

Your personal data will be included in the register of individuals present at the TECNOBODY S.P.A. premises to which you will have access. In case of emergency, they will be processed by the person responsible for the prevention and protection service or the emergency management responsible, for the correct execution of the procedures to be adopted in such cases. The data will not be transferred to third parties, except for requests from the Judicial Authority, defensive investigations, or for asserting a legal right, or in other cases provided by law (e.g., access to records).

Regarding data protection aspects, the interested party is invited, pursuant to Article 33 of the European Regulation 2016/679, to notify TECNOBODY S.P.A., as the Data Controller, of any circumstances or events that may lead to a potential "personal data breach" to allow immediate evaluation and the adoption of any actions aimed at preventing or addressing such events. This notification can be sent via email to privacy@tecnobody.it.


Transfer of Data Abroad

Personal data may be transferred to countries and international organizations belonging to the European Union (EU) and the European Economic Area (EEA) and, in principle, will not be transferred to countries or international organizations outside the EU or EEA (third countries). However, where necessary for the purposes indicated in this notice, data may be transferred to third countries. In this case, to ensure an adequate level of protection for personal data, the transfer will take place in compliance with Articles 44 et seq. of Regulation (EU) 2016/679 (GDPR) or to third countries for which there are adequacy decisions by the European Commission, based on Standard Contractual Clauses approved by the European Commission or under specific derogations provided by the GDPR. For the processing of information and data communicated to these entities, equivalent protection levels will be required for the processing of personal data of their employees. In any case, only the necessary data will be communicated for the purposes specified, and the regulatory tools provided by Chapter V of the GDPR will be applied. You may request more information regarding data transfers by emailing the Data Controller.


Processing Methods, Logic, and Retention Times

Your personal data will be processed in written form and/or on electronic or IT media, using automated tools, with logic strictly related to the purposes described above and, in any case, in a manner that ensures the security and confidentiality of the data.
Regarding access registration data at the premises, the lists will be kept for a period necessary to pursue the purposes outlined above, unless required for the protection of the rights of the interested parties. At the end of this period, the data will be automatically deleted from the system. The information system and software programs are configured to minimize the use of personal and identifying data. Personal data will not be subject to any automated decision-making process, including profiling.


Rights of the Data Subject

In accordance with the provisions of the Regulation on data protection, regarding the exercise of rights by data subjects (Chapter III of the European Regulation 2016/679), concerning the processing covered by this notice, you, as the data subject, have the right to:

  • Request confirmation whether or not your personal data is being processed;
  • Access the personal data concerning you;
  • Request rectification, deletion, or notification of the rectification and deletion to any recipients the data may have been disclosed to;
  • Request the restriction of processing in cases provided by law;
  • Obtain the portability of personal data you have provided to the Data Controller, i.e., receive it in a structured, commonly used, machine-readable format and transmit it to another data controller without hindrance;
  • Object at any time to the processing of your data and, specifically, to decisions made about you based solely on automated data processing, including profiling.
  • Lodge a complaint with the Data Protection Authority pursuant to Article 77 of the European Regulation 2016/679 if you believe that processing of your data violates the provisions of the Regulation itself.

The data subject can exercise their rights regarding privacy and data protection by requesting the appropriate form from TECNOBODY S.P.A., completing it, and sending it by registered mail to the address of the Data Controller or by email to privacy@tecnobody.it.

Best regards,
TECNOBODY S.P.A.