Privacy - Teco S.r.l. | Travel mate for the environment, safety and health

THE PROTECTION OF PRIVACY, ONE OF OUR PRIORITIES

In Teco Srl we consider the protection of individuals, with regard to the processing of personal data, a fundamental right. We believe it is important to guarantee to all subjects whose personal data we collect and manage the widest respect for the rights to dignity and privacy. We also consider transparency essential, making available in a clear, concise and easily accessible form (as required by Article 12 of the GDPR) basic information on data processing.

1) GENERAL INFORMATION

We inform the interested parties (data subjects) of the following general profiles, valid for all areas of processing:

all personal data are processed in compliance with current applicable privacy regulations (EU Reg. 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018);
all the data are processed in a lawful, correct and transparent manner, in compliance with the general principles provided for by Article 5 of the GDPR;
specific security measures are observed to prevent data loss, illicit use, or incorrect use and unauthorized access, pursuant to Article 32 of the GDPR.

1.1) Data Controller, Data Protection Officer and contacts

The Data Controller is the undersigned Organization, in the person of the legal representative pro-tempore.
Teco Srl - Via F.lli Magni, 2 - 29017 Fiorenzuola d'Arda (PC)
Ph. +39 0523 983377 - FAX: +39.0523.942828 - E-MAIL:

Teco has appointed a Data Protection Officer, to whom you can contact for any information regarding privacy or to exercise the rights listed below (DPO Contacts: Dott. Gregorio Galli - Strada della Viggioletta, 8 – 29121 Piacenza; ph: 0523.1865049 – Email: )

Rights of the data subjects

right to request the presence and access to personal data concerning him (Art.15 "Right of access")
right to obtain the correction / integration of inaccurate or incomplete data (Art.16 "Right of rectification")
right to obtain, if there are justified reasons, the deletion of data (Art.17 "Right to cancellation")
right to obtain the limitation of processing (Art.18 "Right to limitation")
right to receive data concerning him in a structured format (Art.20 "Right to portability)
right to object to processing and automated decision-making processes, including profiling (Art.21, 22)
the right to revoke a consent previously given;
right to submit, in case of failure to reply, a complaint to the Data Protection Authority.

1.2) Information for specific processing areas

Below you can find specific information referring to the various areas of processing carried out by the company:

Information referring to the website, cookies and online services (Cap.2);
Information referring to the processing of data for administrative / commercial relationships (Cap.3);
Information referring to the processing of data in the context of the provision of services (Cap.4);
Information referring to the processing of data through video surveillance systems (Cap.5).

2) INFORMATION REFERRING TO THE WEBSITE, COOKIES AND ONLINE SERVICES

2.1) Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.

Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c)	These data are used for the sole purpose of obtaining statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in case of hypothetical computer crimes against the site (legitimate interests of the owner).
Scope of communication (GDPR-Art.13, paragraph 1, letter e, f)	The data may be processed exclusively by internal personnel, duly authorized and trained to process (GDPR-Art.29) or by any persons responsible for the maintenance of the web platform (appointed in this case external managers) and will not be disclosed to other subjects, disseminated or transferred to non-EU countries. Only in the event of an investigation may they be made available to the competent authorities.
Data retention period (GDPR-Art.13, paragraph 2, letter a)	The data are normally kept for short periods of time, with the exception of any extensions related to investigation activities.
Provision of personal data (GDPR-Art.13, paragraph 2, letter f)	The data are not provided by the interested party but automatically acquired by the technological systems of the site.

2.2) Cookies

This information is provided pursuant to Article 13 of EU Reg. 2016/679 "GDPR", as well as current specific regulations on cookies:

"Cookie guidelines and other tracking tools" of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021);
Guidelines 5/2020 on consent under Regulation (EU) 2016/679, adopted by the European Data Protection Board.

What are cookies: Cookies are short fragments of text (letters and / or numbers) that allow the web server to store information on the client (the browser) to be reused during the same visit to the site (session cookies) or later, even after days (persistent cookies). Cookies are stored, according to user preferences, by the individual browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as, for example, web beacons, transparent GIFs and all forms of local storage introduced with HTML5, can be used to collect information on user behavior and use of services. In the remainder of this policy we will refer to cookies and all similar technologies simply using the term "cookies".

Possible types of cookies

In relation to the provision "Cookie guidelines and other tracking tools" of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021) and in the Register of measures 231 of 10 June 2021, the categories of cookies used, the purposes and the coding criteria are classified below.

CATEGORY	PURPOSE	ENCODING CRITERIA
Navigation, session and functionality technicians	Ensure normal navigation and use of the site	They are codified as technical because they are used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contractor or user to provide that service".
Analytical (comparable to technicians)	Collect information about the number of visitors and pages viewed	FIRST-PARTY COOKIES They are coded as comparable to technical cookies, since they are used only to produce aggregate statistics in relation to the individual site (also possibly with IP in clear, in compliance with the purpose constraint) THIRD-PARTY COOKIES They are coded as comparable to technical cookies, since they are used with IP address masking, without combination with other processing and without transmission to other third parties

Insights on the types and methods of managing preferences
Through the main navigation browsers, by clicking on the appropriate icons, it is possible to obtain an analytical classification of the cookies used by the site, complete with: cookie name, contents, domain, sending mode, persistence.

Through the main browsers it is also possible to:

block by default the receipt of all (or some) types of cookies
remove all or some of the cookies installed

For information on setting individual browsers see the following paragraph. Please note that blocking or deleting cookies could compromise the navigability of the site. The site may contain links to third-party sites and third-party cookies; For more information, please view the privacy policy of any linked sites.

Management of preferences through the main browsers
The user can decide whether or not to accept cookies using the settings of his browser (note that, by default, almost all web browsers are set to automatically accept cookies). The setting can be changed and defined specifically for different websites and web applications. In addition, the best browsers allow you to define different settings for "proprietary" cookies and for those of "third parties". Usually, the configuration of cookies is carried out from the "Preferences", "Tools" or "Options" menu.

Below are the links to the guides for managing cookies of the main browsers:

Internet Explorer: http://support.microsoft.com/kb/278835
Internet Explorer [mobile]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
Safari [mobile]: http://support.apple.com/kb/HT1677
Firefox: http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
Android: https://support.google.com/accounts/answer/61416?hl=it&co=GENIE.Platform%3DAndroid
Opera: http://help.opera.com/opera/Windows/1781/it/controlPages.html#manageCookies

Further information

www.allaboutcookies.org (for more information on cookies technologies and how they work)
www.youronlinechoices.com/uk/about-behavioural-advertising (allows users to oppose the installation of the main profiling cookies)
www.garanteprivacy.it/cookie (collection of the main regulatory interventions on the subject by the Italian Guarantor Authority)

2.3) Work with us (https://www.tecoservizi.it/lavora-con-noi.html)

The page allows the interested party to apply for a job at Teco. The identification data and contact details of the applicant are requested, as well as the curriculum vitae of the candidate.

Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c)	The data are acquired for the correct management of personnel selection procedures and evaluation of applications, as well as for the consequent responses. The sending of the application is subject to specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a), expressed by blocking check-box on the reference page. At the time of possible recruitment, the candidate will receive regular information related to the professional relationship established.
Scope of communication (GDPR-Art.13, paragraph 1, letter e, f)	The data may be processed exclusively by internal personnel, duly authorized and trained to process (GDPR-Art.29) or by any subjects preparatory to the selection activities (appointed in this case external managers) and will not be disclosed to other subjects, disseminated or transferred to non-EU countries.
Data retention period (GDPR-Art.13, paragraph 2, letter a)	The data are kept for times compatible with the purpose of the collection (normally for a period of 2 years from receipt of the application).
Bestowal (GDPR-Art.13, paragraph 2, letter f)	The provision of data is mandatory to submit your application.

2.4) Contacts (https://www.tecoservizi.it/contacts.html)

The webpage allows the interested party to request information. Identification and contact details are requested.

Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c)	Identification and contact data are requested in order to be able to respond to contact/information requests from interested parties. Subject to specific, free and informed consent (GDPR-Art.6, para.1, lett.a), documented by means of a specific check-box (GDPR-Art.7, para.1), it is possible to send communications on future commercial and promotional initiatives.
Scope of communication (GDPR-Art.13, paragraph 1, letter e, f)	The data provided are processed exclusively by duly authorised and trained personnel (GDPR-Art.29). The data may be accessed, for site maintenance purposes only, by the company providing the technological platform and its appointees. The data will not be disseminated or transferred to non-EU countries.
Data retention period (GDPR-Art.13, paragraph 2, letter a)	The data are stored in terms compatible with the purpose of the collection.
Bestowal (GDPR-Art.13, paragraph 2, letter f)	The provision of data in the compulsory fields is necessary in order to be able to obtain a reply, while the optional fields are intended to provide the staff with additional information to facilitate contact.

The optional, explicit and voluntary sending of electronic and/or ordinary mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, which is necessary in order to reply to requests, as well as any other personal data included in the sender's message (which are therefore deemed to have been lawfully acquired and used).

2.5) Course enrolment (https://www.tecoservizi.it/corsi.html)

Through the pages of this section it is possible to register for Teco courses. Personal data and contact details are requested.

Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c)	The data necessary for the enrolment practices and correct delivery of the course are requested. Registration is subject to the acceptance of specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a), documented through a specific check-box (GDPR-Art.7, paragraph 1). On the occasion of the courses, photo / video footage may be made for information/promotional purposes. This processing is subject to the acceptance of further specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a), documented through a specific check-box (GDPR-Art.7, paragraph 1). The contact details may be used to send informational/promotional communications concerning Teco activities and course topics.
Scope of communication (GDPR-Art.13, paragraph 1, letter e, f)	Registration data are processed exclusively by personnel duly authorized and trained to process (GDPR-Art.29). The data may be accessed, only for site maintenance purposes, by the company that provides the technological platform and its representatives. The data will not be disseminated or transferred to non-EU countries. The photo / video contents, to be considered provided completely free of charge, may be disseminated on paper or digital channels, such as websites and social channels.
Data retention period (GDPR-Art.13, paragraph 2, letter a)	The data are stored in terms compatible with the purpose of the collection.
Bestowal (GDPR-Art.13, paragraph 2, letter f)	Failure to provide registration data will make it impossible to enroll in the course. In case of lack of consent to photo / video, the company will take appropriate measures to avoid the filming of the interested party.

3) INFORMATION REFERRING TO THE PROCESSING OF DATA FOR ADMINISTRATIVE/COMMERCIAL RELATIONSHIPS

3.1) Object of the processing

Teco may process personal identification data of customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and their operational contacts (name, surname and contact details) acquired and used in the context of administrative / commercial management.

3.2) Purpose and legal basis of the processing

The data are processed for:

conclude contractual/professional relationships;
fulfill pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications related to them;
fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; ordinary internal operational, managerial and accounting needs).

Failure to provide the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases of lawfulness of the processing. If it is intended to carry out treatments for different purposes, a specific consent will be requested from the interested parties.

3.3) Processing methods and storage time

The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations (generally coinciding with the obligations of keeping administrative documentation).

3.4) Scope of processing

The data are processed by internal subjects regularly authorized and instructed pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects operating as Data Processors or Independent Data Controllers (consultants, technicians, banks, transporters, etc.).

We inform you that the data may be transferred outside the EU only in compliance with the conditions set out in Chapter V of the GDPR, aimed at ensuring that the level of protection of the interested parties is not compromised ("Art.45 Transfer on the basis of an adequacy decision, Art.46 Transfer subject to adequate guarantees, Art.47 Binding corporate rules, Art.49 Specific derogations").

4) INFORMATION REFERRING TO DATA PROCESSING AS PART OF THE PROVISION OF SERVICES

4.1) Object of the processing

With reference to the activities/services that can be provided by Teco overall, qualified information such as common information (name, personal data, contacts, etc.) and data belonging to the particular categories (previously defined as "sensitive") provided for by Article 9 of the GDPR may be acquired and processed, with reference mainly to data suitable for revealing a state of health (normally referring to the staff of client organizations). This information is valid with reference to the processing for which Teco is the Data Controller, as well as for those with respect to which it is appointed as an external Data Processor by another Data Controller (integrating the original information of the Data Controller in relation to the specific processing carried out by Teco).

Teco guarantees the same protection and confidentiality protections observed for the processing of personal data, for any technical / commercial information of customers (eg: reports, measurements, etc.).

4.2) Purpose of the processing

The data are processed for purposes strictly related to the correct execution of the services provided:

services related to occupational medicine and health surveillance at the workplace
Services related to laboratory analysis
Home care services for private individuals
services for the digital provision of reports and/or areas reserved for users
consultancy services regarding safety obligations in the workplace (D.Lgs.81/08)
technical consultancy services (industrial hygiene surveys, environmental surveys, earthing checks, food analysis, EC appraisals, pollution appraisals, management systems and organizational models, etc.)
training services.

The legal basis of the processing is to implement the contractual obligations signed with customers and related regulatory obligations.

4.3) Processing methods and storage time

The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing (also through the use of technological / digital tools, also accessible via the web, equipped with adequate security requirements, eg: SSL certificates).

With reference to health surveillance data and medical services, pursuant to Art. 25, paragraph 1, letter c) of Legislative Decree 81/08 and subsequent amendments, the competent doctor establishes, updates and keeps, under his own responsibility, a health and risk record for each worker subjected to health surveillance; This record shall be kept in accordance with the obligation of professional secrecy and, except for the time strictly necessary for the health surveillance and the transcription of the results thereof, at the place of custody agreed at the time of appointment of the competent doctor. At the end of the working period, Legislative Decree 81/08 assigns to the competent doctor the burden of delivering to the worker a copy of the health and risk record and providing the necessary information relating to the conservation of the same. The original of the health and risk record must be kept at the employer's facilities for at least ten years, except in special cases (where there is a possibility of damage deriving from exposure to particular risks, the employer must keep the folder for 40 years (ex. Art. 243 D.Lgs. 81/08).

The personal data that the competent doctor is required to transmit to the employer and the worker in writing (also by sharing dedicated portals with protected and confidential access) are represented by the judgment of suitability according to the model provided by law, in which the personal details of the worker appear, the occupational risk factors to which he is exposed, evidenced by the risk assessment document and suitability with any requirements or limitations of work duties.

With regard to the data processed in the context of technical consultancy services, they will be kept for times compatible with the purpose of the collection and related contractual / legal obligations.

4.4) Scope of processing

The following categories of subjects may access personal data:

natural persons authorized and instructed to process, pursuant to Article 29 of the GDPR, due to the performance of their work duties at Teco;
suppliers of support services (laboratories, other affiliated structures, consultants, credit institutions, certification bodies, consultants, etc.), closely related and functional to Teco's activity; analysis laboratories duly appointed as authorized / external data processors;
various sub-processors whose responsibilities are defined by specific clauses (e.g. technical consultants, health consultants, RSPP, etc.);
legal advisors for the management of any disputes for third party liability, including that for professional health liability.

Any transfer of data to non-EU countries can only take place according to one of the methods permitted by current law (GDPR, Chapter V), such as the consent of the interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects belonging to countries considered adequate or adhering to international programs for the secure circulation of data.

5) INFORMATION REFERRING TO DATA PROCESSING THROUGH VIDEO SURVEILLANCE SYSTEMS

We inform you that video surveillance systems may be in operation at the company offices (duly marked by special signs "VIDEO SURVEILLANCE AREA").

The processing of personal data through video surveillance systems takes place in compliance with current privacy regulations (EU Reg. 2016/679 "GDPR"; Legislative Decree 196/2003, as amended and supplemented by Legislative Decree 101/2018; General Provisions of the Guarantor Authority for the protection of personal data, expressly recognized by Article 22, paragraph 4 of Legislative Decree 101/2018).

The system is installed for SECURITY purposes and the use of cameras is aimed at protecting property, people and property against possible intrusions, fires, thefts, robberies or acts of vandalism and the possible defense of the rights of the Data Controller in court (acquisition of evidence);

The images detected may be recorded and kept for the period of time strictly necessary to achieve the purpose indicated above, and in any case for a time not exceeding the terms established by law (never exceeding 7 days), except for the longer term necessary to fulfill specific requests of the judicial authority or judicial police in relation to ongoing investigative activities; at the end of the retention period, the recorded images are deleted from the relative electronic, computer or magnetic media.

The images can only be processed by formally authorized and instructed personnel or by external companies that, as data processors, collaborate in the maintenance of the plants and in the surveillance activities; are in no way communicated or disseminated outside the structure of the owner, without prejudice to the execution of any orders of the judicial authority or judicial police or, in case of offenses, the use in any judicial seats;

The images will be processed with tools and methods suitable to guarantee an adequate level of security and confidentiality, with particular reference to the measures indicated by Article 32 of the GDPR and General Provision of 08/04/2010;

Any filming of workers and use of videotaped images takes place in compliance with current labor law regulations (Art. 4 L.300/70 "Workers' Statute", as amended by Art. 23 of Legislative Decree 151/2015 "last implementing decree Jobs Act").

6) POLICY UPDATE

It should be noted that the aforementioned policies may be subject to periodic review, also in relation to the relevant legislation and jurisprudence, as well as significant organizational/operational changes of Teco. In case of significant changes, appropriate evidence will be given for a reasonable time on the home page of the site. In any case, the interested party is invited to periodically consult this policy.