Privacy Policy

Comet Elettromeccanica srl in the person of the legal representative Vincenzo Chinelli with registered office in Ciampino – via Enzo Ferrari 42, as the Data Controller of personal data processing (hereinafter also “Data Controller”), informs you in accordance with Article 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”) and the national harmonization legislation in force, that your data will be processed in the following manner and for the following purposes:

Object of Processing

The Data Controller processes personal, identifying (e.g., first name, last name, address, telephone, e- mail,), special (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, sexual life or sexual orientation of the person) health-related and judicial data you have communicated, functional to fulfill the obligations related to the working relationship between the parties.

Purposes of processing.

Your personal data are processed:
A) With your express consent (ex art. 7 GDPR) to fulfill the obligations related to the working relationship between the parties.
B) Again with Your specific and separate consent (ex art. 7 GDPR), for the communication of Your personal data (with the exclusion of health, special and judicial data) to third parties (e.g. Supplementary Funds, Insurance Companies, etc.), in order to enable them to make contact with You, for their respective statutory purposes.

Method of processing

The processing of your personal data is carried out by means of the operations indicated in Art. 4 No. 2) GDPR and specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

Your personal data are subject to both paper and electronic and/or automated processing.
The Data Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 10 years after the termination of the employment relationship, including for legal obligations.

Access to data

Your data may be made accessible for the purposes points A) and B):
to employees of the company, in their capacity as internal managers or sub-processors and/or system administrators and/or other types of authorized persons, in the performance of specific tasks that legitimize access

Communication of data

Without the need for express consent (ex art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data to judicial authorities, as well as to those subjects for whom communication is made obligatory by law or by contract. These subjects will process the data in their capacity as autonomous data controllers.

Your data may also be communicated to consultants outside the company, who will be appropriately designated external data processors.
Your data will not be disseminated.

Data transfer

Your personal data are stored in servers or PCs not connected to the Internet at the Ciampino offices. The Data Controller ensures that the system meets the adequacy standards set forth in GDPR 2016/679. The Data Controller ensures that the transfer of data to non-EU countries will take place in accordance with the applicable legal provisions, subject to the stipulation of standard contractual clauses provided by the European Commission.

Nature of data provision and consequences of refusal to respond

The provision of data for the purposes referred to in point A) is mandatory. In their absence, we will not be able to follow up the working relationship.
On the other hand, the provision of data for the purposes under B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided.

Rights of the data subject

In your capacity as a data subject, you have the rights set forth in Art. 15 GDPR, namely the rights to: obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
– obtain the indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and designated representative under Art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, managers or agents; – obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;

• oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending information material or for carrying out market research or institutional communication. This is without prejudice to the possibility for the data subject to exercise the right to object, even partially. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.

Where applicable, you also have the rights under Articles 16-21 GDPR:

• right to rectification – you have the right to obtain from the data controller therectification of inaccurate personal data concerning you;
• right to be forgotten – you have the right to have your data deleted in the following cases (Art. 17 c. 1 GDPR):

a. the data are no longer necessary in relation to the purposes for which they were collected, so processing must be limited to the other purposes (e.g., accounting, archiving or legal storage);
b. you wish to withdraw consent to the processing of personal data, for one or more specific purposes, or in relation to the processing of special categories of data and provided that there is no other legal basis/obligation that legitimizes the processing;
c. the right to object to processing has been exercised and there is no overriding legitimate ground for processing, or there is an objection to processing for direct marketing purposes, including profiling;
d. personal data have been processed unlawfully;
e. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
Please note that the right to erasure does not apply if the processing subject to erasure is necessary (Art. 17 c. 3 GDPR) for:
a. the exercise of the right to freedom of expression and information;
b. the performance of a legal obligation requiring the processing provided for by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
c. reasons of public interest in the field of public health;
d. archiving purposes in the public interest, scientific or historical research or for statistical purposes;
e. the establishment, exercise or defense of a right in court;
right to limitation of processing – You have the right to have the use of the data, and thus the processing, limited to what is necessary for the purposes of storage. a. where you contest the accuracy of the personal data, for the period necessary for the data controller to verify their accuracy; b. where, in the presence of unlawful processing, you object to the deletion of the personal data, requesting that instead of deletion, the restriction of their use be ordered; c. if the data controller no longer needs or intends to keep the data, but there is a need to keep them because they are “necessary for the data subject to ascertain, exercise or defend a right in a court of law”; d. if you object to the processing, pending the necessary verifications to determine whether the data controller’s legitimate reasons or the data subject’s rights prevail;

Right to data portability – upon your specific request, in this sense, you have the right to obtain from the data controller the personal data subject to electronic/informatics processing provided to the same and to transmit it to another data controller. Such data will be provided to you, again upon request, in the format deemed most convenient and appropriate to allow you the smoothest use of the same;

Right to object – you have the right to object to the processing of personal data concerning you under Article 6(1)(e) or (f) on grounds relating to your particular situation, including profiling. The data controller will refrain from further processing personal data unless there are compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. You also have the right to object at any time if personal data are processed for direct marketing purposes, including profiling insofar as it is related to such direct marketing. You have the right to object to automated processing carried out according to certain and specific techniques. Should your personal data be processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), you may object to the processing, on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out in the public interest;

as well as the right to lodge a complaint with the Data Protection Authority – Without prejudice to any other action in administrative or judicial proceedings, you may lodge a complaint with the competent national supervisory authority (Data Protection Authority). In the event that you reside in another EU Member State or the breach of privacy legislation occurs in another EU Member State, the competence in relation to the complaint will be of the Supervisory Authority of that country.