The information contained in this email and its possible attachments is strictly confidential. If you have received this email by mistake, we ask you to inform us urgently and at the same time to delete it permanently from your system.
Retaining, disclosing, distributing or copying - even partially - an improperly received message constitutes a behavior contrary to what is indicated by the General Data Protection Regulation (GDPR 2016/679/EU) and the Legislative Decree n.101 of August 10, 2018. We inform you that the personal data contained in this email will be managed in compliance with the GDPR 2016/679/EU and the Legislative Decree n.101 of August 10, 2018.
For Italian, CLICK HERE
Aware of the importance of ensuring the security in the management of personal data (from now on Data), the Data Controller provides the following information to notify the Data Subject of the purposes, methods and, more generally, the characteristics of the management and processing of the Data. The Data Subject is any natural person, whether an employee, collaborator, candidate, customer or supplier, whose Data has been provided, collected and processed during the performance of the Data Controller's services and activities.
1. Reference Regulation
Legislative Decree 196/2003 of June 30, 2003 (from now on Privacy Code) and subsequent amendments; EU Regulation 2016/679 of April 27, 2016 (from now on GDPR) and subsequent amendments, relating to the protection of individuals and the processing of personal data (from now on Data)
2. Data Controller and Data Processor
The Data Controller, i.e. the
person who determines the purposes, methods and means of the processing
of Data, is TeaPak s.r.l. SB with headquarters in via Bicocca 15/L,
40026 Imola (BO), VAT number 02171691203, (from now on Company),
in the person of its legal representative.
Given the nature of the organization and the quality of the data processed, it was not mandatory to set up a Data Protection Officer (DPO), however, the Company has decided to make use of a supervisory body composed as follows:
3. Subject of processing: personal data
They are any information that allows
to directly or indirectly identify a natural person. By way of example
but not limited to: name and surname, tax code, email address, images,
telephone numbers, role held, company and navigation data such as IP
addresses, URLs, domain names of computers and terminals used.
Data are collected through spontaneous supply by the interested party, such as when applying for a job or establishing a working relationship or through social network platforms. In addition, the Company may become aware of Data relating to members of corporate bodies at the time of verification and qualification of possible or former clients and/or suppliers or through data from the navigation on its websites and social networks.
4. Purposes of the treatment
The Data are processed, even without the express consent of the Data Subject, for the following purposes:
5. Processing methods
The Data Controller undertakes to
implement appropriate technical and organizational measures to ensure
that processing is carried out following the GDPR, according to the
principles of lawfulness, correctness and transparency and within the
limits of confidentiality and security outlined in art. 5. As specified
in paragraph 2 of this policy, to which reference is made in the section
on the function of the Data Processors, the Company therefore undertakes
to put in place - primarily through these figures - all necessary
procedures, technical and organizational, for the proper processing of
The processing of the Data may take place through paper, computer, telematic instruments or any other support considered suitable and is carried out through the methods indicated in art.4 of the GDPR i.e. ,any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
6. Disclosure of Data
The primary purpose is not the disclosure of the Data; however, they may be shared, to carry out the purposes indicated in paragraph 4 of this policy, with:
Due to the nature of the Group to which the Company belongs, it is possible that Data may be shared with third countries, i.e. beyond the borders of the European Union. Also in this case, data processing will be carried out in compliance with the provisions of the GDPR.
7. Data retention period
As specified in art. 5 e) of the
GDPR, the Data are stored in paper and/or electronic form for a period
of time not exceeding the achievement of the purposes for which they are
processed; personal data may be stored for longer periods provided that
they are processed exclusively for archiving purposes in the public
interest, scientific or historical research or statistical purposes.
Once the period of time strictly necessary to carry out the purposes indicated in paragraph 4 of this policy has elapsed, the Data will be destroyed, canceled or made anonymous.
8. Rights of the interested party
The interested party may exercise its rights regarding personal data at any time. The GDPR recognizes the following in Articles 15 to 21. Briefly and within limits provided:
9. How to exercise your rights
The interested party may contact the Data Controller to exercise his/her rights, to request further information regarding the persons in charge, the delegates and the modalities of Data processing, to ensure that the Data in his/her possession are correct or to communicate their updating by:
10. Guarantor for the protection of personal data
In the usual spirit of transparency and respect, we provide the following useful links to gather more information on the protection of personal data: