This site uses technical cookies and profiling third party cookies to offer a better user experience; third party cookies require your consent. By continuing to browse the site, clicking or tapping the screen, scrolling the web page or closing this banner, you are agreeing to our use of cookies. For further information or opt out options.
IMA is loading

Email signature

The information contained in this e-mail and its attachments are to be considered strictly confidential. If you received this message without being the recipient, we kindly ask you to inform us via e-mail and to destroy it by deleting this message from your system. It is a behavior contrary to the GDPR principles retaining this message, divulging it even if partially, distributing it to other subjects, copying or using it for different purposes. We also bring to your attention that this message, as well as any reply and/or other messages sent to the sender will be considered as a working activity and – as such – may be known by other subjects belonging to the organization to which the sender belongs.

We inform you that your personal data shall be process pursuant to the Regulation (UE) 2016/679 and specifically in accordance with the following information:

APPLICANT INFORMATION

PURSUANT TO ART. 13 – 14 OF THE REGULATION (EU) 2016/679

The IMA group companies are committed to protecting and respecting your privacy. This information, pursuant to Art. 13 of the EU Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data (hereinafter “GDPR“), wants to provide you with all useful information regarding the processing of your personal data concerning, connected and/or instrumental to the job recruiting activities.

We therefore invite you to carefully read this information (hereinafter “Information“) as it contains important information on the protection of your personal data and on the security measures adopted by the IMA group companies to guarantee confidentiality in full compliance with the GDPR.  

  1. Data Controller.

The Data Controller, that is whoever determines the purposes and means of the processing of personal data, is the IMA group company with which you intend to establish an employment relationship (“Company” or “Data Controller”).

The updated list of the IMA Group companies is available at the following website: https://ima.it/it/il-gruppo-ima/societa-del-gruppo-ima/.

You can request all the details regarding the Data Controller identification data by sending an email to: privacy@ima.it.

The IMA Group companies have appointed a data protection officer (“DPO”) who can be contacted to obtain clarifications on the processing of your personal data.

In particular, the Italian companies of the IMA Group has appointed the following DPO:

Alberto Bertuzzo
Pirola Pennuto Zei & Associati
Via delle Lame 109
40122 Bologna (Italy)
Tel.:+39 051 526711
E-mail: dataprotectionit@ima.it

other European companies of the IMA Group has appointed the following DPO:

Christian Schwinge

schwinge GmbH

Am Kochenhof 12

70192 Stuttgart

GERMANY

Phone: +49 (0) 711 / 258560-0

E-mail: dataprotectioneu@ima.it

  1. Personal Data Processed.

The Data Controller will process the personal data collected before the establishment of the employment relationship, provided spontaneously by you as a candidate (“Candidate“), within the scope of the application or later communicated by you.

These personal data are those typically contained in a Curriculum Vitae (“CV” or “Curriculum”), consisting of identification data, academic and professional careers, specific skills and knowledge, as well as additional data that may be supplied by you during the application procedure (“Personal Data“).

Through your CV or later, the Company may also collect special categories of Personal Data as defined in art. 9 of the GDPR, such as:

– personal data revealing racial or ethnic origin;

– political opinions, religious or philosophical beliefs;

– trade union membership;

– data concerning health or data concerning a natural person’s sex life or sexual orientation

Any processing of such data will take place, pursuant to art. 9 of the GDPR, only with your explicit consent and in compliance with the current authorizations concerning the protection of personal data. In this regard, unless strictly necessary, we ask you not to provide this type of information; otherwise, if you decide to provide them, we ask you to express your specific consent in compliance with the current legislation on the protection of personal data. We remind you, in fact, that in the absence of your consent to the processing of special categories of Personal Data, if you communicate us this type of data, your application cannot be taken into consideration.

In order to avoid any processing of unnecessary data, we invite you to omit any information or data not strictly relevant to the selection in the Curriculum or in any further communications with us.

  1. Purposes of the processing and legal basis.

The collection and processing of Personal Data provided by you is carried out exclusively for the purpose of research, evaluation and selection of personnel in the interest of the Company for the purpose of establishing an employment relationship.

The processing of your Personal Data for the aforementioned purposes has as its legal basis in Art. 6, par. 1, lett. b) of the GDPR, and specifically the legal basis is “the execution of pre-contractual measures adopted at the request of the interested party”.

The processing of special categories of personal data pursuant to art. 9 GDPR for the aforementioned purposes has, instead, as a legal basis the Art. 6, par. 1, lett. a) of the GDPR and so your free and informed consent to the processing.

  1. Nature of the provision of Personal Data.

The communication and the provision of your Personal Data are absolutely optional.

However, any refusal to provide Personal Data (or your willingness to request deletion) may determine the impossibility of the Company to establish or continue the selection or evaluation procedure of the candidacy.

  1. Means of data processing.

The processing by the Company of your Personal Data shall be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights, in accordance with the principles expressed by the GDPR.

Your Personal Data may be processed by paper-based or IT instruments and it shall include – in compliance with the limits and conditions laid down by the privacy legislation – all the operation or set of operations necessary for the processing at issue, including communication to subjects as per para. 6 below. The processing of Personal Data shall be carried out in compliance with confidentiality and security rules provided by European regulations, by law, and other national provisions.

For internal storage requirements, the Company reserves the right to destroy any paper copies of the CV provided by the data subject and to keep a copy in electronic format. Specific security measures are observed to prevent the loss of Personal Data, unlawful or incorrect use and unauthorized access to the same.

It is specified from now on that, if your application is accepted, your Personal Data will be processed for the entire duration of the employment relationship and also subsequently for the fulfillment of all legal obligations.

  1. Categories of personal data recipients.

The Company, for the purposes described in paragraph 3 above, could communicate your Personal Data to:

  • employees and collaborators of the Company itself, who shall act in their capacity as authorized data processing personnel and/or consultants appointed by the Data Controller who need to process the Personal Data for the performance of their duties;
  • other IMA Group companies;
  • third parties who carry out outsourcing activities on the behalf of the Data Controller, providing specific services as data processors pursuant to Art. 28 GDPR (“Data Processor”). For information on the names and other details of the Data Processors, you can contact the Data Controller to the following address: privacy@ima.it or by registered mail to the Company headquarters;
  • judicial or supervisory authorities, public administrations, public (national or foreign) bodies, in compliance with the provisions of the law and conforming to a previous formal request from such subjects.

The Personal Data collected by the Company shall not be disseminated, without prejudice to the communications provided by laws.

It is understood that, in the event of any extraordinary corporate transaction (e.g. sale or lease of a company, merger, etc.) concerning the Company, the Personal Data may be transferred or communicated to third parties purchasers/lessee or others, entitled by the Company.

  1. Personal Data Storage Period

The Personal Data provided by you will be stored in our archives for the time strictly necessary to achieve the purposes described above and may be used to contact you in order to possible future interviews, also in relation to open positions other than the one for which you presented your application. At the end of this period, your Personal Data will be permanently deleted.

The Company, in any case, will cease the processing of the Personal Data of those candidates who expressly request to do so in the manner indicated in paragraph 8 below.

The Company reserves the right to destroy the CVs or any document containing Personal Data of the Candidate in the event that it does not deem it is compliant with the purposes referred to in paragraph 3 above.

If your application is accepted, the Personal Data concerning you will be filed and processed by the Company pursuant to the employee information.

  1. Rights of the Data Subject

With reference to your Personal Data you can exercise, at any time, the rights pursuant to the GDPR as indicated below:

  • Right of Access pursuant to Art. 15: obtain confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the following information: thepurposes of the processing, the categories of Personal Data concerned, the recipients to whom the Personal Data have been or will be disclosed,  the envisaged period for which the Personal Data will be stored, the right to lodge a complaint with a supervisory authority, the existence of the right to request from the controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the data subject or to object to such processing and the existence of automated decision-making;
  • Right to Rectification pursuant to Art. 16: obtain from the controller, without undue delay, the rectification of inaccurate Personal Data concerning you and the right to have incomplete personal data competed;
  • Right to Erasure pursuant to Art. 17: obtain from the controller, without undue delay, the erasure of Personal Data concerning you;
  • Right to Restriction of Processing pursuant to Art. 18:‘restriction of processing’ means the marking of stored Personal Data with the aim of limiting their processing in the future. This will imply the responsibility on the part of the Company to suspend the processing of your Personal Data;
  • Right to Data Portability pursuant to Art. 20:in the event of automated processing carried out in execution of a contract or on the basis of the explicit consent, to receive your Data in a structured, commonly used and machine-readable format;
  • Right to Object pursuant to Art. 21: object to the processing of Personal Data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing;
  • Right to withdraw the consent: with reference to the processing of special categories of personal data pursuant to Art. 9 GDPR provided in accordance with the provisions of paragraph 2 of this information and only for the aforementioned purposes. Consent may be revoked at any time, without prejudice to the lawfulness of the processing based on the consent given by you before the revocation.

The Company, moreover, informs you that it is possible to lodge a complaint pursuant to Art. 77with the competent supervisory authority based on your residence, workplace or place of infringement of your rights.

You may exercise your above listed rights by means of a request to be sent by email to privacy@ima.it or by registered post to the Company Headquarters.

Requests relating to the exercise of your rights shall be processed without undue delay and in any event within 30 days from the receipt of the request.

Finally, we inform you that the Data Controller reserves the right to modify or update this information also in order to comply with new obligations imposed by laws or for technical reasons.

CLIENT INFORMATION

PURSUANT TO ART. 13 – 14 OF THE REGULATION (EU) 2016/679

We inform you, pursuant to Art. 13 -14 of the Regulation (EU) 2016/679 on the protection of personal data (“GDPR”) that your personal data could be processed according to the current legislative and contractual provisions.

In relation to the above, we inform you that:  

  1. Data Controller

The Data Controller, that is whoever determines the purposes and means of the processing of personal data, is the IMA Group company with which your company has a contractual relationship (hereinafter “Company” or “Data Controller”).

The updated list of the IMA Group companies is available at the following website: https://ima.it/it/il-gruppo-ima/societa-del-gruppo-ima/.

You can request all the details regarding the Data Controller identification data by sending an email to: privacy@ima.it.

The IMA Group companies have appointed a data protection officer (“DPO”) who can be contacted to obtain clarifications on the processing of your personal data.

In particular, the Italian companies of the IMA Group has appointed the following DPO:

Alberto Bertuzzo
Pirola Pennuto Zei & Associati
Via delle Lame 109
40122 Bologna (Italy)
Tel.:+39 051 526711
E-mail: dataprotectionit@ima.it

other European companies of the IMA Group has appointed the following DPO:

Christian Schwinge

schwinge GmbH

Am Kochenhof 12

70192 Stuttgart

GERMANY

Phone: +49 (0) 711 / 258560-0

E-mail: dataprotectioneu@ima.it

  1. Personal Data Processed

The Data Controller collects and processes “contact” personal data (name, surname, fiscal code, email address, telephone number, position and company) of the client employees with whom it have dealings(“Personal Data”).

Moreover, the Company could carry out checks on the solvency of its commercial counterpart through credit control and credit risk analysis and, during these activities, may gain knowledge of Personal Data relating to the members of the corporate bodies of the analysed Company.

Data update

At any time, you can verify that the Personal Data processed for the purposes as per this information are correct and, should they be changed, you can request the update of this data, by sending an email to privacy@ima.it or by registered post to the Company’s headquarters.

  1. Purposes of the processing and legal basis

The collection and the processing of your Personal Data are carried out for the following purposes:

  1. to perform the contractand to provide the client with the relative services requested;
  2. to verify the solvencyof the commercial counterparts;
  3. to fulfil any legal and/or regulatory obligations(e.g. invoicing and book-keeping);
  4. to protect the rightsof the Company or the IMA Group, both in court and out-of-court proceedings;
  5. to provide commercial information on products and/or services similar to those already purchased by the customer (c.d. soft spam);
  6. to carry out direct and indirect marketing activities and market research: these activities include:
    1. sending (via email, traditional mail, telephone, fax and/or SMS/MMS, push notifications) of newsletters and commercial communications relating to the products of the IMA Group companies (and their commercial partners);
    2. invitation to events and/or fairs;
    3. performing statistical analysis, surveys and market researches, including customer satisfaction activities.

The processing of your Personal Data for the purposes mentioned above has its legal basis on:

  • 6, para. 1 lett. b) of the GDPR – processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract – with regard to lett. a) above;
  • 6, para. 1 lett. c) of the GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject – with regard to lett. c) above ;
  • 6, para. 1 lett. f) of the GDPR – processing is necessary for the purposes of a legitimate interests pursued by the controller – with regard to lett. b), d), e) and f).

We hereby remind you that you can object to the processing at any time by contacting the Company as per in paragraph 8 below, except in the event that the Company demonstrates the existence of prevailing, compelling, legitimate grounds for the exercise or the defence of a right, pursuant to Art. 21 of GDPR.

  1. Means of data processing

The processing by the Company of your Personal Data shall be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights, in accordance with the principles expressed by the GDPR.

Your Personal Data may be processed by paper-based or IT instruments and it shall include – in compliance with the limits and conditions laid down by the privacy legislation – all the operation or set of operations necessary for the processing at issue, including communication to subjects as per para. 6 below. The processing of Personal Data shall be carried out in compliance with confidentiality and security rules provided by European regulations, by law, and other national provisions.

Processing of your Personal Data is achieved by means of the operations described in Art. 4 no. 2 GDPR, that are: collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, comparison, alignment, restriction, erasure or destruction.

The Company guarantees the logical and physical security of the Personal Data and, in general, the confidentiality of the Personal Data processed, implementing all the appropriate technical and organisational measures required to avoid the loss of Personal Data, the unlawful use or, in any event, the incorrect use of the same, and unauthorized access by third parties.

  1. Categories of personal data recipients.

The Company, for the purposes described in paragraph 3 above, could communicate your Personal Data to:

  • employees and collaborators of the Company itself, who shall act in their capacity as authorized data processing personnel and/or consultants appointed by the Data Controller who need to process the Personal Data for the performance of their duties;
  • third parties who carry out outsourcing activities on the behalf of the Data Controller, providing specific services as data processors pursuant to Art. 28 GDPR (“Data Processor”). For information on the names and other details of the Data Processors, you can contact the Data Controller to the following address: privacy@ima.it or by registered mail to the Company headquarters;
  • IMA Group companies;
  • banks for the management of collections and payments from the execution of the contract;
  • members of control bodies, such as the Board of Statutory Auditors, the Vigilance Body pursuant to Legislative Decree 231/2001, independent auditors and other internal or external auditors in charge of carrying out checks and inspections on behalf of the Company;
  • judicial or supervisory authorities, public administrations, public (national or foreign) bodies, in compliance with the provisions of the law and conforming to a previous formal request from such subjects.

The third parties as above to which the Company may communicate your Personal Data shall process them in their role as Data Processors, expressly appointed by the Company pursuant to Art. 28 of the GDPR or as autonomous data controller.

The Personal Data collected by the Company shall not be disseminated, without prejudice to the communications provided by laws.

It is understood that, in the event of any extraordinary corporate transaction (e.g. sale or lease of a company, merger, etc.) concerning the Company, the Personal Data may be transferred or communicated to third parties purchasers/lessee or others, entitled by the Company.

  1. Transfers of personal data to third countries or international organisations.

The complex IMA Group business structure necessarily entails the circulation of Personal Data outside of the European Union and the European Economic Area (“EEA”), which is defined in Art. 44 of GDPR as “transfers of personal data to third countries”.

In the event that your Personal Data are transferred to third countries, they shall be processed in compliance to the provisions of Articles 45 et seq. of GDPR.

For more information on the transfer of your Personal Data, you can contact the Company to the following address: privacy@ima.itor by registered mail to the Company headquarters.

  1. Personal Data Storage Period

Your Personal Data shall be stored for the period of time strictly necessary for the purposes of the data processing indicated in para. 3 above and in particular:

  • for the purposes indicated in paragraph 3 lett.a), c) and d): the period of time necessary for the fulfilment of the contractual obligations and, in any event, for no longer than 10 years from the termination of the contractual relationship and, anyway, no later than the terms provided by the applicable laws;
  • for the purposes indicated in paragraph 3 lett. b): the period of time strictly necessary to carry out the aforementioned checks;
  • for the purposes indicated in paragraph 3 lett. e) and f) (soft spam, direct and indirect marketing and market research): 24 (twenty-four) months from the last contact with the Company, understood as, for example, the participation in an event organized by the Company, the use of a product or service supplied by the Company, the opening of a newsletter or until your objection to the processing or your request of erasure.
  1. Rights of the Data Subject

With reference to your Personal Data you can exercise, at any time, the rights pursuant to the GDPR as indicated below:

  • Right of Access pursuant to Art. 15: obtain confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the following information: thepurposes of the processing, the categories of Personal Data concerned, the recipients to whom the Personal Data have been or will be disclosed,  the envisaged period for which the Personal Data will be stored, the right to lodge a complaint with a supervisory authority, the existence of the right to request from the controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the data subject or to object to such processing and the existence of automated decision-making;
  • Right to Rectification pursuant to Art. 16: obtain from the controller, without undue delay, the rectification of inaccurate Personal Data concerning you and the right to have incomplete personal data competed;
  • Right to Erasure pursuant to Art. 17: obtain from the controller, without undue delay, the erasure of Personal Data concerning you;
  • Right to Restriction of Processing pursuant to Art. 18:‘restriction of processing’ means the marking of stored Personal Data with the aim of limiting their processing in the future. This will imply the responsibility on the part of the Company to suspend the processing of your Personal Data;
  • Right to Data Portability pursuant to Art. 20:in the event of automated processing carried out in execution of a contract or on the basis of the explicit consent, to receive your Data in a structured, commonly used and machine-readable format;
  • Right to Object pursuant to Art. 21: object to the processing of Personal Data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing;

The Company, moreover, informs you that it is possible to lodge a complaint pursuant to Art. 77with the competent supervisory authority based on your residence, workplace or place of infringement of your rights.

You may exercise your above listed rights by means of a request to be sent by email to privacy@ima.it or by registered post to the Company Headquarters.

Requests relating to the exercise of your rights shall be processed without undue delay and in any event within 30 days from the receipt of the request.

Finally, we inform you that the Data Controller reserves the right to modify or update this information also in order to comply with new obligations imposed by laws or for technical reasons.

SUPPLIERS INFORMATION

PURSUANT TO ART. 13-14 OF THE REGULATION (EU) 2016/679

We inform you, pursuant to Art. 13-14 of the Regulation (EU) 2016/679 on the protection of personal data (“GDPR”) that your personal data could be processed according to the current legislative and contractual provisions.

In relation to the above, we inform you that:

  1. Data Controller.

The Data Controller, that is whoever determines the purposes and means of the processing of personal data, is the IMA Group company with which your company has a contractual relationship (hereinafter “Company” or “Data Controller”).

The updated list of the IMA Group companies is available at the following website: https://ima.it/it/il-gruppo-ima/societa-del-gruppo-ima/.

You can request all the details regarding the Data Controller identification data by sending an email to: privacy@ima.it.

The IMA Group companies have appointed a data protection officer (“DPO”) who can be contacted to obtain clarifications on the processing of your personal data.

In particular, the Italian companies of the IMA Group has appointed the following DPO:

Alberto Bertuzzo
Pirola Pennuto Zei & Associati
Via delle Lame 109
40122 Bologna (Italy)
Tel.:+39 051 526711
E-mail: dataprotectionit@ima.it

other European companies of the IMA Group has appointed the following DPO:

Christian Schwinge

schwinge GmbH

Am Kochenhof 12

70192 Stuttgart

GERMANY

Phone: +49 (0) 711 / 258560-0

E-mail: dataprotectioneu@ima.it.

  1. Personal Data Processed.

For purposes described in paragraph 3 below, the Company collects and processes “contact” personal data (name, surname, email address, telephone number, position and company) of the Contact Personnel within its suppliers (“Personal Data”).

Moreover, during the qualification procedures of its suppliers, the Company may gain knowledge of identification Personal Data and data related to the position covered by the Contact Personnel within the supplier for purposes connected to the operational management of the commercial relationship.

Data update

At any time, you can verify that the Personal Data processed for the purposes as per this information are correct and, should they be changed, you can request the update of this data, by sending an email to privacy@ima.it or by registered post to the Company’s headquarters.

  1. Purposes of the processing and legal basis.

The collection and the processing of your Personal Data is carried out without your consent.

Indeed, your Personal Data are processed pursuant to Art. 6 para. 1 letters b), c) and f) of the GDPR for the following purposes:

  1. the collection of information, supplier qualification procedures and pre-contractual negotiations;
  2. the performance of the contract;
  3. the organizational and commercial management of contracts entered into with you;
  4. the fulfilment of any legal and/or regulatory obligations in the civil, tax and accounting fields and other regulations, which may be applicable to the supply relationship;
  5. the protection of the rights of the Company or the IMA Group, both in court and out-of-court proceedings;
  6. audits to ensure compliance of the corporate management systems with standards as provided for by certifications acquired by the Company (i.g. UNI EN ISO);
  7. internal statistical analyses;
  8. to satisfy any request you may have;
  9. management and organizational purposes.

The processing of your personal data for the purposes mentioned above has its legal basis on:

  • 6, para. 1 lett. b) of the GDPR – processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract – with regard to lett. a), b) and c) above;
  • 6, para. 1 lett. c) of the GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject – with regard to lett. d) above ;
  • 6, para. 1 lett. f) of the GDPR – processing is necessary for the purposes of a legitimate interests pursued by the controller – with regard to lett. e), f), g), h) and i) above.

We hereby remind you that you can object to the processing at any time by contacting the Company as per in paragraph 8 below, except in the event that the Company demonstrates the existence of prevailing, compelling, legitimate grounds for the exercise or the defence of a right, pursuant to Art. 21 of GDPR.

  1. Nature of the provision of Personal Data.

In general, the provision of Personal Data and their processing is obligatory; indeed should you refuse to supply your data (or your desire to request their erasure), means that is impossible for the Company to enter into and proceed with the contractual relationships.

  1. Means of data processing.

The processing by the Company of your Personal Data shall be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights, in accordance with the principles expressed by the GDPR.

Your Personal Data may be processed by paper-based or IT instruments and it shall include – in compliance with the limits and conditions laid down by the privacy legislation – all the operation or set of operations necessary for the processing at issue, including communication to subjects as per para. 6 below. The processing of Personal Data shall be carried out in compliance with confidentiality and security rules provided by European regulations, by law, and other national provisions.

Processing of your Personal Data is achieved by means of the operations described in Art. 4 no. 2 GDPR, that are: collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, comparison, alignment, restriction, erasure or destruction.

The Company guarantees the logical and physical security of the Personal Data and, in general, the confidentiality of the Personal Data processed, implementing all the appropriate technical and organisational measures required to avoid the loss of Personal Data, the unlawful use or, in any event, the incorrect use of the same, and unauthorized access by third parties.

  1. Categories of personal data recipients.

Your Personal Data shall not be disclosed, but the Company could, for the purposes described in Art. 3 above, communicate them to:

  • employees and collaborators of the Data Controller, who shall act in their capacity as authorized data processing personnel; other IMA Group companies and/or consultants appointed by the Data Controller who need to process the Personal Data for the performance of their duties;
  • third parties who carry out outsourcing activities on the behalf of the data controller, providing specific services as data processors pursuant to Art. 28 GDPR (“Data Processor”). For information on the names and other details of the Data Processors, you can contact the Data Controller to the following address: privacy@ima.it or by mail to the Company headquarters;
  • banks for the management of collections and payments from the execution of the contract;
  • law firms, consulting companies or third companies for the defence of legal claims, for the protection of rights or for the recovery of credits;
  • members of control bodies, such as the Board of Statutory Auditors, the Vigilance Body pursuant to Legislative Decree 231/2001, independent auditors and other internal or external auditors in charge of carrying out checks and inspections on behalf of the Company;
  • judicial or supervisory authorities, public administrations, public (national or foreign) bodies, in compliance with the provisions of the law and conforming to a previous formal request from such subjects.

The third parties as above to which the Company shall communicate your Personal Data shall process them in their role as Data Processors, expressly appointed by the Company pursuant to Art. 28 of the GDPR or as autonomous data controller.

The Personal Data collected by the Company shall not be disseminated, without prejudice to the communications provided by laws.

It is understood that, in the event of any extraordinary corporate transaction (e.g. sale or lease of a company, merger, etc.) concerning the Company, the Personal Data may be transferred or communicated to third parties purchasers/lessee or others, entitled by the Company.

  1. Personal Data Storage Period.

Your Personal Data shall be stored for the period of time strictly necessary for the purposes of the data processing indicated in para. 3 above and, in any event, for no longer than 10 years from the termination of the contractual relationship and, anyway, no later than the terms established by law for the prescription of the rights.

With regard to the Personal Data processed for the purpose indicated in para. 3 lett f), the storage period is 2 years from the termination of the audits activities.

At the end of the aforementioned periods Personal Data shall be erased.

  1. Rights of the Data Subject.

With reference to your Personal Data you can exercise, at any time, the rights pursuant to the GDPR as indicated below:

  • Right of Access pursuant to Art. 15: obtain confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the following information: thepurposes of the processing, the categories of Personal Data concerned, the recipients to whom the Personal Data have been or will be disclosed,  the envisaged period for which the Personal Data will be stored, the right to lodge a complaint with a supervisory authority, the existence of the right to request from the controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the data subject or to object to such processing and the existence of automated decision-making;
  • Right to Rectification pursuant to Art. 16: obtain from the controller, without undue delay, the rectification of inaccurate Personal Data concerning you and the right to have incomplete personal data competed;
  • Right to Erasure pursuant to Art. 17: obtain from the controller, without undue delay, the erasure of Personal Data concerning you;
  • Right to Restriction of Processing pursuant to Art. 18:‘restriction of processing’ means the marking of stored Personal Data with the aim of limiting their processing in the future. This will imply the responsibility on the part of the Company to suspend the processing of your Personal Data;
  • Right to Data Portability pursuant to Art. 20:in the event of automated processing carried out in execution of a contract or on the basis of the explicit consent, to receive your Data in a structured, commonly used and machine-readable format;
  • Right to Object pursuant to Art. 21: object to the processing of Personal Data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing;

The Company, moreover, informs you that it is possible to lodge a complaint pursuant to Art. 77with the competent supervisory authority based on your residence, workplace or place of infringement of your rights.

You may exercise your above listed rights by means of a request to be sent by email to privacy@ima.it or by registered post to the Company Headquarters.

Requests relating to the exercise of your rights shall be processed without undue delay and in any event within 30 days from the receipt of the request.

Finally, we inform you that the Company reserves the right to modify or update this information also in order to comply with new obligations imposed by laws or for technical reasons.