European General Data Protection Regulation (GDPR)

The European General Data Protection Regulation (GDPR) repeals European Directive 95/46/EC. The regulation aims to provide a modern, uniform and solid framework for the protection of data in Europe based on the principle of accountability. The new provisions have had an impact in organisational, operational and technological terms, and likewise establish a more severe penalty system compared to the previous regulation.


The greatest change in the normative panorama of data protection concerns the extent of the jurisdiction of the GDPR, since the latter applies to the processing of personal data performed within the scope of the activities of an organisation by a data controller or of a data processor within the Union, regardless of whether the processing is performed or not within the Union. Furthermore, the Regulation applies to the processing of personal data of data subjects that are in the Union, performed by a data controller or data processor that is not established in the territory of the Union, when the processing activities regard: the offer of goods or provision of services to the aforesaid data subjects of the Union, regardless of the payment obligation of the data subjects, or the monitoring of their behavior in the measure in which such behavior takes place within the Union.  
The Regulation likewise applies to the processing of personal data by a data controller that is not established in the Union, but in a locality subject to the laws of a member State by virtue of public international law. 

 

The GDPR requires all business companies to implement adequate technical and organisational measures to fulfil the principles on data protection and protect the rights of individuals: this concerns the so-called “Data Protection by Design and by Default.”

Data Protection by Design guarantees that the company takes into consideration the problems related to confidentiality and protection of data during the design phase of any system, service, product or process and therefore during its own life cycle.  
Data Protection by Default requires CLIVET SPA to guarantee that the Company processes only the data necessary for the attainment of a specific objective and for a period of time not longer than that needed for the purpose for which the data was gathered and subsequently processed. 


CLIVET SPA has adopted a Management Model for the Protection of Personal Data pursuant to the GDPR, taking into consideration also the provisions of L. Decree 196/2003, as amended by L. Decree 101/2018, defining norms and procedures that are binding for the Company and the single employees. CLIVET SPA regularly reviews and updates wherever necessary, its own Policy on Data Protection and Security of information and defines developmental directives that translate into an implementation of the updates. In the various documents present in the “Privacy” section, CLIVET SPA furnishes in conformity with Art. 13 of the GDPR, all the information required by the norm, and which differ according to the purposes for which the Personal Data of the Data Subjects are processed. For any further clarification regarding the paragraphs discussed in the Circular Letters, clients are invited to contact our reference person in this matter, at the e-mail address: privacy@clivet.com

PRIVACY

CIRCULAR LETTER ON PERSONAL DATA PROCESSING PURSUANT TO ART. 13 GDPR 2016/679

Dear Mme /Dear Sir,
We wish to inform you that European Regulation No. 2016/679 (“GDPR”) states that the entity processing personal data should inform the data subject (i.e., the subject to whom the data refers) about the qualifying elements of the processing, which should be performed correctly, lawfully and transparently, thus protecting the confidentiality and rights of the data subjects themselves. In compliance with Art. 13 of said Regulation we are hereby communicating to you the following information: 

 

Main processing principles

The processing of your personal data (hereinafter referred to as “data”) shall be performed through collection, registration, organization, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, block, communication, cancellation and destruction, by the assigned data processors and those entrusted with data processing. 
The data will be processed in a lawful, correct and transparent manner; it will be gathered for determined, explicit and legitimate purposes and processed in a way that is not incompatible with such purposes, and will be adequate, pertinent, limited to what is needed with respect to the purposes for which it is processed, extracted and updated; the data will be processed with utmost privacy, mainly with electronic and IT instruments and memorised on both IT and paper supports, and also on other types of suitable supports, in conformity with the principles of the EU Regulation on matters of personal data protection, prescriptions imposed by the Supervisory Authority, and however in such a way as to guarantee adequate security, including protection, with suitable technical and organisational measures against unauthorised or unlawful processing or also the accidental loss of such. The data will be kept in a form that allows the identification of the data subject for the time necessary to fulfil the purposes for which they were processed.

 

1. Data Controller
The Data Controller is Clivet SpA registered in Via Camp Lonc 25, Z.I. Villapaiera, Feltre (BL), VAT CODE: 00708410253.
For the purpose of exercising the rights provided by the Regulation and for any other request relating to your personal data, you may address the Data Controller, with a notice sent to the e-mail: privacy@clivet.it

 

2. Identity and contact data of the Data Protection Officer (DPO)
Clivet SpA has appointed as its DPO, Atty. Susanna Greggio, with Law Firm in Vicenza, Contrà Porti 21, e-mail: dpo@clivet.it, tel. 0444.547317


3. Processing methods
The data gathered is processed exclusively by authorised persons, using automated and non-automated instruments, with methods suitable to guarantee the security and privacy of the data and for the time necessary to fulfill the objectives for which it was gathered. The submission of data for the purposes cited in point 4 is optional. The eventual refusal to submit, all or part of your personal data or your consent to processing would imply the impossibility for Clivet SpA to supply the services indicated under the “Objectives” clause.


4. Purpose and lawful basis of the processing
The lawful basis for the processing provided by this circular is that cited in Art 6, lett. a) of the European Regulation: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes.”
The preordained purposes of the processing are:

 
a) Clivet University Section:
The personal data you furnish is processed by Clivet SpA in the measure in which it is needed to allow your participation in the “Clivet University” formative services organised by the Company and to handle the activities implied in the organization of the event. 
The data gathered in such scope may likewise be used to send informative and promotional material and/or commercial announcements regarding new products or updates and novelties on Clivet products through the dispatch of newsletters.

b) Newsletter Section: 
The data is gathered and processed for the dispatch of informative and promotional material and/or commercial announcements regarding new products or updates and novelties on existing products through the dispatch of newsletters.

c) Creation of a personal account on the site www.clivet.com
The data gathered through the online form in the section “create an account” is gathered for the purpose of allowing the user access to documents or information related to a specific service or product of Clivet SpA.
The data gathered in such scope may likewise be used for the dispatch of informative and promotional material and/or commercial announcements regarding new products and updates and novelties on Clivet products through the dispatch of newsletters.


5. Categories of personal data processed
In the scope of the different objectives referred to earlier, the data categories to be processed are listed below:
a) Clivet University: name, surname, country, telephone and e-mail address; 
b) Newsletter: name, surname, country, telephone and e-mail, name of the company you are part of;
c) Creation of an account on the site www.clivet.com: name, surname, country, telephone and e-mail address; corporate information (name of company you belong to) and user address (street, zip, town and country). 

 

6. Possible recipients or categories of recipients of the personal data
The personal data which Clivet SpA will come to acquire are not subject to diffusion. The same may be object of communication within the Company and be disclosed to the authorized persons and data processors assigned by Clivet SpA. 
In relation to the Newsletter service, the data may be disclosed also to the:
a) Companies of the Midea group;

In relation to participation in the Clivet University courses the data may be disclosed to:

a) Category associations 
b) Area agencies, distributors 
c) Professional orders
d) Service providers for food, lodging, transport 

In relation to the gathering of data through the “create an account” form on the site www.clivet.com, the data can be likewise communicated to:
a) Area agencies

7. Transfer of personal data to third countries
The Company may transfer your personal data to companies belonging to the Midea Group, as also to the Parent Company located in China, ensuring an adequate level of personal data protection and therefore on the basis of and in conformity with the provisions of Articles 45, 46, 47 and 49 GDPR, in particular through data protection clauses.

 

8. Personal data retention period

Clivet University: the personal data furnished will be retained for the entire duration of the chosen course and however up to the end of the essential procedures. 
In the event the data subject has consented to the sending of informative and promotional material and/or commercial announcements regarding new products or updates, the personal data shall be retained until the data subject’s express withdrawal of consent to the processing. The company will provide for the request for renewal of the consent every 5 years. 

Newsletter:  The data is gathered and processed for the dispatch of informative and promotional material and/or commercial announcements regarding new products or updates and novelties on existing products through the dispatch of newsletters. 

Creation of a personal account on the site www.clivet.com: the personal data furnished in the registration phase shall be retained until the data subject requests cancellation of the account. If the data subject consents to the dispatch of informative or promotional material and/or commercial announcements regarding new products or updates, the personal data will be retained until the data subject’s withdrawal of consent to processing. The Company will request renewal of consent every 5 years.  
In every case, the data shall be retained for the time necessary to achieve the purposes for which it is processed and/or however in conformity with the provisions of the law in force in civil, fiscal and administrative matters regarding data retention.

A longer retention period for the personal data may possibly be determined by requests from the Public Administration or other judicial, governmental or regulatory Bodies or by the participation of this Company in court proceedings that involve the processing of the personal data you have furnished.

 

9. Recognized rights of the data subject
The data subject is entitled to obtain from the Data Controller access to his or her personal data. In particular, the data subject has the right to obtain: a) indication of the origin of his or her personal data, objectives and processing 
methods, and the logic applied in cases where the processing is performed with the use of electronic instruments; b) the update or rectification; c) erasure or limitation of the processing of his or her personal data (transformation into anonymous form, blocking of data processed in breach of laws, including those for which storage is not necessary in relation to the scopes for which the data was gathered or subsequently processed); d) portability of data processed in a structured manner.
The data subject has however the right to withdraw the consent given for the processing of personal data. In any case, the withdrawal of consent to the processing does not jeopardise the lawfulness of the processing based on the consent given before its withdrawal. 
The data subject residing in Italy has the right to lodge a complaint with the Supervisory Authorities, represented in Italy by the Data Protection Authority with headquarters in Rome, Piazza Monte Citorio, 121. The data subject residing abroad may lodge complaints with the designated Supervisory Authorities in the country of residence.  
In any case, we wish to inform you that pursuant to Art. 21 of the European Regulation 2016/679, should the data be processed for direct marketing objectives (dispatch of newsletters), you are entitled to oppose any time the processing of your data for such purposes.


        
10. Existence of an automated decision-making process
The processing referred to in this Circular is not subjected by Clivet SpA to automated decision-making procedures.