INFORMATION FOR THE PROCESSING OF PERSONAL DATA
The data controller processes personal data such as name, surname, company name, address, telephone number, e-mail address, bank and payment details, tax references, – Uniform Resource Identifier. Hereinafter, “personal data” or even “data” communicated upon the conclusion of contracts for the services of the owner or direct contact with the owner’s employees or participation in organized events from the same or in which he participated in public form, or subscription to newsletters or information bulletins.
In addition, personal data related to education and work (curriculum vitae and work, educational qualifications, professional skills, tasks, department, work function, compensation and any company assets assigned to the employee as a benefit or other).
Purpose of the processing
Personal data are processed:
- Without express consent (Article 24 letter a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
- conclude contracts for services or collaborations for, with and by the Owner;
- fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in existence;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering)
- exercise the rights of the owner, for example the right to defense in court;
- Only subject to specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:
- send via e-mail, mail and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the data controller and recognition of the degree of satisfaction with the quality of services;
- send via e-mail, mail and/or sms and/or telephone contacts commercial and/or promotional communications of third parties (for example, business partners, insurance companies, other companies of the Group).
Access to data
Data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the owner or of the Group companies in Italy and U.S., in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
- to third-party companies or other subjects (as an indication, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities on behalf of the Owner, in their capacity as external managers of treatment.
In compliance with the Privacy Shield Principles, Pulsar America commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Pulsar America at firstname.lastname@example.org
The services of processing of personal data, rectification, integration and deletion of data, and any notification about data breach are provided at no cost to you.
Pulsar commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to HR and non HR data transferred from the EU in the context of the employment relationship.”
The interested party has the right to obtain from the data controller confirmation that it is or is not undergoing treatment of personal data concerning him and, in this case, to obtain access to personal data.
In case a data access request is made, the data controller will provide a copy of the personal data being processed.
The interested party has also the right to request the correction of his / her data in case he / she should find that the information collected by the holder is inaccurate or incomplete.
Another right of the data subject is “the right to be forgotten” which allows the requesting of cancellation or removal of information where there are no valid reasons to keep using them.
Access to data by company personnel is carried out with the authorization of the data protection delegate with the release of the appropriate personal access credentials linked to the task. The data are stored in partitions dedicated to the company functions and are restricted access. There is a company regulation that regulates access to data and defines the modalities of each access. The company staff is periodically trained and the people who can process the data have been identified based on the company mapping and delegated with a specific document.
Each computer is equipped with an antivirus system with automatic updating defined by IT and a specific firewall. The data is saved by an automatic backup process of the network servers. A copy of the machine that physically contains backups every day is performed. The disaster recovery machine is located in a protected box, it is physically remote from the servers and kept locked up. Every single file is recoverable from IT.
The register of treatments carried out by the various company functions is also completed and kept up to date.
The collected data can be transferred exclusively for needs concerning the improvement of existing contracts, to third parties even outside the European Community.
As laws for the protection of privacy may be different from those of the community, in this case, before transferring the data, we ensure that the level of data protection is adequately protected, by examining the respective policies of interested third parties and the laws in force.
Before the transfer, a contract is also stipulated with the external party to whom the data will be transferred. In order to ensure that the data can be processed only for the purposes for which the data subject has given consent and that the recipient provides a level of adequate protection to what is established by the regulations regarding the protection of personal data.
Although the data are kept in the best possible condition according to its nature and the technological level available, being mainly stored by computer, despite the security measures taken, there may be incidents of intrusion in such systems and possible data stealing preserved.
Pursuant to the Regulations, if such an event occurs and if the data stolen are of the “Sensitive” type, or not only personal data, once the violation has been ascertained, the company informs the Guarantor of the event and informs the interested users.
Pulsar America Inc. is part of an industrial group based in Italy, in Castel Maggiore (BO).
The group is controlled by Pulsar srl, which control and coordinate the American company.
The two companies have signed a document called Binding Corporate Rule (BCR), which expresses the commitment between companies in terms of privacy and protection of personal data.
For everything concerning the law regarding the processing of personal data Pulsar America Inc. follows the legislation in force in the American territory as established by the rules of the Privacy Shield while Pulsar srl follows the rules set by the European privacy guarantor.
In the event that a person interested in the processing, after contacting the data controller, believes that his/her data have been treated incorrectly, he/she has the right to send a complaint to the European Data Protection Authority.
Choice and means to limiting the use of personal data
The interested party has the right to obtain:
- confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
- the indication about the origin of personal data;
- indication of the purposes and methods of processing;
- indication of the logic applied in case of treatment carried out with the aid of electronic instruments;
- indication of the identification details of the owner, of the managers and of the designated representative;
- indication of subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;
- Access to your personal data
- updating, rectification or, when interested, integration of data;
- cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- Access to your personal data
- A response to any complaint within 45 days
- Cost-free independent dispute resolution to address data protection concerns
- Notification of the requirements to disclose any personal data in response to lawful requests by public authorities
- Limit the use of your data for specific purposes.
Methods to limiting the use of personal data
The interested party can exercise your rights by
- Contacting the organization
Is possible to contact the organization directly by sending an e-mail to email@example.com.
In the mail is necessary to explain what right it intends to exercise.
Methods to submit a complaint
The interested party can submit a complaint using different methods.
- Contact the organization
It is possible to contact the organization directly by sending an e-mail to firstname.lastname@example.org.
The organization shall answer in 45 days.
- Contact the free independent recourse mechanism
If question or concern is not addressed to the organization directly, it is possible to submit a complaint to the Privacy Shield organization’s independent recourse mechanism.
- Contact your data protection authority (DPA)
It is also possible to submit a complaint directly to the local DPA.
- Invoke binding arbitration
If complaint is not solved after following the recourse mechanisms described above, is possible to invoke binding arbitration.
- Contact the U.S. enforcement authority.
Pulsar America Inc.is part of an industrial group based in Italy, in Castel Maggiore (BO). The group is controlled by the company Pulsar srl.
Pulsar America is a commercial branch which carries out actions for the resale of materials and machinery produced by Pulsar Engineering srl in North America. Furthermore, Pulsar America provides services and coordination of construction activities in the area of competence. Pulsar America is subject to the jurisdiction of either the Federal Trade Commission.
Liability in case of onward transfer to third parties
In case of transfer data to third parties Pulsar srl or Pulsar America Inc. bear the liability for correct transfer and follows the and follows the following item.
It will sign a contract with the third-party controller, before transferring data, that guarantees such data may only be processed for limited and specified purposes according to the consent provided by the individual and the recipient will provide the same level of protection of Pulsar srl and Pulsar America Inc.
The organization will transfer data only for limited and specified purposes compliant with the written consent expressed by the interested person.
If the organization becomes subject to an FTC or court order based on non-compliance, the organization will undertake to make public any relevant Privacy Shield-related section of any compliance or assessment report submitted to the FTC, to the extent of meeting the confidentiality requirements.