NOTICE TO CUSTOMERS: PRIVACY UPDATE
The new European Regulation no. 679/2016 (“GDPR”) on the protection of personal data comes into force on 25 May 2018. In line with the GDPR and in compliance with the principle of transparency, we have updated our privacy policy, which we invite you to read below.
PRIVACY INFORMATION
- Introduction
The AT Group undertakes to guarantee the protection of personal data on a daily basis.
With this statement, we wish to provide you with a clear and transparent view of what information we collect and process about our customers within the scope of the contractual relationship, through the use of our website and applications, such as software and digital tools.
In the following paragraphs we will explain how we use your personal data, for what purposes and for how long, as well as how we ensure your rights and compliance with data protection laws.
Details of individual information updated pursuant to the new European Regulation no. 679/2016 (“GDPR”) is available by accessing the following sections of the www.adv.tech.comsite:
- Who is the Data Controller for the processing of personal data?
Advanced Technologies S.p.A. (tax code 12561310157), with registered office in Trezzano s/n (MI), Via Carducci 35, in the person of its pro temporelegal representative, is the Data Controller for the processing of personal data (the “Controller” or “AT”).
To exercise your rights, as set out in this information, the Controller can be contacted by sending an email to the email address infocom@at-ipc.it or by writing to: Data Controller for Personal Data c/o Advanced Technologies S.p.A., Via Carducci 35, 20090 – Trezzano sul Naviglio (M).
- What is personal data and what data do we process?
“Personal Data” means any information that can identify, directly or indirectly, a natural person (the Data Subject), in our case, when using the services offered by Advanced Technologies and by the companies of the AT Group.
In particular, we collect and process the necessary personal data provided offline through forms, or online via the Website for the provision of requested services, such as:
- personal and identification data (name, surname, date and place of birth, tax code, gender);
- home address, telephone number and email address;
- bank details of current account or credit card ID for the relevant debit;
- CV or employer information;
- URL of personal social media network;
- Personal preferences or interests;
- in general, any other data and information necessary for the conclusion and performance of the contract.
In addition, when you use our website we process: the information requested during registration, navigation data, contact data, IP address, the domain name of the devices you use, the URL used, information relating to the operating system and computer environment used by you, the navigation history, as well as the data voluntarily provided in this context to use our services and purchase our products.
We also collect data through cookies.
Cookies are small text files that sites visited by users send to their terminals, where they are stored and then retransmitted to the same sites the next time they visit.
In general order, we use the so-called technical cookies necessary to ensure you get the best functionality out of our website. If you wish to deactivate/reject the use of these cookies, you can change the settings of your PC’s browser at any time.
For more details about the other types of cookies we use, namely third-party cookies and profiling cookies, please consult our Cookie Policy published on our website.
- Why do we process your personal data?
Once collected, the Personal Data mentioned above is used for a variety of purposes, which are listed below:
Business administration and customer management.
AT must be able to perform contracts in the due and proper manner, and carry out all necessary accounting and legal processes. Accordingly, AT will need certain Personal Data provided by Data Subjects offline through Forms or online via the Website and Applications. In accordance with Regulation (EU) 679/2016, for the purposes of the execution of contracts, the consent of the Data Subject, who is or will be party to a contract, is not required.
With respect to the management of customer relationships and the provision of services to customers, AT uses Personal Data (e.g. name, country, nationality, email address, customer code, credit card information) in order to:
- assess the feasibility of selling the products or services to a customer before entering into a contract;
- process written customer requests, customer orders for products and services and cashback requests;
- identify and contact customers for a discount;
- inform customers about their rights and additional services related to the product or service purchased;
- inform clients about AT’s events and promotional campaigns and send them invitations;
- manage access to the premises, to the AT Website and Applications;
- organise and carry out service work for customers and installers;
- Inform customers of an upcoming maintenance deadline.
Product distribution.
AT uses your personal data for the distribution of its products and in particular to:
- promote its European Subsidiary companies in the distribution of products and the provision of services through authorised agencies, commercial partners, the Website and/or through Applications;
- promote distributors for the delivery of products, spare parts and services (for example, personal data is included in the delivery notes accompanying the transport of a purchased product);
- optimise sales and services by developing offers for customers;
- improve and accelerate the distribution of AT products and services;
- examine the technical data of the installations and the state of contracts and projects;
- organise and provide training to customers, installers, employees and subcontractors.
Supplier management.
AT uses personal data to keep records on suppliers and service providers, to record and manage purchase orders, business expenses and invoices provided by suppliers and service providers.
Direct marketing.
As a leading manufacturer and provider of technology solutions for vision technology, AT can provide information tailored to you and your needs (for example, using transaction data, AT can give you information on services, offers and recommendations related to your purchase. This is known as ‘direct marketing’).
AT uses the personal data collected, personal data that is publicly available (e.g. information available on the Internet, through research results, social media results) or personal data received from third parties (e.g. Internet Service Providers) for direct marketing purposes and to attract new customers.
AT also carries out direct marketing with the aim of organising internal events, travel, presentations, meetings for employees, customers and business partners.
AT conducts direct marketing through a variety of media forms including, but not limited to, mobile text messaging, surveys, email, the Website, online advertising, marketing databases, Applications and events.
AT conducts direct marketing on the basis of its legitimate interest to pursue commercial objectives.
AT may carry out direct marketing in response to the explicit consent of the Data Subject. If you do not wish to receive a highly personalized offer, you should not give your consent to receive direct marketing when asked to do so.
AT will endeavour to ensure that direct marketing information is provided in a clear and appropriate manner, using the channel designated by the recipient in order to minimise the inconvenience of being disrupted.
Quality improvement for products and services.
AT uses personal data collected through Forms, job applications, surveys, questionnaires, comments, feedback sent to AT or other AT Group companies to improve its products and services, perform further surveys, develop analytical, risk, marketing models among others, and to produce statistics. AT also uses your transaction data to develop global models and perform analysis.
Example: AT may need to process the number of people who have purchased a specific AT product or who have requested a specific service.
To this end, AT will use commercially reasonable efforts to aggregate personal data in an anonymous or anonymous pseudo form to ensure that such personal data is not easily identifiable or no longer identifiable as your personal data.
The practice of processing personal data for statistical purposes is particularly justified by AT’s desire to implement strategic choices in order to perform better on the market and to provide you with better products and services.
Personal data may also be used to evaluate, simplify and improve AT processes, for example to optimise campaigns, procedures and sales, either offline or online, through the Website and/or Applications.
For example: if you have not completed a procedure or sales process, AT may contact you to find out what the problem was and whether help can be provided. In this case, AT limits its contact to providing technical and administrative support for that specific procedure or process.
Recruitment and selection.
In order to recruit “talent”, AT collects personal data such as, but not limited to, name, email, phone number, CV information, social media profile URLs from open applicants and targeted applicants applying for, for example, job vacancies, international internships, and student internships.
Personal data provided by candidates (when filling in forms or registering and creating a personal account on the Website or accessing Applications) will be used to process applications, contact candidates for HR-related activities, manage recruitment processes (e.g. inviting candidates to interviews and conducting written tests) and draw up employment contracts.
AT undertakes to delete personal data from its archives belonging to candidates who were not recruited at the end of the selection process, when there is no legitimate reason to keep it.
Personnel management and remunerative benefits.
AT uses personal data for the purpose of managing personnel and, in particular, for the purposes of:
- managing and keeping track of employment contracts and pay slips;
- paying salaries;
- keeping track of employee attendance, travel and training activities;
- communicating with health insurance companies;
- providing employees with insurance, company assets and performance-related benefits.
Record-keeping and accounting.
AT uses personal data for the purposes of record-keeping and accounting and for the purposes of:
- keeping track of transactions
- issuing invoices related to the sales and services provided;
- completing tax returns and tax compliance forms;
- compiling statistics on the basis of transaction data (e.g. number of transactions carried out and in which area);
- complying with existing legislation and regulatory requirements at national, European and international level.
- Who do we communicate the processed data to?
We communicate the data only to the subjects we use to carry out activities necessary for the achievement of the purposes indicated and described in paragraph 4 above, including for example:
- companies directly controlled by Advanced Technologies, namely AT Embedded Solutions S.r.l., Fondazione AT Visionlab, Clearview Imaging Ltd.;
- external companies that provide services relating to the verification of creditworthiness, capital soundness, risk profile and regulatory compliance (e.g. anti-money laundering);
- third party companies providing logistics services;
- companies that provide technical coordination, assistance and maintenance of information systems on our behalf;
- in general, third party companies that provide assistance in matters relating to the contract.
The subjects mentioned above are specifically appointed by our data processors, whose list can be requested by contacting the Data Controller at the addresses indicated in paragraph 2 above.
We may also disclose the data to persons to whom such disclosure is due by virtue of legal obligations, as well as to the credit institutions with which we operate, for the purposes indicated in paragraph 4. These entities carry out their processing activities as independent data controllers.
- Where do we transfer the processed data?
As a rule, AT does not transfer the processed data outside of the European Union. If specific needs relating to the purposes indicated in paragraph 4 so require, it shall be ensured that the recipient, acting in his capacity as Data Controller, complies with the provisions set out in the GDPR, including the rules specifically governing the transfer of personal data to third countries. In particular, it is ensured that such transfers take place on the basis of a decision of adequacy or the signature by the person responsible of standard contractual clauses of data protection approved by the European Commission.
AT uses Zoho CRM which operates in compliance with the new privacy policy visible from here.
The actual transfer of personal data to third countries and related further information may be requested by contacting the Data Controller at the addresses indicated in paragraph 2 above.
- How long do we keep your processed data?
We retain the data only for the time necessary to perform the processing for the purposes mentioned above.
In particular, we present below the main periods of personal data use and retention, with reference to the different processing purposes:
- a) we will process the data for the entire duration of the contract and as long as there are obligations or fulfilments connected with the execution of the same. After termination of the contractual relationship, we will keep data for no longer than 10 years in order to comply with legal obligations or to defend our rights;
- b) with reference to processing for marketing purposes, carried out on the basis of a legitimate interest, or your consent, data will be processed for the entire duration of the contract and as long as there are obligations or fulfilments related to the execution of the same, unless there is opposition to the processing or a withdrawal of the consent given;
- c) the data will be processed for profiling purposes until possible withdrawal of consent and/or request to terminate the processing. In any case, profiling activities will only take into account data from the last 12 months;
- d) in order to comply with legal obligations, the data will be processed and retained as long as the need for processing to comply with these legal obligations persists.
- What are the rights of the Data Subjects?
- Right of access – the right to obtain confirmation as to whether or not data concerning you is being processed and the right to receive any information relating to the same.
- Right of rectification – the right to obtain rectification of your data, if it is incomplete or inaccurate.
- Right of cancellation (so-called “right of oblivion”) – the right to obtain, in certain circumstances, the cancellation of data contained in our archives if it is not relevant to the continuation of the contractual relationship or necessary for legal obligations.
- Right of limitation to processing – the right to obtain limitation of the processing, upon the occurrence of certain conditions, if not relevant to the continuation of the contractual relationship or necessary for legal obligations.
- Right of portability – the right to obtain the transfer of data in favour of a different Controller.
- Right of objection – the right to object, at any time on grounds relating to a particular situation, to the processing of data which is based on the condition that the legitimate interest or the performance of a task carried out in the public interest or the exercise of official authority, including profiling, are legitimate.
- Right of consent withdrawal – the right to withdraw consent to the data processing at any time, without prejudice to the lawfulness of the processing based on consent prior to withdrawal.
- Right of complaint with the Supervisory Authority – the right to lodge an application directly with the Supervisory Authority of your country of residence (for Italy, the Data Protection Authority involved is the Guarantor for the protection of personal data, Piazza di Monte Citorio 121, 00186 ROMA, http://www.garanteprivacy.it/) if you wish to lodge a complaint about the way in which your data is processed.
The above rights may be exercised against us by writing to the email address infocom@at-ipc.it or by contacting the Controller at the addresses indicated in paragraph 2 above.
The exercise of your rights as Data Subject is free of charge within the meaning of Article 12 of the GDPR.