Being consistent with our values, inspired by our vision and guided by our mission, we are focused on the objective of acting responsibly in the community where we in as well as in the relations with all our partners. To this extent, ensuring the protection of privacy and personal data and the transparent and fair treatment are essential for the entire MARTIFER Group.
The protection of privacy and personal data is a fundamental commitment of all the companies part of MARTIFER Group, based on the following principles for its treatment:
– The treatment of personal data is carried out in a lawful, faithful and transparent manner;
– The respective data collection is performed only for properly specified, explicit and legitimate purposes, in accordance with the applicable legislation;
– The collected data is limited to what is strictly necessary and for the time necessary for the purposes for which it are treated;
– Only the employees, collaborators and partners of the Group whose duties so require have access to treated personal data;
– Personal data is treated as confidential.
A. Personal Data
According to the General Data Protection Regulation, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as “GDPR”) – personal data is any information of any nature and in any medium concerning an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if he/she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or one or more specific elements of physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
B. Responsibility for the Treatment
The company part of Martifer Group to which the data subjects are related is responsible for the personal data treatment.
C. Conditions for the Treatment
The companies part of Martifer Group will only treat personal data if one of the conditions laid down in the abovementioned European regulation is met, namely:
– If the data subject has given his/her consent to the treatment of his/her personal data;
– If the treatment of personal data is necessary for the execution of a contract in which the data subject is a party or for pre-contractual proceedings requested by the data subject;
– If the treatment is necessary for compliance with a legal obligation to which Martifer Group is subject;
– If the treatment is necessary to guarantee the legitimate interests of MARTIFER Group.
When his/her prior and express consent (either in writing, orally or through the validation of an option) is obtained and if such consent is wilful, informed, specific and unambiguous. Examples of this are the consent for Martifer Group to examine job applications or to validate specific qualification and training certificates;
EXECUTION OF A CONTRACT AND PRE-CONTRACTUAL ARRANGEMENTS
Whenever the treatment of personal data is necessary for the execution, implementation and management of the contract executed with us, e.g. for the preparation of proposals or quotes, for the management of contacts, information and requests, for the management of invoicing, collection and payments;
COMPLIANCE WITH THE LEGAL OBLIGATION
Whenever the treatment of personal data is necessary to fulfil a legal obligation to which Martifer Group is subject, e.g. the communication of identification data to police, legal, fiscal or regulatory authorities;
Whenever the treatment of personal data is in the legitimate interest of Martifer Group or third parties and whenever our reasons for its use should prevail over the data protection rights;
D. Storage Period for Personal Data
In compliance with the abovementioned principles, the personal data processed by Martifer Group shall be stored for as long as strictly necessary for the purposes for which it was collected. The determination of these terms is based on criteria for the retention of information that is defined and appropriate to each treatment and respects the legal and regulatory obligations to which the Group is subject.
E. Rights of the Holders of Personal Data
Martifer Group ensures that the data subject may exercise the rights conferred to him/her by the GDPR on data protection, namely:
– RIGHT OF ACCESS TO PERSONAL DATA (the data subject may obtain confirmation on whether his/her personal data is treated and access information on it);
– RIGHT TO CORRECT (the data subject may request its correction or completion);
– RIGHT TO ERASURE (the data subject may require that his/her personal data be erased) in the following situations:
i. if the personal data is no longer necessary for the purpose for which it was collected or treated;
ii. if the consent on which the data treatment is based is withdrawn and there is no other legal basis for it;
iii. if the data subject objects to the processing and there are no overlapping legitimate interests;
iv. if the personal data has been unlawfully treated;
v. if the personal data has to be erased as a result of a legal obligation;
– RIGHT TO THE LIMITATION OF TREATMENT (the data subject has the right to request the limitation of treatment) when:
i. the data subject disputes its accuracy for a period which allows the verification of its accuracy;
ii. the data subject considers that the treatment is unlawful;
iii. the data is no longer necessary for processing purposes, but such data is necessary for a declaration, exercise or defence of a right in a judicial proceeding;
– RIGHT TO DATA PORTABILITY (when the treatment is based on the consent or the execution of a contract and is carried out by automated means, the data subject may request the delivery in a structured format of current use and which may allow automatic reading of personal data which concerns him/her and which he/she has provided, and may also request that the personal data be transmitted to another person responsible for the treatment, provided that this is technically possible);
– RIGHT OF OPPOSITION (the data subject has the right to object to the processing) at any time when:
i. there is no prevailing legitimate interest by the one responsible for the treatment;
ii. the treatment is carried out for purposes other than those for which the data was collected;
– RIGHT NOT TO BE SUBJECT TO EXCLUSIVELY AUTOMATED INDIVIDUAL DECISIONS (in certain situations, the data subject has the right to request human intervention when decisions are made based on exclusively automated treatment);
– RIGHT TO WITHDRAW HIS/HER CONSENT (the data subject has the right to withdraw the consent he/she has given to the treatment of his/her personal data);
– RIGHT TO COMPLAIN TO THE NATIONAL DATA PROTECTION AUTHORITY (on any matters relating to the treatment of his/her personal data).
If you intend to exercise any of the rights referred to above or to clarify any issues relating the protection of privacy and your personal data by Martifer Group, the contact may be made by letter addressed to the Group headquarters, to the Permanent Committee on the GDPR or by e-mail sent to email@example.com
F. Safety Measures
Martifer Group companies have at their disposal safety, technical and organisational measures that ensure the protection of personal data against security breaches (‘violation of personal data’: violation of the safety that causes, accidentally or unlawfully, non-unauthorised destruction, loss, alteration, disclosure or access to personal data transmitted, stored or subject to any other type of treatment), and against any other accidental or unlawful treatment.
The commitment which was undertaken by Martifer Group on the protection of personal data also implies that, whenever personal data is transmitted to other entities, these are obliged to adopt technical and organisational measures to ensure the same level of protection.
Martifer Group will carry out an impact assessment whenever data processing is likely to jeopardise the fundamental rights and freedoms of natural persons. Whenever we do this, we commit to comply with the European community and national guidelines on this issue, such as GDPR (EU) 2016/679 and the National Data Protection Commission guidelines.
G. Communication of Personal Data To Third Parties
In the exercise of their activities, the companies part of Martifer Group may have to communicate or give access to treated personal data under their responsibility to other entities, always ensuring that they present technical and organisational measures that adequately protect personal data.
Personal data will only be accessed or shared with the following entities:
– Companies part of Martifer Group;
– Subcontracting entities that render services to the Group in matters such as IT support, document management, legal support, human resources;
– Clients of companies part of Martifer Group or representatives designated by them;
– Public authorities (e.g. the Tax and Customs Authority).
Martifer Group may have to transfer personal data to another country outside the European Union which is not part of the list of countries that the EU has already considered to have adequate levels of personal data protection. In such cases, MARTIFER Group will ensure that data transfers are carried out in strict compliance with the applicable legal regulations.
H. Additional Information
The data subject may request information or clarification on the treatment carried out by any company part of Martifer Group to his/her personal data sending it to the e-mail address firstname.lastname@example.org
This document can be changed at any time. In this case, the changes will be duly announced and disclosed by the institutional communication media routinely used by Martifer Group.