TDK Foil Italy S.p.A. - a company belonging to the TDK group (the list of TDK group companies is available at https://en.tdk.eu/tdk-en/1192046/company/tdk-group), information about which is provided in the footer of the company web page found at the URL http://foil.tdk-electronics.tdk.com, – agrees to protect personal data in accordance with
(a) Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of their personal data, as well as the free circulation of such data and which repeals EC Directive 95/46/ EC ("GDPR") as well as
(b) Italian national legislation on personal data protection ("National Data Protection Laws").
Any other TDK Group Companies involved – for the purposes of the organisation and/or optimization of certain activities related to sales or purchases – which share the purposes and methods of data processing with the Company.
The persons within the company involved in data processing have been authorized and appropriately trained.
Any TDK Group Companies involved – for the purposes of the organisation and/or optimization of certain activities related to sales or purchases – which operate on behalf of the Company as external data processors.
The data can be disclosed to external data processors who process this data based on previous agreements with the Company. External data processors belong to the following categories:
credit institutes. In addition, the data may be disclosed to third parties acting as independent data controllers, for example:
The Company provides specific information on these data processors and data recipients at the request of the interested party.
Individual customers (and potential customers) or representatives of customer legal entities that have relations with the Company; Individual suppliers (and potential suppliers) or representatives of supplier legal entities that have relations with the Company; freelancers and consultants; representatives of contractors/subcontractors; personnel of suppliers / contractors / subcontractors.
The processing of data is necessary for the execution of the contract or to fulfil legal obligations.
The processing of data relating to the personnel of suppliers/contractors/subcontractors is carried out to fulfil
legal obligations as well as to pursue the legitimate interests of the Company.
The personal data of customers/suppliers and their representatives are retained for the entire duration of the
contractual relationship and are cancelled ten years and six months after the termination of the same for defensive purposes, unless there is an objection/dispute, in which case the data will be kept for the time necessary to exercise the right of defence and resolve the dispute. The data referred to in point 2) (Personal data processed) relating to the personnel of suppliers/contractors/subcontractors will be deleted after three years
from the termination of the contract, unless an objection/dispute has arisen, in which case the data will be kept for the time necessary to exercise the right of defence and resolve the dispute.
Data relating to access to the Company's premises are kept for thirteen months.
The provision of data by the parties involved is necessary to allow the Company to fulfil its legal obligations as well as its contractual obligations or to respond to pre-contractual requests. Any refusal to provide personal data, in whole or in part, will not allow the Company to respond to the request, to execute the contract and/or to comply with legal obligations.
For the purposes of the organisation and/or optimization of certain activities related to sales or purchases within the TDK group, the Company, in accordance with a specific intragroup agreement, may transfer the personal data of the subjects concerned to other TDK group companies or third parties responsible for processing based in or operating in other countries. The transfer will take place, in any case, only after
verification of compliance with the provisions contained in articles 44 and following of the GDPR and, in particular, through the stipulation of the standard contractual clauses adopted by the European Commission.
The Company, in compliance with the GDPR, with the National Data Protection Laws – in particular, the General Provisions on video surveillance of 8 April 2010, issued by the Authority for the Protection of Personal Data ("Guarantor") – and in Article 4 of Law no. 300/1970, through the use of a video surveillance system of the perimeter of the plant, including the appurtenances and external accesses, processes personal data made up of the moving image of the subjects passing in front of the camera's range of action. The use of the video surveillance system was the subject of a 4 specific agreement stipulated by the Company with the Trade Union Representatives. The processing is based on the legitimate interest of the Company to safeguard and protect company assets and ensure workplace safety. The use of registrations by personnel specifically authorized by the Company is limited to cases of unauthorized access and is exclusively directed to the communication of the
registrations to the public authorities, if requested. The images are kept for a period not exceeding 7 days after they are recorded, after which they are eras ed by overwriting new images, except when specific needs arise for further conservation (related to holidays or office closures, to the acquisition of evidence in the event of theft or due to specific investigative requests by the Judicial Authority). The aforementioned registration period was established by attempting to reconcile the purposes of privacy protection with those pursued using the video surveillance system (considering, in particular, that small offences that can nevertheless be highly dangero
us in terms of potential damage to corporate assets may not be discovered within 24 hours after they are committed).
To exercise the rights provided for by applicable National Data Protection Laws and by the GDPR (Articles 15 et seq.), interested parties can contact the Company or the external managers in order to access their personal data, request the rectification, updating, cancellation or limitation of said data, as well as to request the portability of said data; the Company should be contacted using the contact details provided above.
With the same procedures described above, interested parties may object, in whole or in part, to the processing of personal data concerning them, where the relevant legal basis is constituted by the legitimate interests of the Company, pursuant to and for the purposes of the provisions of Article 21 of the GDPR.
Any interested party who believes that the processing of data concerning him or her is in violation of the GDPR, in accordance with the provisions of Article 77 of the GDPR, may lodge a complaint with a supervisory authority where the person usually lives or works or a supervisory authority where the alleged data breach has occurred.
The data processing referred to herein is not legally based on consent, therefore the withdrawal of consent has not been provided for.
(Version 01, October 2018)
The Company processes the data subject’s data, consisting of their images, under GDPR, National Laws on Data Protection, and the 8 April 2010 General Provision on Video Surveillance issued by the Guarantor Authority for the Protection of Personal Data ("Guarantor") and Article 4 of Law no. 300/1970
The use of the footage by personnel authorised by the Company is limited to unauthorised access cases and is aimed exclusively at communicating the recordings to the public authorities if requested.
The Company uses the plant's perimeter video surveillance system, including the appurtenances and external accesses, to process and detect images of people passing in front of the cameras.
The processing is based on the Company’s legitimate interest to protect its assets and safety in the workplace. The use of the video surveillance system is covered by a specific agreement signed by the Company with the Trade Union Representatives and is limited to the plant’s external areas.
The footage is kept for a maximum of seven days following recording. After that time it is self-deleted by overwriting, unless there is a specific requirement for longer storage (public holidays or closure of offices, evidence in the event of theft, or requests from the Judicial Authority, for less than seven days), and if it is necessary to comply with a request from the Judicial Authority or Police.
This registration period was established to reconcile privacy protection purposes with those pursued by the video surveillance system (considering that small offences which could be a damage to company assets, may not be discovered within 24 hours from the event).
Data subjects may contact the Company or any external third-party processors for exercising their rights under the National Data Protection Laws and GDPR (Articles 15 et seq.) as they apply to that processing type.
With the same methods as above, the data subject may partly or totally oppose, the processing of their data, if the legal basis is the legitimate interest of the Company, under GDPR Article 21.
Any data subject who considers that the processing of their data violates GDPR Article 77, may complain to a supervisory authority where the data subject is resident or employed or with the supervisory authority where the alleged data breach has occurred.
publication on the company website or the disclosure date to data subjects.