Our website uses cookies to provide you with the best possible service. More information about the use of cookies on this website and how they can be disabled is available on our information page. With your consent, you confirm that you have read the information about the use of cookies and accept it. Please also note our further information on the subject of data privacy policy.

Privacy policy (EN)

Privacy Policy for customers and suppliers

"Privacy Policy Statement" (Version 02, October 2018)

Data Controller

TDK Foil Italy S.p.A. - a company belonging to the TDK group (the list of TDK group companies is available at https://en.tdk.eu/tdk-en/1192046/company/tdk-group), information about which is provided in the footer of the company web page found at the URL http://foil.tdk-electronics.tdk.com, – agrees to protect personal data in accordance with

(a) Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of their personal data, as well as the free circulation of such data and which repeals EC Directive 95/46/ EC ("GDPR") as well as

(b) Italian national legislation on personal data protection ("National Data Protection Laws").

Co-Data Controllers

Any other TDK Group Companies involved – for the purposes of the organisation and/or optimization of certain activities related to sales or purchases – which share the purposes and methods of data processing with the Company.

Authorized persons within the company involved in data processing

The persons within the company involved in data processing have been authorized and appropriately trained.

External Data Processors / Recipients of the Data

Any TDK Group Companies involved – for the purposes of the organisation and/or optimization of certain activities related to sales or purchases – which operate on behalf of the Company as external data processors.
The data can be disclosed to external data processors who process this data based on previous agreements with the Company. External data processors belong to the following categories:

  • security guard service providers;
  • suppliers of software and related technical support / maintenance;
  • accounting and tax consultants;
  • workplace safety consultants;

credit institutes. In addition, the data may be disclosed to third parties acting as independent data controllers, for example:

  • supervisory bodies;
  • certification entities and bodies;
  • subjects to whom disclosure is mandatory by law.

The Company provides specific information on these data processors and data recipients at the request of the interested party.

Data subjects

Individual customers (and potential customers) or representatives of customer legal entities that have relations with the Company; Individual suppliers (and potential suppliers) or representatives of supplier legal entities that have relations with the Company; freelancers and consultants; representatives of contractors/subcontractors; personnel of suppliers / contractors / subcontractors.

Personal Data processed

  1. The data processed consist of common data, such as, for example, the name and surname of the legal representative or owner, name or registered name of the company, tax code, VAT number, legal and tax domicile, complete contact details, physical address and telephone (also mobile phone) number, fax, certified e-mail and e-mail address, postal code, handwritten signatures and, in general, information necessary for the execution of the contract, such as bank account details and/or data relating to the payment/collection system.
  2. In addition to the above data, the Company may process the following data concerning the personnel of suppliers / contractors / subcontractors:
    (a) registration number, company affiliation, remuneration, qualification, rank, social security and insurance data, any other data contained in payslips, documents attesting to qualifications and the ability to perform certain activities;
    (b) particular categories of data, such as, for example, data contained in health certificates attesting to the ability to perform job-related tasks and duties.

Purpose of data processing

  1. Data processing is carried out to establish and execute contractual relations with customers and suppliers, as well as to fulfil legal obligations.
  2. Data processing relating to the personnel of suppliers / contractors / subcontractors is carried out to verify the possession of certifications of qualifications as well as for the protection of the Company with respect to legally established bonds of solidarity.
  3. Unless objection is made by the Company's customers, data is also processed to send commercial messages about the Company's products similar to those already subject to a previous commercial relationship (opt-out).
  4. The data of data subjects can also be processed for purposes of verification and control in relation to the obligations deriving from Legislative Decree no. 231/01 on the administrative responsibility of companies and entities.

Legal basis of the processing

The processing of data is necessary for the execution of the contract or to fulfil legal obligations.
The processing of data relating to the personnel of suppliers/contractors/subcontractors is carried out to fulfil
legal obligations as well as to pursue the legitimate interests of the Company.

Data Retention Period

The personal data of customers/suppliers and their representatives are retained for the entire duration of the
contractual relationship and are cancelled ten years and six months after the termination of the same for defensive purposes, unless there is an objection/dispute, in which case the data will be kept for the time necessary to exercise the right of defence and resolve the dispute. The data referred to in point 2) (Personal data processed) relating to the personnel of suppliers/contractors/subcontractors will be deleted after three years
from the termination of the contract, unless an objection/dispute has arisen, in which case the data will be kept for the time necessary to exercise the right of defence and resolve the dispute.

Data relating to access to the Company's premises are kept for thirteen months.

Optional/Mandatory nature of the provision of data

The provision of data by the parties involved is necessary to allow the Company to fulfil its legal obligations as well as its contractual obligations or to respond to pre-contractual requests. Any refusal to provide personal data, in whole or in part, will not allow the Company to respond to the request, to execute the contract and/or to comply with legal obligations.

Data transfer abroad

For the purposes of the organisation and/or optimization of certain activities related to sales or purchases within the TDK group, the Company, in accordance with a specific intragroup agreement, may transfer the personal data of the subjects concerned to other TDK group companies or third parties responsible for processing based in or operating in other countries. The transfer will take place, in any case, only after
verification of compliance with the provisions contained in articles 44 and following of the GDPR and, in particular, through the stipulation of the standard contractual clauses adopted by the European Commission.

Video surveillance

The Company, in compliance with the GDPR, with the National Data Protection Laws – in particular, the General Provisions on video surveillance of 8 April 2010, issued by the Authority for the Protection of Personal Data ("Guarantor") – and in Article 4 of Law no. 300/1970, through the use of a video surveillance system of the perimeter of the plant, including the appurtenances and external accesses, processes personal data made up of the moving image of the subjects passing in front of the camera's range of action. The use of the video surveillance system was the subject of a 4 specific agreement stipulated by the Company with the Trade Union Representatives. The processing is based on the legitimate interest of the Company to safeguard and protect company assets and ensure workplace safety. The use of registrations by personnel specifically authorized by the Company is limited to cases of unauthorized access and is exclusively directed to the communication of the
registrations to the public authorities, if requested. The images are kept for a period not exceeding 7 days after they are recorded, after which they are eras ed by overwriting new images, except when specific needs arise for further conservation (related to holidays or office closures, to the acquisition of evidence in the event of theft or due to specific investigative requests by the Judicial Authority). The aforementioned registration period was established by attempting to reconcile the purposes of privacy protection with those pursued using the video surveillance system (considering, in particular, that small offences that can nevertheless be highly dangero
us in terms of potential damage to corporate assets may not be discovered within 24 hours after they are committed).

Rights

To exercise the rights provided for by applicable National Data Protection Laws and by the GDPR (Articles 15 et seq.), interested parties can contact the Company or the external managers in order to access their personal data, request the rectification, updating, cancellation or limitation of said data, as well as to request the portability of said data; the Company should be contacted using the contact details provided above.

Right to object

With the same procedures described above, interested parties may object, in whole or in part, to the processing of personal data concerning them, where the relevant legal basis is constituted by the legitimate  interests of the Company, pursuant to and for the purposes of the provisions of Article 21 of the GDPR.

Complaint

Any interested party who believes that the processing of data concerning him or her is in violation of the GDPR, in accordance with the provisions of Article 77 of the GDPR, may lodge a complaint with a supervisory authority where the person usually lives or works or a supervisory authority where the alleged data breach has occurred.

Withdrawal of consent

The data processing referred to herein is not legally based on consent, therefore the withdrawal of consent has not been provided for.

Updates and revisions

The Company reserves the right to modify and/or update the Privacy Policy Statement, also taking into account any subsequent additions and/or amendments to national and/or European Union regulations  regarding the protection of personal data or consequent to any new purposes of data processing that may arise. For this reason, the Statement is published with a progressive identification number and the month of publication, starting with the May 2018 version, which bears the number "00". The new versions of the Statement will replace the previous ones and will be valid, effective and applied starting on the date of publication on the company website or from the date of disclosure to the interested parties.

Video surveillance Policy

(Version 01, October 2018)

Data Controller

The Company processes the data subject’s data, consisting of their images, under GDPR, National Laws on Data Protection, and the 8 April 2010 General Provision on Video Surveillance issued by the Guarantor Authority for the Protection of Personal Data ("Guarantor") and Article 4 of Law no. 300/1970

Authorised internal processors

The use of the footage by personnel authorised by the Company is limited to unauthorised access cases and is aimed exclusively at communicating the recordings to the public authorities if requested.

Data subjects and personal data processed

The Company uses the plant's perimeter video surveillance system, including the appurtenances and external accesses, to process and detect images of people passing in front of the cameras.

Processing purposes and legal basis

The processing is based on the Company’s legitimate interest to protect its assets and safety in the workplace. The use of the video surveillance system is covered by a specific agreement signed by the Company with the Trade Union Representatives and is limited to the plant’s external areas.

Data Retention period

The footage is kept for a maximum of seven days following recording. After that time it is self-deleted by overwriting, unless there is a specific requirement for longer storage (public holidays or closure of offices, evidence in the event of theft, or requests from the Judicial Authority, for less than seven days), and if it is necessary to comply with a request from the Judicial Authority or Police.

This registration period was established to reconcile privacy protection purposes with those pursued by the video surveillance system (considering that small offences which could be a damage to company assets, may not be discovered within 24 hours from the event).

Rights

Data subjects may contact the Company or any external third-party processors for exercising their rights under the National Data Protection Laws and GDPR (Articles 15 et seq.) as they apply to that processing type.

Right to oppose

With the same methods as above, the data subject may partly or totally oppose, the processing of their data, if the legal basis is the legitimate interest of the Company, under GDPR Article 21.

Complaint

Any data subject who considers that the processing of their data violates GDPR Article 77, may complain to a supervisory authority where the data subject is resident or employed or with the supervisory authority where the alleged data breach has occurred.

Updates and revisions

The Company reserves the right to modify or update the Privacy Policy for any subsequent additions and amendments to the national and/or European Union regulations on the protection of personal data or for additional data processing purposes. The Policy is published with a progressive identification number and the month of publication, starting from the May 2018 version, which is identified with the number "00". The new versions of the Policy will replace the previous ones and will be valid, effective and applied from the date of
publication on the company website or the disclosure date to data subjects.