Privacy

BRC / Privacy

INFORMATION AND CONTACT DATA OF THE HOLDER OF THE PROCESSING

Articles 12 – 13 of EU Regulation n. 679/2016

Holder of the processing
Westport Fuel Systems Italia s.r.l. registered office
Via La Morra n. 1, 12062, Cherasco (CN), VAT nr. 00525960043

Contact data of the holder of the processing
Phone: 0172 48681 eMail: info.cherasco@wfsinc.com

Contact data of the Protection Officer
Westport Fuel Systems Italia s.r.l. does not fall within the hypothesis provided for art. 37 of the EU Regulation n. 679/2016

Westport Fuel Systems Italia s.r.l., (hereinafter referred to for brevity as “W.F.S.I. s.r.l. “) with registered office in Via La Morra n. 1, 12062, Cherasco (CN), VAT number 00525960043, as controller of your personal data, informs you, pursuant to Arts. 12 and 13 of EU Regulation no. 679/2016 (General Data Protection Regulation, henceforth referred to as “GDPR”), that your personal data will be processed by specifically authorized parties and limited to the purposes and methods specified below.

 

OBJECT AND PURPOSE OF THE PROCESSING

W.F.S.I. s.r.l. as Data Controller (henceforth referred to as “Controller”) informs you that your personal data, specifically biographical data, name and surname, residence/domicile address, VAT number, email address, telephone number, identifiers and IP addresses or domain names, will be processed according to purposes and procedures all below foreseen and specified.

Personal data of users of websites belonging to W.F.S.I. s.r.l. as aforementioned, will be processed according to GDPR procedures, for carrying out the features of the following websites.

Especially, the personal data provided to the Controller will be processed for the pursuit of the following purposes:

  1. reply to specific requests made by the User to the Controller through the websites and related communication tools, especially through the “Contact” form aimed at the management of any kind of request of information, or similar;
  2. in case of spontaneous sending of Curriculum Vitae/self-application made by Users through the “Work with us” sections of websites.
  3. marketing purposes, especially sending newsletter through the related function “Newsletter” – referring to e-commerce portal http://brcpromotion.it/ too, see next point d) – sending commercial and informative publications about products, activity and business and promotional services of the company and the network of the company or third parties, reporting marketing events, promoting them by means of paper communication, advertising material transmission and/or by phone and/or by e-mail, and/or through statistical surveys aimed at monitoring the relationship with Customers, market research or assessment of the degree of satisfaction with services quality and activity through direct or phone interviews or
  4. Only referring to e-commerce portal http://brcpromotion.it/:
  • To register on the website and access all the special services dedicated to the registered users, such as the possibility to purchase directly on – line;
  • To conclude the purchase agreement and correctly carry out related operations, after-sales and administrative-financial activities too;
  • to reply to specific requests made by the User to the Controller through the websites and related communication tools, especially with the “Contact” form aimed at the management of any kind of request of information, or similar.

This information is effective only with reference to the websites:
https://brc.it/
https://www.brcgasservice.it
https://www.brcgasservice.com
https://brcracingteam.com/
http://www.greenhybridcup.it/
https://www.brced.com/
http://brcpromotion.it
https://www.zavoli.com
https://www.zavoligaspoint.it/
https://www.gficontrolsystems.eu/
https://www.omvlgas.it/it/
https://emer.it/
https://www.valtek.it/it/
and not with reference to other and different portals or web sites that may be consulted through the links therein, of which the undersigned the Controller is not in any way proprietary.

The processing of data generically provided will be done, even after automated collection during web browsing, only for purpose of assessment and/or control of accesses to the website and/or only for purpose of website functionality improvement, in order to assure the best browsing experience. For more information, please consult the specific Cookie Information.

 

LEGAL BASIS OF THE PROCESSING

Apart what specified for the navigation data, the communication of the personal data specified above from your part to the Data Controller, has the following legal basis as the sole premise of lawfulness of the processing:

  • 6, par. 1, letter b) of GDPR, about the performance of a contract of which the interested person is part of, or the performance of precontractual measures adopted upon request of him, for the purposes specified in points a), b) and d).
  • 9, par. 2, letter a) of GDPR, about your express consent, for the purpose mentioned in point b).
  • 6, par. 1, letter a) of GDPR, about your express, special, informed and unequivocal, as well as revocable, free consent for the purpose mentioned in point c).

The provision of your personal information, even belonging to special categories ex art. 9 of GDPR about the purpose mentioned in sub b), is therefore necessary for the whole fulfilment of purposes indicated by points a), b) and d) and, as a consequence, a possible failure to do so could result in the impossibility to supply website services and functions mentioned above.

On the contrary, the provision of your personal information is purely optional for the fulfilment of commercial and marketing activities listed by point c), and, as a consequence, a possible failure to do so does not preclude the fulfilment of the other purposes. The consent to data processing for marketing purposes you may have provided, can in any case be revoked by you at any time, with immediate effect on the aforementioned business and promotional activities and services, by simply emailing the Data Controller to  privacy.cherasco@wfsinc.com or by sending registered letter to the company headquarter – Human Resources dept. – Attn. Sabrina Marenda.

 

METHOD OF PROCESSING

The processing of personal data communicated is carried out by means of the operations indicated in art. 4 n. 2) of the GDPR, namely: “collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of data”.

The personal data communicated by you are processed in automated way for the strictly necessary time to achieve the purposes for which they were collected, using technical and organizational measures, taken to prevent data loss, illicit or incorrect use and unauthorized access, and therefore, to guarantee a level of security appropriate to the risk pursuant to art. 32 of GDPR, by specifically authorized subjects, in compliance with the provisions of art. 29 of GDPR, like employees and/or collaborators of Controller in their capacity as authorized parties and/or internal delegated representatives and/or system administrators, who may carry out operations of consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of law necessary to guarantee, among other things, the confidentiality and security of data as well as the accuracy, updating and relevance of the data in relation to the stated purposes and methods.

It should be noted, in particular, that the personal data you communicated will be processed only at the headquarters of the data controller, except for what infra mentioned, will not be disseminated, and, pursuant to art. 13, paragraph 1, letter (e), they may be processed only by authorized persons and/or by external processors (in person of individual professionals and/or complex professional associations), and/or by independent data controllers, of whom the list can be required to the Controller premises under writing request, such as explicitly hosting companies and/or technicians in charge with website management and / or maintenance, but only and exclusively for the purposes expressly and specifically indicated above.

 

AMBITO DI COMUNICAZIONE DEI DATI

In relation to the purposes indicated above, the data may be disclosed to the following persons and/or categories of persons indicated below, or may be disclosed to companies and/or persons who provide services, also external, on behalf of the Data Controller.

Among these, by way of example but not exhaustively are indicated for greater clarity: professional studies  and consulting companies, even associated; subjects that provide IT and telematic services for the management of the information system (including e-mail and management of web portals and internet sites – cloud storage – hosting); competent authorities and/or Supervisory Organs for the fulfilment of legal obligations; subjects that perform control, revision and certification of the activities carried out by the Data Controller, all appointed by the undersigned company for data processing pursuant to art. 28 of the GDPR, or operate in total autonomy as separate Data Controllers.

The website can share some data collected with services situated outside Italy and European Union, especially with Google, Facebook and Microsoft (LinkedIn) even through social plugin and Google Analytics service. Extra UE data transfer is authorised by specific decisions of the decisions of European Commission and Data Protection Supervisor, especially the decision 1250/2016 (Privacy Shield), for which no further consent is required. The company mentioned above assure their adhesion to the Privacy Shield.

The Controller reserves, pursuant to art. 13, paragraph 1, lett. (f), the right to transmit your personal data for the sole purpose of administrative, technical and commercial management to the controlling foreign company, Westport Fuel Systems Inc., located in Vancouver, Canada, 1750 West 75th Ave, in the State of BC (British Columbia), for the purposes and according to the procedures all above foreseen and specified, here understood to be fully reproduced and reported. In this case, the Controller assure as for now that the transfer of data will be made according to applicable laws, especially complying to articles 44 – 45 – 46 – 47 – 48 and 49 of GDPR, also considering that data transfer towards Canada has been authorised by the adequacy decision of the European Commission dated December 20th, 2001 nr. 2002/2/CE and by the resolution of Data Protection Supervisor nr. 6 of April 30th 2003 [doc. web. n. 1075324].

 

PERSONAL DATA RETENTION PERIOD

We point out that, in compliance with the principles of lawfulness, limitation of purposes and conservation and minimization of data, pursuant to art. 5 of GDPR, the retention period of your personal data is established for a period of time not superior to the achievement of the purposes for which they are collected and processed, or for the entire duration of purposes; therefore, once the treatment purposes exhausted, your data will be eliminated from any physical and information technology support.

With special reference to CV/self-application, it should be noted that they will be immediately eliminated if not corresponding to profiles of interest of the Controller, while in case of current or future potential interest they will be kept for maximum 1 (one) year from the date of receipt. Within this time the Controller can assess applications and select personnel; once this purpose exhausted, in case of staff selection negative outcome, your personal data will be eliminated from any physical and information technology support.

With special reference to data treatment for marketing purposes, it should be noted that the Controller will handle user personal data until he revokes his consent and/or exercises his right to oppose to the treatment and, anyway, no longer than 24 (twenty-four) months from data collection. The Controller reserves his right to ask the user to renew his consent and / or update his personal data, before such time has expired.

 

AUTOMATED DECISION-MAKING PROCESSES AND PROFILING

The Controller informs you that, for the purposes of processing your personal data, it does not make use of automated decision-making processes, namely those aimed at making decisions based solely on technological means on the basis of predetermined criteria (i.e. without human involvement), not even is conducting profiling, namely the activity aimed at using your personal data to analyse or predict aspects of professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or travel, etc.

 

RIGHTS OF THE INTERESTED PARTY

Right of access pursuant to art. 15 of the GDPR and Right of Rectification pursuant to art. 16 of the GDPR

As an interested party, pursuant to art. 15 GDPR, You have the right to obtain from the Controller confirmation of the existence or otherwise of the processing of personal data concerning yourself, of obtaining access to them and to all the information referred to in the same art. 15, paragraph 1, letters (a) to (h), by issuing a copy of the data processed in a structured format, in common use, readable by an automatic and interoperable device.

You, pursuant to art. 16 GDPR, also have the right to obtain from the Controller the correction and/or integration of the data being processed if they are not updated and/or inaccurate and/or incomplete.

Cancellation right pursuant to art. 17 of the GDPR and right to limit the processing pursuant to art. 18 of the GDPR

As an interested party, you have the right to obtain from the Controller, without undue delay and exclusively in the cases referred to in art. 17, paragraph 1, letters from (a) to (f) of the GDPR, the deletion of data concerning you – with the exception of the hypotheses specifically provided for by art. 17 paragraph 3.

As an interested party, and in the case one of the hypotheses referred to in art. 18, paragraph 1, letters from (a) to (d), of the GDPR, you have the right to request and obtain from the Controller, the limitation of the processing of Your personal data, or that such data are not subjected to further processing and can no longer be modified. the Controller ensures that the limitation of processing is implemented through appropriate technical devices that ensure its inaccessibility and non-modification.

Data portability right pursuant to art. 20 of the GDPR

As an interested party, you have the right to receive from the Controller the personal data concerning you in a structured format, commonly used and readable by automatic device, and also have the right to transmit such data to another data controller, or to obtain from the Controller, where technically feasible, the direct transmission of such data to another Data Controller specifically identified.

Right to oppose to the treatment pursuant to art. 21 of the GDPR

You have the right to object at any time to the processing of personal data concerning you, for reasons related to your particular situation, in cases where the processing of your data is necessary (1) for carrying out a task of public interest and/or connected to the exercise of public authority for which the Controller is invested; (2) for the pursuit of a legitimate interest of the Controller or a third party; (3) for profiling activities performed by the Controller based on the previous points.

You also have the right to object to the processing of your personal data for reasons related to your particular situation if they are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89 paragraph 1 of the GDPR, except in the case where the processing is necessary for the performance of a task of public interest.

 

HOW TO EXERCISE THE ABOVE RIGHTS

You can exercise the rights mentioned above making a request to the Controller by means of communication via e-mail to the address privacy.cherasco@wfsinc.com or by registered letter with return receipt sent to the company registered office – Human Resources dept. – Attn. Sabrina Marenda.

The Controller will confirm the receipt of your request and provide you with information on the action taken, referring to the exercise of your rights as provided for articles 15 up to 22 of GDPR, within 1 (one) month from receipt of the request. If necessary, and taking into account the complexity and the number of requests, W.F.S.I. s.r.l. may extend this period of 2 (two) months, subject to a reasoned communication to be sent within 1 (one) month from receipt of the request.

The Controller will communicate any rectification and/or integration to all recipients, as identified by the art. 4, paragraph 1, n. (9) of the GDPR, to which such data have been transmitted, unless this proves impossible and/or involves a disproportionate effort.

Following the submission of your request for access or correction, if W.F.S.I. S.r.l. has reasonable doubts about Your identity, you will be asked for further information to confirm it. These communications will be sent by email from privacy.cherasco@wfsinc.com

In the event that the Controller do not comply with your request within 1 (one) month from receipt of the request, the Controller will inform you of the reasons for the non-compliance, informing you from now on your right to propose a complaint to a Supervisory Authority, as specified in accordance with art. 13, paragraph 2, letter (d) and regulated by articles 77 and further of GDPR.