Privacy

BRC / Privacy

INFORMATION AND CONTACT DETAILS OF THE DATA CONTROLLER

Articles 12 – 13 of EU Regulation No. 679/2016

Data Controller

Westport Fuel Systems Italia S.r.l., headquartered at Via La Morra no. 1, 12062, Cherasco (CN), VAT no. 00525960043

Contact details of the Data Controller

Tel: +39 0172 48681 Email: info.cherasco@wfsinc.com

 

Data Protection Officer Contact Information

Westport Fuel Systems Italia S.r.l. does not fall within the cases envisaged by Article 37 of EU Regulation No. 679/2016

 

Westport Fuel Systems Italia S.r.l. (hereinafter referred to as “W.F.S.I. S.r.l.” or “Controller”), headquartered at Via La Morra no. 1, 12062, Cherasco (CN), VAT no. 00525960043, in its capacity as Data Controller of your personal data, hereby informs you, pursuant to Articles 12 and 13 of EU Regulation 679/2016 (General Data Protection Regulation, hereinafter “GDPR”), that your personal data will be processed by specifically authorized parties and strictly for the purposes and in the manner described below.

 

PURPOSE AND SCOPE OF DATA PROCESSING

W.F.S.I. S.r.l., as Data Controller (hereinafter “Controller”), informs you that it will process, in particular, your personal identification data, such as name and surname, residence address, VAT number, email address, phone number, IP addresses or domain names, according to the purposes and procedures specified below.

The personal data of users of websites owned by W.F.S.I. S.r.l., as described above, will be processed in accordance with the GDPR to enable the proper functioning of the websites listed below.

Specifically, the personal data provided to the Controller will be processed for the following purposes:

  1. To respond to specific requests addressed to the Controller via the Website and its communication tools, particularly through the “Contact” form intended to channel requests for information of any kind;
  2. For the voluntary submission by the user of CVs/spontaneous applications through the “Work with Us” sections of the respective websites;
  3. In relation to any geolocation features enabled on the website or connected applications, location data may be processed, with the User’s prior specific consent, to provide personalized services based on location (e.g., locating the nearest assistance center, local commercial offers, interactive maps), or for technical reasons related to the functioning of such features. Processing will comply with the principles of necessity and proportionality, and will be limited to the time strictly necessary to provide the requested service. The geolocation function is not active by default and requires explicit activation by the user in the systems or browsers used.
  4. For marketing purposes, particularly for sending newsletters via the dedicated “Newsletter” function, sending commercial and informational publications about products, activities and services promoted by the Company and its commercial network or by third parties, announcements of events, promotional materials by post, phone, or email, and for conducting statistical surveys aimed at monitoring customer relationships, market research or satisfaction surveys regarding the quality of services rendered, through interviews, phone calls, and questionnaires;
  5. To enable the conclusion of purchase contracts and the proper execution of related operations, including post-sale assistance and administrative/accounting activities;
  6. For the management and maintenance, including security profiling, of the Website, and for access verification and control, with the aim of improving functionality and ensuring an optimal browsing experience, as well as detecting anomalies or abuse;
  7. To access the “Reserved Area” section of the Website where applicable and to use the related services.

This privacy policy is effective only with regard to the following web portals:

www.wfsinc.com

https://www.wfsitalia.com

https://brc.it/

https://www.brcgasservice.it

https://brcracingteam.com/

https://www.zavoli.com

https://www.zavoligaspoint.it/

https://www.omvlgas.it/it/

https://emer.it/

https://www.valtek.it/it/

https://www.westportelectronics.com

 

This information does not apply to other websites, pages, or online services accessible through hyperlinks that may be published on the aforementioned websites but refer to resources external to the Controller’s domain.

Generic data collected during browsing may also be processed automatically for the sole purposes of verifying access and improving the functionality of the Website to ensure a better user experience. For more details, please refer to the Cookie Policy.

 

LEGAL BASIS FOR DATA PROCESSING

Aside from what is specified for navigation data, the processing of personal data by the Controller is based on the following legal grounds:

  • Article 6(1)(b) of the GDPR: for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject, for purposes under points a), b), d), and e);
  • Article 6(1)(f) of the GDPR: for the legitimate interest of the Controller, regarding the purpose indicated in point f);
  • Article 9(2)(a) of the GDPR: regarding the explicit consent of the User for the purposes outlined in point b);
  • Article 6(1)(a) of the GDPR: regarding the free, specific, informed, and unequivocal consent of the User (revocable at any time), for the purposes under points c) and d).

 

Providing personal data is necessary for the full execution of the purposes outlined under points a), b), d), and e); refusal to provide such data may result in the impossibility of delivering the related services.

 

With regard to the processing of special categories of data as per Article 9 of the GDPR (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, sexual life or orientation), the Controller will only process data strictly relevant and necessary for assessing work capability (point b)), based on job position requirements. The Controller invites users not to provide unnecessary sensitive data.

The provision of personal data is optional for the marketing purposes under point c); failure to provide consent will not affect the fulfillment of the other purposes. Any consent given may be revoked at any time by contacting:

privacy.italia@wfsinc.com
or by registered mail to the company’s legal address, Attn: Privacy Office.

 

METHODS OF PROCESSING

The processing of personal data that you provide is carried out through the operations indicated in Article 4, point 2 of the GDPR, namely: “collection, recording, organization, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, communication, erasure, and destruction of data”.

The personal data you provide is processed using automated means for the time strictly necessary to achieve the purposes for which it was collected, applying technical and organizational measures to prevent data loss, unlawful or improper use, and unauthorized access, ensuring a level of security appropriate to the risk, pursuant to Article 32 of the GDPR. These operations are carried out by specifically authorized personnel, in accordance with Article 29 of the GDPR, i.e., employees and/or collaborators of the Controller in their capacity as authorized personnel and/or system administrators. They may carry out operations of consultation, use, processing, comparison, and any other appropriate operation in accordance with legal provisions to ensure, among other things, data confidentiality, security, accuracy, timeliness, and relevance in relation to the stated purposes and methods.

 

Please note that the personal data you provide will be processed exclusively at the Controller’s headquarters, unless otherwise specified below. It will not be disseminated and, in accordance with Article 13(1)(e) of the GDPR, may be processed only by authorized persons and/or external data processors under Article 28 of the GDPR (individual professionals and/or professional associations), and/or by entities acting as autonomous data controllers. A list of such parties is available at the Controller’s headquarters and can be provided upon written request by the data subject. These may include, explicitly, hosting companies and/or technical personnel responsible for managing and/or maintaining the website, but only for the purposes specifically and expressly indicated above.

 

DATA SHARING SCOPE

In relation to the above-mentioned purposes, the data may be shared with the following subjects and/or categories of subjects, or with companies and/or individuals providing services, including external services, on behalf of the Data Controller.

 

By way of example but not limited to, these may include: professionals and consultants (including in associated form); entities providing services for the management of IT systems and telecommunications networks (including email services and website management – cloud storage – hosting); competent authorities and/or regulatory bodies for legal obligations; entities conducting audit, certification, or compliance tasks on behalf of the Controller. These subjects will act either as external data processors under Article 28 of the GDPR or in total autonomy as separate data controllers.

 

This Website may share some collected data with services located outside of Italy and the European Union. Specifically, with Google, Facebook, and Microsoft (LinkedIn), including via social plugins and the Google Analytics service. Extra-EU data transfers are authorized based on specific decisions by the European Commission and the Italian Data Protection Authority, particularly Decision 1250/2016 (Privacy Shield), and thus do not require further consent. The above companies confirm their adherence to the Privacy Shield framework.

 

THIRD PARTY PROCESSORS

Name Address & Info
Positive Group Italia s.r.l. Corso San Martino 1 – 10122 – Torino – Italy — https://www.4dem.it/informativa-privacy
Google Ireland Ltd.
Services: Google Analytics, Tag Manager, Search Console, Recaptcha, Cloud Platform		 Gordon House, Barrow Street, Dublin 4, D04E5W5, Ireland — https://policies.google.com/privacy?hl=en
Meta Platforms Ireland Ltd.
Services: Facebook Pixel		 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland — https://www.facebook.com/about/privacy/

 

DATA RETENTION PERIOD

We inform you that, in compliance with the principles of lawfulness, purpose limitation, data minimization, and storage limitation as per Article 5 of the GDPR, your personal data will be retained only for as long as strictly necessary to achieve the purposes for which it was collected and processed. Once those purposes are fulfilled, your data will be deleted from all physical and electronic media.

 

For CVs/spontaneous applications, if they do not match any positions of interest to the Controller, they will be immediately deleted. If potentially of interest for current or future opportunities, they will be retained for a maximum of one (1) year from receipt, within which the Controller may evaluate the application and proceed with the recruitment process. If the selection process ends negatively, the data will still be deleted from all physical and electronic systems.

For marketing purposes, data will be processed until the User withdraws their consent and/or exercises their right to object. In any case, data will not be processed for more than 24 (twenty-four) months from collection. Before the expiration of this period, the Controller reserves the right to request a renewal of consent and/or update of the data.

 

AUTOMATED DECISION-MAKING AND PROFILING

The Controller informs you that, for the purposes of processing your personal data, it does not use automated decision-making processes, i.e., decisions made solely by technological means based on predetermined criteria (i.e., without human involvement), nor does it carry out profiling activities, i.e., activities aimed at using your personal data to analyze or predict aspects concerning job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, etc.

 

DATA SUBJECT’S RIGHTS

Right of Access (Art. 15 GDPR) and Right to Rectification (Art. 16 GDPR)

As a data subject, pursuant to Article 15 of the GDPR, you have the right to obtain from the Controller confirmation as to whether or not personal data concerning you is being processed, and to access such data and the information listed in Article 15(1), letters (a) to (h), including a copy of the data in a structured, commonly used, machine-readable, and interoperable format.
Under Article 16 of the GDPR, you also have the right to obtain from the Controller the rectification and/or completion of any data that is not up to date, inaccurate, or incomplete.

 

Right to Erasure (Art. 17 GDPR) and Right to Restriction of Processing (Art. 18 GDPR)

You have the right to obtain, without undue delay, the erasure of personal data concerning you in the cases listed in Article 17(1), letters (a) to (f), of the GDPR, except where the exceptions under Article 17(3) apply.
Pursuant to Article 18(1), letters (a) to (d), of the GDPR, you also have the right to request and obtain from the Controller the restriction of the processing of your personal data — meaning that such data will no longer be subject to further processing or modification. The Controller ensures that restriction of processing will be implemented using appropriate technical measures to guarantee data inaccessibility and immutability.

 

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller. You also have the right to have the data transmitted directly from one controller to another, where technically feasible.

 

Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data where such processing is carried out:

  1. For the performance of a task carried out in the public interest or in the exercise of official authority;
  2. For the purposes of the legitimate interests pursued by the Controller or a third party;
  3. For profiling activities related to the purposes above.

You also have the right to object to the processing of your personal data where it is used for scientific or historical research purposes or statistical purposes under Article 89(1) GDPR, except where the processing is necessary for a task carried out for reasons of public interest.

 

EXERCISE OF RIGHTS

You may exercise the aforementioned rights by submitting a request to:
Email: privacy.italia@wfsinc.com

Registered mail: to the registered office address of the company, attn. Privacy Office.

The Controller will confirm receipt of your request and provide you with information on the action taken, regarding your rights under Articles 15 to 22 of the GDPR, within one (1) month from receipt of the request. If necessary, and taking into account the complexity and number of requests, this deadline may be extended by two (2) months, with prior notification and justification within one (1) month of receipt.

The Controller will also notify all recipients of the rectification, erasure, or restriction unless this proves impossible or involves a disproportionate effort.

If the Controller has reasonable doubts regarding your identity following your request, it may ask for additional information to confirm it. Communications will be sent from the email address: privacy.italia@wfsinc.com

If the Controller fails to act on your request within one (1) month, it will inform you of the reasons for the inaction and your right to lodge a complaint with the Data Protection Authority (Garante per la protezione dei dati personali), as set out in Article 13(2)(d) and regulated by Articles 77 et seq. of the GDPR.