The Company FOLLI FOLLIE Commercial Manufacturing and Technical Société Anonyme (”Company”, or “we”) wishes to provide updated information about the processing of personal data –including sensitive personal data- that are currently in the Company’s possession or that will be supplied to the Company by you, and concerning you or your family members (“Data”). The Company is committed to ensuring that your Data is protected at all times. Processing operations are carried out in line with the applicable Privacy Laws (European Regulation 2016/679/EU).
1 – What Data we collect and how we process them.
The categories of processed Data may include: personal information (name, surname, date of birth, image, gender, marital status, social security number, company ID number, username, etc.); professional and private contact information, data included in the Company devices assigned to you, professional and work data pertaining to your CV; financial, fiscal and tax data; sensitive data and judicial data (i.e. pertaining to criminal convictions and offences and related security measures).
We process Data electronically and manually, and we ensure our processing procedures and policies are consistent with the purposes listed under section 2 of this document (below) and with the applicable law (including the aspects pertaining to security and confidentiality), as well as with the principles of fair and legitimate processing. Data will only be stored for as long as necessary to fulfil the purposes for which they were collected; in any case, the criterion used to determine the storage period is based on, and takes into due account, the need to comply with any relevant legal requirement, the principle of data minimisation and the need to rationally manage the Company’s records. We may keep some Data even after the termination of your employment relationship, for as long as necessary to fulfil contractual and legal obligations as well as to pursue the said purposes described under section 2 of this document (below).
2. What we can do with your Data
2.1. Mandatory processing for which you do not need to provide consent
In general, we process your Data to carry out all the activities necessarily connected with and/or functional to, your employment relationship with us or your job duties. Such activities include: fulfilling legal obligations and administrative duties; managing human resources (even in emergency situations); pursuing training and organisational needs; protecting the security of the Company’s assets; ensuring the safety of the workplace; managing the Company equipment entrusted to employees (PCs and other electronic devices, mobile phones, motor vehicles, etc.) in line with the Company’s policies ; ensuring the exact performance of contracts and collective agreements and compliance with any applicable legal provision in the field of employment, health and safety, taxation and social security.
Data may also be processed for the purpose of protecting the Company’s assets and defend the Company’s legal prerogatives and rights, to prevent the commission of crimes.
All the processing operations mentioned above are essential to perform the employment relationship or to pursue the Company’s legitimate interests (administrative and accounting necessities, staff management, protect legal prerogatives and/or defend legal claims, business development): an objection on your part would make it impossible to commence or continue your employment relationship with the Company -for this reason, you are not required to confer your consent. In particular, we inform you that, in case criminal defense investigations are performed, your Data will be processed without the need to collect your consent, pursuant to arts. 6.1.b, 6.1.c., 6.1.f, 9.2.b and 9.2.f of Regulation 2016/679/EU.
2.2. Optional Processing, for which your consent is required
If you wish to provide your consent, we may process Data for additional purposes connected to the Company’s activities though not strictly necessary for the commencement/continuation of your employment relationship. These may include, for example: your voluntary participation in optional activities/initiatives which may imply the processing of your personal data such as video-shootings, interviews, articles on Company in house-press; participation into celebrative non-work related events and other communication initiatives published also on the Company website; granting you the use of certain company assets for private or mixed (private and professional) purposes; providing you with legal assistance etc. Consent to the processing of Data for these purposes is optional and may be withdrawn at any time: denying your consent will not affect your current or future employment relationship with the Company, but simply your ability to take part in, or take advantage of, the optional activities/initiatives as described above.
3. How we can share your Data.
Data are accessible to the following categories of Company’s authorized persons: line managers and hierarchical superiors, HR staff, staff in charge of accounting, tax, administrative social security, IT, internal audit tasks as well as any other authorized person who needs to process your data by reason of his/her job tasks.
In addition, pursuant to art. 6, Recital 47 and Recital 48 of Regulation 2016/679/EU, Data may be communicated also to other companies of the FF Group located also in non-EU Countries (“Third Countries”) for purposes allowed by the law and/or on the basis of a legitimate interest (administrative and accounting necessities, staff management, protect legal prerogatives and/or defend legal claims, business development). Certain biographical and professional information, your CV and your image may be processed also in the Company’s internal network/applications (including e-learning platforms, project management software and e-mail services) and thus shared with the staff of the Menarini Group for administrative, organisational, training or continuing education purposes and in any event only for the required purposes listed above.
For the above mentioned purposes, Data may further be communicated, also in Third Countries, to: Authorities and public bodies, social security and insurance entities; trade unions; financial and credit institutions; third-party partners which provide specific technical or logistic services to the Company (e.g. Cloud Computing Providers, external consultants and collaborators, payroll service providers and tax/social security consultants, security service providers, training providers, travel agencies); agents, distributors; commercial partners; universities; Company suppliers; third parties and their consultants in case of extraordinary operations (mergers and acquisitions, transfers of undertaking/business units, etc.); legitimate recipients of communications prescribed by laws or regulations such as your family members and relatives, appointed doctor. As the case may be, these individuals/entities will act as Data Controllers, Data Processors or persons authorised to process personal data, for the same purposes indicated above and in line with the applicable law.
As far as the transfer of Data towards Third Countries is concerned, the Company informs that the processing of Data will in any event take place in accordance with one of the methodologies allowed by the law, such as, for example your consent, the adoption of Model Contract Clauses approved by the European Commission, the selection of transferees which subscribed to programs pertaining to the free movement of data (e.g. the EU-USA “Privacy Shield”) or which operate in countries considered as safe by the European Commission.
4 – Your Rights to Access and Control your Data
You may at any time contact the Company to exercise the rights afforded by arts. 15 and following of Regulation 2016/679/EU, including: the right to obtain the updated list of those who may access your Data; receive confirmation that any of Data referring to you is being processed by the Controller; verify the Data’s content, origin, exactness, location (including, where applicable, the Third Countries where the data might be), obtain a copy thereof, ask that the Data are supplemented, updated, amended and, in the circumstances set forth by the law, ask that they are deleted, anonymised, frozen (if processed against the law), or oppose to their processing for legitimate reasons. At any time, you may notify the DPO your concerns about particular personal situations regarding Data processing which you consider as inappropriate or unjustified in light of your relationship with the Company or lodge a complaint with your Data Protection Authority namely the Hellenic Data Protection Authority (www.dpa.gr).
5 – Data Controller and Data Protection Officer – Contact Information
The Data Controller is FOLLI FOLLIE COMMERCIAL MANUFACTURING AND TECHNICAL SOCIETE ANONYME (d.t. FF GROUP).
The Company’s Data Protection Officer ("DPO") may be reached at firstname.lastname@example.org