DISCLOSURE REGARDING PERSONAL DATA PROCESSING
We wish to inform you that Generalfinance S.p.A., in the context of its factoring agreement with the Assignor (the “Agreement“), will also obtain certain data about the debtors whose receivables were assigned (the “Assigned Debtors“). That data will be processed to perform the Agreement and the other activities instrumental and connected to the Agreement, namely: activities preliminary to executing it; to satisfy obligations thereunder; to perform administrative, tax and accounting obligations and requirements under law; for business communications; to offer and manage goods and services; for relationships with outside collaborators; to implement a system of commercial information and [obtain information] about payment habits; for all other operating and managerial activities associated with the existing relationship with the Assignor; and to comply with disclosure and signposting obligations under law. In that regard, you will find some information below that we request that you read carefully.
Who is the controller of the processing?
The controller of the personal data processing is GENERALFINANCE S.p.A., which has its registered office in Milan (MI-20157), at Via Giorgio Stephenson 43A, tel. 015.8484301 (“Generalfinance“), represented by its Managing Director.
What categories of personal data will be processed by Generalfinance and where will they be collected?
The data being processed will be identifying information (VAT number, tax code and registered office, ABI [Italian Banking Association Number] and CAB [Bank Routing Code]) and data about the receivables proposed to be assigned that are provided by the Assignor to perform the Agreement and activities related thereto (e.g., collection and/or payment operations, such as wire transfers).
The personal data are collected directly from the client and from public databases.
Due to the nature of the activity performed and the products and services offered to clients, normally Generalfinance does not obtain and, thus, does not process sensitive data. However, while performing the Agreement, if Generalfinance happens to learn of particular categories of personal data (such as data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, or data about a person’s health, sex life or sexual orientation), pursuant to Article 9 of the European Personal Data Protection Regulation (2016/679), we will ask for your specific consent to process such data in advance, which we will use solely to satisfy legal obligations and to perform the Agreement.
What are the legal bases for processing the data, and for what purposes will the data be processed?
Generalfinance processes the data it obtains to perform the Agreement and satisfy legal obligations in the context of providing the financing it is authorised to provide, which includes factoring in particular and, with that, advancing the compensation, administrative and accounting management, and collecting the assigned receivables. Those data are processed to perform the preliminary analysis when the contractual relationship is begun, monitor the risk assumed by Generalfinance and proper performance of the relationship, manage the receivables assigned and perform other instrumental and connected activities (activity preliminary to executing the Agreement; satisfying the obligations under the Agreement; performing administrative, tax and accounting obligations and requirements under law; for business communications; offering and managing goods and services; for relationships with outside collaborators; implementing a system of commercial information and information about payment habits; and all other operating and managerial activities associated with the Relationship). In greater detail, the purposes of the processing are:
In this case, providing the data is not obligatory and its processing requires the data subject?s consent.
How will the data be processed?
In connection with the purposes indicated above, the personal data is processed using manual, computer and electronic tools according to logic that is strictly connected to those purposes and in a manner that ensures the security and confidentiality of the data. The manual and computer processing is performed using tools that guarantee the security and confidentiality of the data being processed in a lawful manner and according to the principle of fairness. The data are collected and recorded for specified explicit and lawful purposes; their accuracy is verified and updated periodically with information obtained during the relationship with the client; the data are pertinent, complete and not excessive in relation to the purposes; and are retained solely for the period of time necessary to pursue the purposes for which they were collected.
Who can the data be disclosed to?
Generalfinance may disclose the Assigned Debtors’ data to parties designated and authorised to process them, parties to whom the disclosure is required and governed by laws or regulations, and parties that collaborate with Generalfinance to more effectively carry out the services provided to clients. In more detail, Generalfinance may disclose your data to third parties in the categories listed below:
Can the data be transferred to non-European Union countries?
Generalfinance may transfer the personal data abroad, making them available to other factoring companies, parties that manage debt collection or provide professional consulting services and tax, legal and judicial assistance, or parties that support credit investigation, assessment, providing, collection and insurance activities, but only for reasons closely connected to the purposes of the processing and, in particular, to properly perform the Agreement and manage the assigned receivables.
Can the personal data result in profiling?
Generalfinance does not process the personal data so that it be used for profiling for marketing purposes. However, for purposes of properly performing the Agreement and, in particular, for purposes associated with obtaining an accurate assessment of clients? risk profiles and complying with applicable laws combatting money laundering and financing of terrorism, laws on transparency in relationships between clients and banking and financial intermediaries and, more broadly, industry laws governing the activities of financial intermediaries, the personal data collected by Generalfinance may be processed to develop a characteristic profile for the client.
How long will the data be retained?
Generalfinance retains the personal data in a form that allows the data subjects to be identified for a period of time necessary to achieve the specific purposes of the processing, in accordance with contractual and/or legal (e.g., tax, anti-money laundering and anti-fraud) obligations.
What are your rights?
As the data subject of the processing, you may exercise the specific data protection rights listed below:
We also inform you that you have the right to withdraw, at any time, any consent you have given to specific optional activities, without prejudicing the legality of processing performed prior to the withdrawal.
How can you exercise your rights?
To exercise your rights, you may contact: Claims Office, Via Carso no. 36 (BI-13900) Biella, including by e-mail to: [email protected] You will be given information about the action taken in regard to your request without undue delay and, in any event, within one month of receipt.
GLOSSARIO SULLA PROTEZIONE DEI DATI PERSONALI
Autorità Garante per la protezione dei dati personali: autorità amministrativa indipendente istituita dalla legge n. 675 del 31 dicembre 1996 preposta alla vigilanza sul rispetto della normativa sulla protezione dei dati;
Dati personali: ai sensi dell’art. 4, comma 1, n.1, si tratti di “qualsiasi informazione riguardante una persona fisica identificata o identificabile («interessato»); si considera identificabile la persona fisica che può essere identificata, direttamente o indirettamente, con particolare riferimento a un identificativo come il nome, un numero di identificazione, dati relativi all’ubicazione, un identificativo online o a uno o più elementi caratteristici della sua identità fisica, fisiologica, genetica, psichica, economica, culturale o sociale.”;
Profilazione: ai sensi dell’art. 4, comma 1, n. 4 del Regolamento, si tratta di “qualsiasi forma di trattamento automatizzato di dati personali consistente nell’utilizzo di tali dati personali per valutare determinati aspetti personali relativi a una persona fisica, in particolare per analizzare o prevedere aspetti riguardanti il rendimento professionale, la situazione economica, la salute, le preferenze personali, gli interessi, l’affidabilità, il comportamento, l’ubicazione o gli spostamenti di detta persona fisica.”;
Regolamento: il Regolamento UE 2016/679 del 27 aprile 2016, relativo alla protezione delle persone fisiche con riguardo al trattamento dei dati personali, nonché alla libera circolazione di tali dati e che abroga la Direttiva 95/46/CE;
Responsabile del trattamento: ai sensi dell’art. 4, comma 1, n. 8 del Regolamento, si tratta della “persona fisica o giuridica, l’autorità pubblica, il servizio o altro organismo che tratta dati personali per conto del titolare del trattamento.”;
Responsabile della protezione dei dati (RPD) o Data Protection Officer (DPO): figura introdotta dal Regolamento, avente tra i principali compiti quello di informare e fornire consulenza al Titolare, Responsabili e Incaricati in merito alla protezione dei dati; sorvegliare l’osservanza del Regolamento; fornire pareri in merito alla valutazione d’impatto sulla protezione dei dati; cooperare con l’autorità di controllo.
Titolare del trattamento: ai sensi dell’art. 4, comma 1, n. 7 del Regolamento, si tratta della “persona fisica o giuridica, l’autorità pubblica, il servizio o altro organismo che, singolarmente o insieme ad altri, determina le finalità e i mezzi del trattamento di dati personali […].”;
Trattamento di dati personali: ai sensi dell’art. 4, comma 1, n. 2 del Regolamento, si tratta di “qualsiasi operazione o insieme di operazioni, compiute con o senza l’ausilio di processi automatizzati e applicate a dati personali o insiemi di dati personali, come la raccolta, la registrazione, l’organizzazione, la strutturazione, la conservazione, l’adattamento o la modifica, l’estrazione, la consultazione, l’uso, la comunicazione mediante trasmissione, diffusione o qualsiasi altra forma di messa a disposizione, il raffronto o l’interconnessione, la limitazione, la cancellazione o la distruzione.”.