The General Data Protection Regulation (GDPR) has replaced the European Directive 95/46/EC. The Regulation aims to provide a modern, uniform and sound framework for data protection in Europe based on the accountability principle. The new provisions have an impact in organisational, operational and technological terms, and they also establish a stricter sanctioning system compared with the previous Directive.
The most notable change in the regulatory landscape for data protection is related to the wide jurisdiction of the GDPR, since the latter applies to personal data processing carried out within the scope of an enterprise’s activities by a data controller or data processor in the European Union, regardless of whether or not the processing is carried out there. Moreover, the Regulation is applicable to processing personal data of data subjects who are in the EU by a data processor or controller that is not located therein when the processing activities are related to: the offering of goods or services, regardless of whether or not the data subject must make a payment; or the monitoring of their behaviour as far as their behaviour takes place within the Union.
The Regulation is also applicable to personal data processing carried out by a controller that is not located in the European Union but in a place where Member State law is applicable by virtue of public international law.
The GDPR requires companies to implement appropriate technical and organisational measures in order to apply data protection principles and safeguard individual rights; this is known as “Data Protection by Design and by Default”.
Data Protection by Design ensures that the company considers the issues related to privacy and data protection in the design stage of any system, service, product or process and, thus, throughout the lifecycle thereof.
Data Protection by Default requires Arconvert S.A. to ensure that the Company processes only the data required to achieve a specific purpose and for a period of time no longer than that required for the purpose for which the data have been collected and subsequently processed.
Arconvert S.A. has adopted a Management Model for Personal Data Protection in accordance with the GDPR, bearing in mind the provisions in the Italian Legislative Decree 196/2003, which was amended by the Italian Legislative Decree 101/2018, defining binding rules and procedures for the Company and every employee thereof. Arconvert S.A. reviews and updates its Data Protection and Information Security Policy as required on a regular basis, and it determines progress guidelines that translate into an implementation plan for the updates. Pursuant to Article 13 and 14 of the GDPR, Arconvert S.A. provides all the information required by the regulations in the various documents contained in the “Privacy” section, which varies depending on the purpose for which the Data Subjects’ Personal Data are processed. If the user requires clarification regarding the sections dealt with in the Information Notices, he/she should contact our contact person for the matter by using the following email address: firstname.lastname@example.org.