Survey Information Notice
Information pursuant to Article 13 of European Regulation No. 679/2016
1. Identity and Contact Details of the Data Controller
Pursuant to Article 13 of European Regulation No. 679/2016 “General Data Protection Regulation” (“GDPR”), we inform you that the Data Controller (“Controller”) is CFT S.p.A. (also referred to as “CFT”), located in Parma, Via Paradigna 94/A, and can be contacted by mail at the headquarters or by email at: privacy@atsautomation.com.
2. Purpose, Data Processed, and Lawfulness of Processing
The personal data (“Personal Data”) collected (name and surname, business email, country, company, industry/business unit) are processed to allow CFT to conduct surveys and statistical activities related to the products and services provided and the brand perception by customers, subject to the consent of the data subject pursuant to Article 6, letter a) GDPR to carry out this activity.
3. Nature of Provision and Processing Methods
The provision of Personal Data is optional; failure to provide it will make it impossible to carry out the activities for which consent is required. Please note that you can always withdraw your consent by requesting it at privacy@atsautomation.com, and following any such request, CFT will cease sending further surveys to you.
Personal Data will be processed through manual processing or IT or telematic tools, solely by CFT personnel expressly authorized and trained for this purpose, who are allowed access to Personal Data to the extent and within the limits necessary for the performance of the processing activities covered by this information notice.
4. Communication and Transfer of Personal Data
For the purpose of sending surveys, Personal Data may be communicated to individuals within the company organization acting as authorized processors and will not be disclosed to unauthorized external third parties. Additionally, the company’s membership in the multinational ATS group may involve the circulation of personal data outside the European Union and the European Economic Area (“EEA”), which qualifies as a transfer of personal data to third countries under Article 44 of the GDPR. In this context, Personal Data will always be processed in accordance with Articles 45 et seq. of the GDPR. Specifically, regarding the possible transfer of Personal Data to ATS Corporation, the ultimate indirect parent company, based in Cambridge, Ontario (Canada), this transfer will be based on the European Commission’s adequacy decision of December 20, 2001. Outside of these cases, your Personal Data will not be communicated or transferred to third parties outside the European Union.
5. Retention Period of Personal Data
Your Personal Data will be retained by CFT for the period necessary for the purposes for which they are processed and, in any case, no longer than 24 months from the date you gave your consent, without prejudice to your right to withdraw consent.
6. Rights of the Data Subject
With respect to the Data Controller, regarding the processing of personal data carried out by the Controller, you may, at any time, exercise the rights provided by the GDPR, in particular: the right to access personal data and obtain a copy (Article 15 GDPR); the right to rectify personal data (Article 16 GDPR); the right to erase personal data (Article 17 GDPR); the right to restrict the processing of personal data (Article 18 GDPR); the right to data portability (Article 20 GDPR); the right to object to processing (Article 21 GDPR); and, where applicable, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (Article 7 GDPR).
These rights can be exercised by sending a specific request to the Data Controller via email at: privacy@atsautomation.com.
Requests related to the exercise of rights will be handled without undue delay and, in any case, within 30 days of receipt of the request. In any case, you can always lodge a complaint with the competent supervisory authority pursuant to Article 77 GDPR if you believe that the processing of personal data is contrary to the applicable law. For Italy, the supervisory authority is the Garante per la protezione dei dati personali, which can be contacted as indicated at the following link: https://www.garanteprivacy.it/home/footer/contatti.