INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR EMPLOYEES OF COMPANIES THAT ARE CLIENTS OF EAPITALIA WORLD S.R.L. AND HAVE ACTIVATED THE EMPLOYEE ASSISTANCE PROGRAM SERVICE
The purpose of this document is to inform natural persons (hereinafter referred to as “Data Subject” or “Data Subjects“) of the processing of their personal data (hereinafter referred to as “Personal Data” or “Data“) collected by the Data Controller, as subsequently identified, in the provision of the employee assistance program service (hereinafter referred to as the “Service” or “Services“) accessed by the Data Subjects by virtue of the activation of the service by their employer company (hereinafter referred to as the “Company“) in favour of the Data Subjects.
The Data Controller may amend or simply update all or part of this Policy by informing the Data Subjects, including through their employer.
- Data Controller of Personal Data
The Data Controller is Eapitalia World S.r.l., with registered office in Via E. Chiesa, 6 – 20122 Milan, Tax Code/VAT Code 09286960969, REA 2080959, e-mail address email@example.com, PEC address firstname.lastname@example.org, telephone +39 02 45481906.
- Personal Data collected
The Data Controller collects the following categories of Personal Data:
- Sensitive data: mainly data relating to a person’s physical or mental health or sexual life or gender and sexual orientation;
- Identification and contact details: such as name, surname, age group, place of residence, email address, telephone number and any other contact details;
- Family members’ details: details of spouse, children or other persons living in the same household;
- Employment data: mainly employer company, information received from the employer company about the Service, existing or terminated employment, place of work, company role, work arrangements and workload.
- Other data: all data that is provided by the Data Subject in order to use the Services of helpline, psychological support, management consultation, provision of fiscal and legal guidelines, support in critical cases.
If the Data Subject fails to provide the Personal Data required to use the service, it will be impossible for the Data Controller to provide all or part of its services.
The Data Subject who communicates to the Data Controller the Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or disclosure.
- Purpose of Processing
The Personal Data collected may be used for the performance of contractual obligations in favour of the Data Subject and therefore for the support of and contact with the Data Subject, also by communicating the Data to professionals affiliated with Eapitalia World exclusively within the scope of the provision of the Service. The legal basis of the processing for this purpose is the performance of the contract concluded in favour of the Data Subject.
- Processing methods
Personal Data is processed by means of paper, computer and/or telematic tools, with organisational methods and logics strictly related to the purposes indicated.
Processing is carried out in accordance with the principles of correctness, loyalty and transparency provided for by the applicable legislation on the protection of personal data, through the adoption of suitable technical and organisational measures to ensure a level of security appropriate to the risk.
- Place of processing and transfer of Data
Personal Data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the Processing are located. For further information, the Data Subject may contact the Data Controller at the email address email@example.com and at the postal address Via E. Chiesa, 6 – 20122 Milan.
Personal Data are not subject to disclosure; however, they may come to the attention of employees and collaborators of the Data Controller, of the persons in charge of processing and may be disclosed to external collaborators (in particular to professionals affiliated with the Data Controller) and to all those subjects to whom disclosure is necessary, in the sole discretion of the Data Controller, for the purposes of performing their contractual obligations and therefore for the correct provision of the Service, as well as by virtue of legal obligations. Also for the purposes of the correct and complete performance of contractual obligations and the provision of the Service, the Data may be transferred to countries within the European Union and to countries outside the European Union, in particular by virtue of the use of storage systems on servers located outside Italy, which in any case provide the necessary security guarantees.
- Automated decision-making processes
None of the Data collected will be subject to any automated decision-making process, including profiling, which may produce legal effects for the individual or which may significantly affect the individual.
- Security measures
The Processing is carried out according to methods and with tools suitable to guarantee the security and confidentiality of Personal Data, the Data Controller having adopted adequate technical and organisational measures that guarantee, and allow to demonstrate, that the Processing is carried out in compliance with the reference legislation.
- Period of retention of Personal Data
The Data Controller shall process Personal Data for the time necessary to fulfil the purposes related to the execution of the contract between the Data Controller and the Company until the expiry of the prescriptive term provided for by the laws in force.
Where the Processing of Personal Data is necessary for the pursuit of a legitimate interest of the Data Controller, the Personal Data shall be retained until such interest is satisfied.
Where the Processing of Personal Data is based on the consent of the Data Subject, the Data Controller may retain the Personal Data until that consent is withdrawn by the Data Subject.
Personal Data may be kept for a longer period if necessary to comply with a legal obligation or by order of an authority.
All Personal Data will be deleted at the end of the retention period. Upon expiry of this period, the right of access, deletion, rectification and the right to portability of Personal Data may no longer be exercised.
- Rights of the Data Subject
Data Subjects may exercise certain rights with regard to the Personal Data processed by the Controller. In particular, the Data Subjects have the right to:
- withdraw consent at any time;
- object to the Processing of their Personal Data;
- access their Personal Data;
- verify their Data and request their rectification;
- obtain the restriction of the Processing;
- obtain the erasure of their Personal Data;
- receive their Personal Data or have it transferred to another Data Controller;
- file a complaint with the data protection supervisory authority and/or take legal action in court.
In order to exercise their rights, Data Subjects may send a request to the contact details of the Data Controller indicated in this document. Requests are made free of charge and processed by the Data Controller as soon as possible, in any case within 30 days.
Latest update: 12/05/2021