You are using an outdated browser. Please upgrade your browser to improve your experience.

Privacy Policy

1. Introduction

VALAGRO S.P.A, with registered office in Italy, 66041, Atessa (CH), Via Cagliari, 1 Zona Industriale, which may be contacted at privacy@valagro.com (hereafter, “VALAGRO”), acting as data controller, hereby informs users (hereafter, the “Users”) of its website www.valagro.com (hereafter, the “Site”) that the data collected shall be used exclusively according to the modalities and for the purposes under this privacy policy, and according to the new Regulation (EU) 679/2016 on Data Protection, effective as from 25 May 2018 (hereafter, the “Privacy Regulation”).

 

2. Types of data processed

VALAGRO shall process, according to this privacy policy, the following personal data collected through the Site:

  • personal data and contact details provided by the User at the time of registering with the Site;
  • data provided in case of requests of information or assistance by the User; and
  • browsing data of the User on the Site, collected through cookies, according to the cookie policy provided below;

(hereafter the "Personal Data").

 

3. Purposes of the processing

VALAGRO shall process the Personal Data of the Users for the following purposes:

  • allow the use of the services offered through the Site, including the registration with the Site through the creation of a personal account, necessary to access to Site’s restricted area;
  • answering requests of information or assistance sent by the Users. This activity may be automatic, through access to the restricted area mentioned in the previous point, or through the direct contact with members of the staff, agents, distributors or other subjects appointed by VALAGRO;
  • managing complaints and disputes;
  • for the purposes of compliance with the applicable domestic and European law and/or to answer the requests of public authorities;

(the purposes from point a) to point d) above shall be collectively referred to as “Contractual Purposes”);

  • performing a potential merger, transfer of assets, transfer of business or business unit, disclosing and transferring the Personal Data of the User to the third party/ies involved;

(the purpose under point e) shall be referred to as “Purposes of Legitimate Interest”)

  • subject to the prior consent of the User, for sending direct marketing communications through traditional and electronic means (including email, SMS, MMS, social media, instant message systems, mobile applications, banners, faxes, post and telephone), for the promotion and/or sale of VALAGRO’s products and/or services, as well as for market surveys or other studies useful for the improvement of its products and/or services;

(the purposes under point e) shall be referred to as “Marketing Purposes”)

 

4. Legal basis of the processing

The processing of Personal Data of the User is necessary with reference to the Contractual Purposes given its essentiality for the purposes of:

  • using the services of the Site with reference to the cases under Section 3, points a) to c);
  • complying with the provisions of the applicable laws and regulations as provided for by Section 3, point d).

If the Users do not intend to disclose their Personal Data for such Contractual Purposes, they may not be able to use the services and functionalities of the Site.
The processing of Personal Data of the User for the Purposes of Legitimate Interest shall be carried out pursuant to Article 24, par. 1, point d) of Legislative Decree no. 196/2003 (“Privacy Code”) and for the pursuance of one of VALAGRO’s legitimate interests, which is equally balanced with the interests of the Users, since processing of Personal Data is limited to what is strictly necessary for the performance of the activities specified above pursuant to Article 6 f) of the Privacy Regulation. The processing for the Purposes of Legitimate Interest is not mandatory and the User may object to the said processing subject to the modalities under this information; however, should the User object to the said processing, his Personal Data may not be used for the Purposes of Legitimate Interest.
Finally, the processing for Marketing Purposes is optional. Should the User deny his consent, he may not receive the commercial communications under Section 3, point f). The Users may at any time withdraw their consents according to the modalities specified in this information.

 

5. Modalities to process the data

The Personal Data of the Users may be processed with paper and/or computer means, and they shall be protected through adequate security measures capable of guaranteeing their confidentiality and security.

 

6. Disclosure of the data

For the Contractual Purposes, the Personal Data of the Users may be transferred to the following categories of intended recipients, located in the European Union: (a) third party service providers that assist and advice VALAGRO with reference to the activities of the following sectors (by way of mere example): technological, administrative, legal, insurance, and IT; (b) companies of the VALAGRO group; (c) subjects and authorities whose right to access the Personal Data of the Users is expressly granted by the law, by regulations or other measures issued by the competent authorities. Such intended recipients, depending on the case, will process the Personal Data acting as data controllers, data processors, or other persons in charge of the processing.
For the Purposes of Legitimate Interest specified above, the Personal Data of the Users may be transferred to the following categories of intended recipients, located in the European Union: (a) third party service providers that assist and advice VALAGRO; (b) companies of the VALAGRO group; (c) potential buyers of VALAGRO and entities resulting from the merger or any other form of transformation regarding VALAGRO; and (d) competent authorities.
For the Marketing Purposes specified above, the Personal Data of the Users may be transferred to the following categories of intended recipients, located in the European Union: (a) third party service providers that assist and advice VALAGRO with reference to the activities involving the sending of commercial communications; and (b) companies of the VALAGRO group.
A complete list of data processors appointed by VALAGRO is available upon request through the modalities specified in this information.

 

7. Transfer of data abroad

The Personal Data may be freely transferred outside the domestic territory to countries located in the European Union. Any transfer of the Personal Data of the User to Countries located outside the European Union shall take place, in any case, in compliance with the appropriate and adequate guarantees for the purposes of the transfer pursuant to the applicable rules and regulations and in particular pursuant to Articles 45 and 46 of the European Privacy Regulation.

 

8. Rights of the Users

The Users may exercise the following rights at any time, free of charge, by sending an email at privacy@valagro.com:

  • obtain from VALAGRO confirmation as to whether or not the Personal Data concerning them exist, and receive information about the contents and source of the Personal Data, verify the accuracy thereof and request the Personal Data be integrated, updated, or rectified;
  • obtain the erasure, anonymization or the blocking of the Personal Data that have been processed in breach of the applicable law, if any;
  • object in whole or in part to the processing on legitimate grounds; and
  • withdraw at any time the consent to the processing of Personal Data (in relation to the processing operations for which such consent is possibly necessary) without prejudice to the lawfulness of the processing based on the consent given prior to withdrawal.

In addition to such rights, the Users shall also have the right, which may be exercised at any time, to:

  • ask VALAGRO to limit the processing of their Personal Data in the case that: (i) the Users contest the accuracy of their Personal Data for a period enabling VALAGRO to verify their accuracy; (ii) the processing is unlawful and the Users oppose the erasure of their Personal Data and requests the restriction of their use instead; (iii) although VALAGRO no longer needs the Personal Data for the purposes of the processing, the Personal Data are necessary to the Users for the establishment, exercise or defence of legal claims; (iv) the Users have objected to the processing pursuant to Article 21(1) of the European Privacy Regulation pending the verification as to whether or not VALAGRO has compelling legitimate grounds to continue the processing which override those of the data subject;
  • object to the processing of Personal Data;
  • request the erasure of the Personal Data concerning them without undue delay;
  • obtain the portability of the Personal Data; and
  • lodge a complaint with the competent data protection authority where the necessary requirements for that are met.

 

9. Retention periods

The Personal Data of the User shall be stored as long as it is necessary to pursue the specific purposes for which they have been collected, as stated in this privacy policy, and in any case:

  • for the Contractual Purposes and Purposes of Legitimate Interest, the Personal Data shall be stored for a period equal to the period of use of the services offered through the Site and for the 10 years following the termination thereof, save for the cases in which the storage for a subsequent period is required in the context of a legal proceeding, or by a request of the competent authorities or pursuant to the applicable laws and regulations;
  • for Marketing Purposes, the Personal Data shall be stored for the time of the registration of the User with the Site, and thereafter for 24 months following deactivation or cancellation of the account;

Once the above-mentioned terms have expired, the Personal Data of the User may be erased, anonymised, and/or aggregated.

 

10. How can the controller be contacted?

Should the User have any doubts or concerns regarding this privacy policy, or should the User intend to exercise the rights under paragraph 8 above, he may contact VALAGRO at privacy@valagro.com.

 

11.Updates

This privacy policy shall be valid from the effective date. VALAGRO, however, may modify and/or update this privacy policy, also as a consequence of modifications to and/or updates of the applicable laws and regulations. In any case, the Users shall be informed in advance of any modifications and/or updates, and the text of the updated policy shall be available at any time at www.valagro.com.

  • PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA (CUSTOMERS)

    1. Introduction

    Valagro S.p.A. (hereinafter referred to as the “Company”) hereby informs that the personal data of the Data subjects (where the latter is a physical person or an individual company), his/her shareholders, employees or appointees which data have been shared in order to carry out the preliminary assessment pertaining to the contract, to which this policy is attached (hereinafter referred to as the “Contract”), between the Company and the other party to the Contract (hereinafter referred to as the “Other Party”), and also during the performance of the contract – and all activities connected thereto – will be processed in accordance with this privacy policy (hereinafter referred to as the “Personal Data”; the individuals to whom the Personal Data refers are hereinafter referred to as the “Data Subjects”).

     

    2. Who is the data controller?

    Valagro S.p.A., with registered office in Via Cagliari,1 -66041 Atessa (Chieti) is the Data controller with regard to the processing of Personal Data. The Company has appointed several data processors. A complete list of all the data processors appointed by the Company is available by contacting the Company at the address indicated in paragraph 10 of this Policy.

     

    3. What types of Personal Data are processed by the Company?

    The Company collects and processes Personal Data provided by the Other Party and/or by the Data Subjects, for example data relating to its employees and shareholders, such as: name, surname, email address and phone number.

     

    4. Which are the purposes of the processing?

    The Company processes the Data Subjects' Personal Data using paper or electronic means in order to:

    1. carry out negotiations and to perform the Contract between the Company and the Other Party;
    2. exercise or defend its rights, including in the context of credit reporting;
    3. comply with obligations arising from applicable laws, including sharing information with competent authorities and supervisory authorities and in order to comply with their requests;
    4. carry out activities pertaining to the sale of the company or a branch of the company, acquisitions, mergers, divisions and other transformations, and in order to carry out these operations; and
    5. with the Other Party's prior consent – also on behalf of the Data Subjects – to promote products and services offered by the Company, including sending advertising materials and marketing communications, carrying out market research and direct sales activities, either via traditional communication means – such as regular post – or at a distance, for example through email, chat, telephone, SMS, video calls, automated calls and instant messaging.

     

    5. What is the legal basis for the processing?

    Processing of Personal Data is mandatory:

    1. for the performance of the Contract, in accordance with the purposes set out in paragraph 4 a) and b);
    2. in order to comply with legal obligations in relation to the purposes set out in paragraph 4 c);
    3. pursuant to article 6 f) of European Regulation n. 679/2016 on the protection of personal data (hereinafter referred to as the “Privacy Regulation”) and in accordance with the Company and the Other Parties' legitimate interest in concluding those agreements described in paragraph 4 d) in relation to those purposes;

    A refusal to provide Personal Data for the purposes set out above would make it impossible for the Company to conclude the Contract or – where already concluded – to continue with its performance.
    Processing of Personal Data for the purposes set out in paragraph 4 e) is not mandatory. If the Data Subject refuses to give his consent however, the promotional activities set out here above cannot be performed.

     

    6. How are the Data processed?

    Processing will be carried out for the purposes mentioned above, either using IT, automated, or paper means. In any case, the means used will be appropriate to guarantee the safety and confidentiality of the Personal Data.

     

    7. Who has access to these Personal Data?

    The Company may share the Personal Data with third-party service providers, in charge of carrying out processing activities, organisations, consortia and associations designated to assess credit value, insurance companies, factoring companies and third-party companies that carry out credit collection, marketing and promotional activities on behalf of the Company, or activities that are functionally linked to the management of the Contract; other companies belonging to the same group, service providers that are essential to the Company's activities, such as cloud of IT service providers, experts, consultants or lawyers.

     

    8. Will the Personal Data be transferred abroad?

    The Personal Data may be transferred to countries outside the European Union. In this case, the Company will ensure that adequate technical and organisational measures are put in place in accordance with regulations regarding the transfer of Personal Data.
    In any case, the Data Subject has the right to obtain a copy of data kept abroad and to obtain information regarding the place where data is kept. In order to exercise these rights, he/she should contact the Company at the address mentioned in paragraph 10 of this privacy policy.

     

    9. For how long is the Personal Data stored?

    Personal Data collected for the purposes set out in paragraph 4 a) to d) will be retained for the entire duration of the working relationship and for ten years after it has come to an end, except where it has to be retained for a longer period to legal disputes, requests from competent authorities or in order to comply with applicable laws. Personal Data collected for the purposes set out in paragraph 4 e) will be kept for the entire duration of the Contract and for an additional 5 years after the Contract has been terminated for any reason. 

     

    10. Which are the Data Subjects' rights?

    In relation to his/her Personal Data, the Data Subject may – at any time and free of charge – exercise his/her right to (a) obtain the confirmation of the existence or non-existence of Personal Data concerning him/her, as well as copies of the Personal Data; (b) know the origin of the Personal Data, the purposes of the processing, and the methods used, as well as the logic behind processing carried out through automated means; (c) request that the Personal Data be updated, corrected or – if he/she wishes to – integrated; (d) obtain the erasure, transformation into anonymous format or blocking of data processed in violation of the law, as well as object to the processing on legitimate grounds; (e) withdraw his/her consent to the processing of his/her Personal Data, without prejudice to the legality of the processing which occurred before consent was withdrawn;

    At any time, the Data Subject may also:

    1. ask the Company to restrict the processing where (i) the Data Subject challenges the accuracy of the Personal Data, for the period required in order to allow the Company to assess the accuracy of the Personal Data; (ii) the processing is unlawful and the Data Subject opposes to the erasure, requesting instead that use thereof be limited; (iii) although the Company does not need to process the Personal Data anymore, the Data Subject needs it in order to establish, exercise or defend a right in court;
    2. object to his/her Personal Data being processed pursuant to article 21, paragraph 1 of the Privacy Regulation, pending an assessment of whether the Data Controller's legitimate grounds for the processing override those of the Data Subject;
    3. object to his/her Personal Data being processed;
    4. request that his/her Personal Data are erased, without undue delay;
    5. obtain the protability of his/her Personal Data; and
    6. if the conditions are met, file a complaint with the competent authority.

    Relevant requests may be sent in writing to the Data Controller, at the following email address: privacy@valagro.com.

     

    11. Modifications and updates

    This policy will be valid from its entry into force. However, the Company may make changes and/or additions to the policy, also as a consequence of the entry into force of the Privacy Regulation and possible future legal modifications and/or additions. The text of the updated policy will be published on www.valagro.com.

     

  • PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA (PROVIDERS)

    1. Introduction

    Valagro S.p.A. (hereinafter referred to as the “Company”) hereby informs that the personal data of the data subjects (where the latter is a legal person or an individual company), his/her shareholders, employees or appointees that have been shared in order to carry out the preliminary assessment pertaining to the contract, to which this policy is attached (hereinafter referred to as the “Contract”), between the Company and the other party to the Contract (hereinafter referred to as the “Supplier”), and also shared during the performance of the contract – and all activities connected – is being performed, will be processed in accordance with this privacy policy (hereinafter referred to as the “Personal Data”; individuals to whom the Personal Data refers are hereinafter referred to as the “Data Subjects”).

     

    2. Who is the data controller? 

    Valagro S.p.A., with registered office in Via Cagliari, 1 - 66041 Atessa (Chieti) is the Data controller with regard to the processing of Personal Data. The Company has appointed several data processors. A comprehensive list of all the data processors appointed by the Company is available by contacting the Company at the address indicated in paragraph 10 of this Policy.

     

    3. What types of Personal Data are processed by the Company?

    The Company collects and processes Personal Data provided by the Supplier and/or by the Data Subjects, for example data relating to its employees and shareholders, such as: name, surname, email address and phone number.

     

    4. Which are the purposes of the processing?

    The Company processes the Personal Data using paper or electronic means in order to:

    1. carry out negotiations and performing the Contract between the Company and the Supplier;
    2. to exercise and defend its rights, including in the context of credit recovery proceedings;
    3. to comply with obligations arising from applicable regulations, including sharing information with competent authorities and supervisory authorities  and in order to comply with their requests;
    4. to carry out activities relating to the sale of the company or a branch of the company, acquisitions, mergers, divisions and other transformations, and in order to carry out these operations.

     

    5. What is the legal basis for the processing?

    Personal Data processing is compulsory:

    1. so that the Contract may be performed, in accordance with the purposes set out in paragraph 4 a) and b);
    2. in order to comply with legal obligations, in relation to the purposes set out in paragraph 4 c);
    3. pursuant to article 6 f) of European Regulation n. 679/2016 on the protection of personal data (hereinafter referred to as the “Privacy Regulation”) and in accordance with the Company and the Other Parties' legitimate interest in concluding those agreements described in paragraph 4 d) in relation to these purposes;

    A refusal to provide Personal Data for the purposes set out above would make it impossible for the Company to conclude the Contract or – where already concluded – to continue with its performance.

     

    6. How are the Data processed?

    Processing will be carried out for the purposes mentioned above, either using IT, automated or paper means, and in any case, using appropriate measures in order to guarantee the safety and confidentiality of the Personal Data.

     

    7.  Who has access to these Personal Data?

    The Company may share Personal Data with third-party service providers, in charge of processing activities on Personal Data and other companies belonging to the same group, services providers that are essential to the Company's activities, such as cloud of IT service providers, experts, consultants or lawyers.

     

    8. Will the Data be transferred abroad?

    The data may be transferred to countries outside the European Union. In this case, the Company will ensure that all suitable technical and organisational measures are put in place in accordance with regulations regarding the transfer of Personal Data.
    In any case, the Data Subject has the right to obtain a copy of data kept abroad and to obtain information regarding the place where data is kept. In order to exercise these rights, he/she should contact the Company at the address mentioned in paragraph 10 of this Policy.

     

    9.  For how long are the Data stored?

    Personal Data collected for the purposes set out in paragraph 4 a) to d) will be kept for the entire duration of the working relationship and for ten years after it has come to an end, except where it has to be retained for longer period due to legal disputes, requests from relevant authorities or in order to comply with applicable laws. Personal Data collected for the purposes set out in paragraph 4 e) will be kept for the entire duration of the Contract and for an additional 10 years after the Contract has been terminated for whatever reason.

     

    10. Which are the Data Subjects' rights?

    In relation to his/her Personal Data, the Data Subject may – at any time and free of charge – exercise his/her right to (a) obtain the confirmation of the existence or non-existence of Personal Data concerning him/her, as well as copies of that Data; (b) know the origin of the Personal Data, the purposes of the processing, and the methods used, as well as the logic behind processing carried out through automated means; (c) request that the Personal Data be updated, corrected or – if he/she wishes to – integrated; (d) obtain the erasure, transformation into anonymous format or blocking of data processed in violation of the law, as well as object to the processing on legitimate grounds; (e) withdraw consent to the processing of his/her Personal Data, without prejudice to the legality of the processing which occurred before consent was withdrawn;

    At any time, the Data Subject may also:

    1. ask the Company to restrict the processing where (i) the Data Subject challenges the accuracy of the Data, for the period required in order to allow the Company to assess the accuracy of the Data; (ii) the processing is unlawful and the Data Subject opposes to the erasure, requesting instead that use thereof be restricted; (iii) although the Company does not need to process the Data anymore, the Data Subject needs the Data in order to ascertain, exercise or defend a right in court;
    2. object to his/her Data being processed pursuant to article 21, paragraph 1 of the Privacy Regulation, pending an assessment on whether the Data Controller's legitimate ;grounds override those of the Data Subject;
    3. object to his/her Personal Data being processed;
    4. request that his/her Personal Data are erased, without undue delay;
    5. obtain the portability of his/her Personal Data; and
    6. if the conditions are met, file a complaint with the competent authority.

    Relevant requests may be sent in writing to the Data Controller, at the following email address: privacy@valagro.com.

     

    11. Modifications and updates

    This policy will be valid from its entry into force. However, the Company may make changes and/or additions to the policy, also as a consequence of the entry into force of the Privacy Regulation and possible future legal modifications and/or additions. The text of the updated policy will be published on www.valagro.com.

     

  • PRIVACY POLICY FOR CANDIDATES

    1. Who is the data controller?

    Valagro S.p.A. with registered office in Via Cagliari, 1 - 66041 Atessa (Chieti), in its capacity of data controller (hereinafter referred to as the “Company” or “Controller”), the Company has adopted this privacy policy regarding the processing of data belonging to Data Subjects (as defined below). This policy will apply to the selection of candidates for employment or collaboration, in accordance with the European Regulation n. 679/2016 on the protection of personal data (hereinafter referred to as the “Privacy Regulation”).

     

    2. To whom does the privacy policy apply?

    This policy applies to individuals who send their CVs to the Company or who participate in selection procedures that are intended to lead to employment or collaboration relationship with the Company (hereinafter referred to as the “Data Subjects”).

     

    3. Which data are being processed?

    Data Subjects' personal data collected during pre-contractual and selection activities where information is exchanged. This includes both common Data – such as ID and contact details (for example, name, surname, email address, phone number, etc.) – and special categories of Data, such as health details. The Data collected must be strictly relevant to the requirements, tasks and purposes mentioned above, where the purposes for which the Data is collected cannot be fulfilled or carried out via the processing of anonymous information or different types of Data. In particular, in the context of information that is likely to reveal details concerning the health of the individual, Data collected and processed should be relevant to the process of asses psycho-physical suitability to certain tasks and belonging to certain protected categories.

     

    4. Which are the purposes of the processing?

    Data subjects' Data, - either ordinary or special categories of Data, as further defined below - weather they are collected during pre-contractual negotiations, when the Data Subject is hired upon signature of the collaboration contract, as well as Data provided during employment or collaboration (hereinafter referred to as the “Data”) will be processed in accordance with current regulations regarding Data Protection in order to carry out the selection and hiring procedure applicable to employees and collaborators.

     

    5. What is the legal basis for processing these Data?

    Providing these data is mandatory for the purpose of carrying out the selection procedure aimed at entering into an employment or collaboration contract, and refusal to provide such Data will prevent the possibility to enter into or perform the contract.

     

    6. How are these Data processed?

    Processing will be carried out for the purposes mentioned above, either by using IT/automated or traditional means, such as paper. In any event, appropriate measures will be adopted as to guarantee the safety and confidentiality of the information.

     

    7. With whom will the data be shared?

    Persons in charge of the processing or internal data processors in charge of managing the employment or collaboration relationship may have access to the Data.

     

    8. Will the Data be transferred abroad?

    The Data may be transferred to countries inside the European Union. The Data may be transferred abroad – including to countries outside the European Union – where necessary for the selection of the candidate and/or the conclusion of the employment or collaboration contract with the Company. In any case, such transfer will be carried out in accordance with the guarantees provided by applicable laws.
    In such a case, the Data Subject has the right to obtain a copy of the data kept abroad and to obtain information regarding the place where the data is kept. In order to exercise these rights, he/she should send an express request to the Data Controller, at the address mentioned in paragraph 10 of this privacy policy.

     

    9. How long is the Data stored?

    Data collected in the manner described in paragraphs 1 and 3 will be stored for the entire duration of the working relationship and for ten years after it has come to an end, except where it has to be retained for a longer period due to legal disputes, requests from competent authorities or in order to comply with applicable laws. After this retention period, the data will be deleted, anonymised or aggregated.

     

    10. What are the rights of the Data Subjects?

    In addition to the possibility for the data Subject to refuse to provide his/her Data, without prejudice to the consequences mentioned in paragraph 2, he/she may exercise his/her right – at any time and free of charge –  to (i) obtain the confirmation of the existence or non-existence of Personal Data concerning him/her; (ii) to know the origin of the Data, the purposes for of the processing, and the methods used, as well as the logic behind processing carried out with electronic means; (iii) request that the Personal Data be updated, corrected or – if he/she wishes – integrated; (iv) obtain the erasure, transformation into anonymous format or blocking of data processed in violation of the law, as well as object to the processing on legitimate grounds;

    At any time, the Data Subject may also:

    • ask the Company to restrict the processing where (i) the Data Subject challenges the accuracy of the Data; (ii) the processing is unlawful and the Data subject opposes to the erasure, requesting instead that use thereof be restricted; (iii) although the Company does not need to process the Data anymore, the Data Subject needs the Data in order to establish, exercise or defend a right in court;
    • object to his/her Data being processed pursuant to article 21, paragraph 1 of the Privacy Regulation, pending an assessment of whether the Data Controller's legitimate grounds override those of the Data Subject;
    • object to his/her Personal Data being processed;
    • request that his/her Personal Data are erased, without undue delay;
    • obtain the portability of his/her Personal Data; and
    • if the conditions are met, file a complaint with the competent authority.

    Relevant requests may be sent in writing to the Controller, at the following email address: privacy@valagro.com.

     

    11. Who are the external data processors?

    Amongst others, the Company has appointed external data processors. You can request a complete list of all data processors from the Data Controller by following the procedure set out in paragraph 10 of this policy.

     

    12. Modifications and updates

    This policy will be valid from its entry into force. However, the Company may make changes and/or additions to the policy, also as a consequence of the entry into force of the Privacy Regulation and possible future legal modifications and/or additions. The text of the updated policy will be published on our website: www.valagro.com.

  • PRIVACY POLICY FOR EMPLOYEES, COLLABORATORS AND AGENTS

    1. Who is the data controller? Valagro S.p.A. with registered office in Via Cagliari,1 - 66041 Atessa (Chieti) – Via Cagliari 1, Zona Ind.le B, in its capacity as data controller (hereinafter referred to as “Company” or “Controller”), has adopted this privacy policy regarding the processing of personal data of the Data Subjects (as defined below). This policy shall apply in the context of the conclusion and performance of an employment or collaboration contract, in accordance with European Regulation n. 679/2016 on the protection of personal data (hereinafter referred to as the “Privacy Regulation”).

    2. To whom does the privacy policy apply? This policy applies to:

    a) employees, including apprenticeship contracts, training, work experience or insertion contract, a job-sharing agreement, intermittent or on-call work, or those who provide services in the context of a supply contract or a traineeship relationship; associates, even those who are partners, and, if necessary, to their relatives and cohabitants;
    b) consultants and freelancers, agents, representatives and proxies;
    c) those who carry out coordinated services on a continuous basis, even where employed on fixed-term contracts; other independent collaborators, even where they are providing ancillary services;
    d) any individual, regardless of their work title, who works for or provides services to the Company;
    (hereinafter, each one of these shall be referred to as an “Data subjects”).

    3. Which data are being processed? Data subject's personal data, even regarding to their relatives – if necessary, collected in the course of pre-contractual exchanges of information, or at the signature of the employment or collaboration contract or agent contract, or data provided by the Data Subject, at any moment during his employment or collaboration with the Company (jointly referred to as “Data”). This includes both common personal data – such as ID and contact details (for example, name, surname, email address, phone number, etc.) – as well as specific categories of personal data – i.e. cit. art. 9 Privacy Regulation, such as information apt to reveal racial origin or ethnicity, political opinions, religious or philosophical beliefs, labour union affiliation, as well as genetic data, biometric data that lead to the certain identification of individuals; information pertaining to health, sexual lifestyle and sexual orientation; information pertaining to legal matters, i.e. information regarding criminal offences and convictions. The information collected must be strictly relevant to the obligations, tasks and purposes mentioned above that cannot be fulfilled or carried out – depending on the case – via the processing of anonymous data or different types of personal data. More specifically:

    a) in the context of data that may reveal religious, philosophical or other beliefs, or participation in religious or philosophical associations and organisations, information regarding use of, or participation in, religious festivities or canteen services, as well as displays of conscientious objection, when required by the law;
    b) in the context of data that may reveal political opinions, political party or trade union membership, membership of political or trade union associations or organisations; information regarding the exercise of a public function, political appointments, labour union activities or tasks (as long as the processing is carried out in order to ensure the permits or periods of leave are granted in accordance with the law, or as foreseen, as the case may be, by collective or corporate agreements), or the organisation of public initiatives, as well as data pertaining to deductions paid as fees for trade union services, or for membership of political or trade union associations and organisations;
    c) in the context of data that may reveal health status, information collected and processed referring to invalidity, sickness, pregnancy, post-partum or breastfeeding, accidents, exposure to risk factors, psycho-physical eligibility to carry out certain duties, belonging to certain protected categories, as well as data contained in health certificates revealing the status of a sickness affecting an Data Subject,
    including employment-related sicknesses, or in any event, information that specifies whether the sickness is the main cause of the worker's absence; and
    d) in the context of legal information, data pertaining to criminal records and pending charges against candidates applying for positions that require certain guarantees in terms of integrity and professionality that are necessary in order to complete the recruitment procedure.

    4. For which purposes are the Data being processed? Data Subject's Data will be processed in accordance with current legislation on data protection and for the following purposes:

    a) in order complete the process aimed at selecting and hiring employees and collaborators and also to finalize agent contract;
    b) administrative, accounting, salary-related, insurance, social security and tax purposes;
    c) to comply with or request compliance with certain duties, or to carry out specific tasks required by European legislation, laws, regulations, collective or corporate agreements, more specifically with the purpose of establishing, managing and terminating a working relationship, as well as to award benefits and apply legislation on social security and health insurance – including complementary insurance – or rules regarding health and safety of employees and the general population, as well as actions needed in relation to tax issues, trade union matters, public health, order and safety issues;
    d) in addition to the cases foreseen at c) – in accordance with legal provisions and for specific and legitimate purposes – for keeping accounts or paying salaries, benefits, bonuses, other emoluments, donations or associated benefits;
    e) to perform the employment or collaboration or agent contract and make sure the obligations set forth therein are being fulfilled;
    f) to exercise or defend a right – even against third parties – in court, as well as in administrative, arbitration or conciliation proceedings where provided by laws, European community legislation, regulations or collective agreements.
    g) to comply with obligations arising from insurance contracts that are aimed at protecting the employer from risks pertaining to health and safety in the workplace, professional sicknesses, or damage caused to third parties in the course of professional or work-related activities;
    h) to guarantee equal employment opportunities;
    i) in order to pursue specific, legitimate aims that are identified in the statutes of associations, organisations, federations or confederations that represent categories of employers, or in collective agreements regarding trade union assistance for employers; (the purposes thereof, set out in points a) to i), are jointly referred to as the “Contractual Purposes”) and
    j) for carrying out activities related to sale of business or branches thereof, acquisitions, mergers, divisions or other transformations; and to execute these operations (the purposes set out in point j) is referred to as the “Legitimate Interest Purpose”).

    As for the use of corporate IT devices, the internet and e-mail, please refer to the relevant section of the Valagro Data Protection Policy.

    5. What is the basis for the processing of the Data? The processing of data for the above purposes finds its legal basis into article 6, paragraph 1, letter b) of Privacy Regulation, pursuant to which “the processing is necessary for the execution of pre-contractual measures taken at the request of Data Subjects”. With regard to special categories of data, pursuant to article 9.1. of Privacy Regulation, the processing is carried out exclusively as necessary to fulfil the obligations and exercise the specific rights of the Controller or the data subject in the field of labor law and social security and social protection. Providing the Data is mandatory in order to establish and manage an employment or collaboration relationship in accordance with legal and contractual provisions. An employment or collaboration contract cannot be signed or enacted without providing the relevant Data. The processing of data for the purposes of Legitimate Interest Purpose is carried out pursuant to article 6, paragraph 1, letter f) of Privacy Regulation and, therefore, for the pursuit of a legitimate interest of the Company and its counterparts for the conclusion of the agreements, which is adequately balanced with Data Subjects’ needs, since the processing is carried out to the extent necessary to execute the activities described in relation to these purposes.

    6. How are the Data processed? Processing will be carried out for the purposes mentioned above, either by using IT/automated tools or traditional means, such as paper. In any case, the tools used will be appropriate to guarantee the safety and confidentiality of the Data.

    7. With whom will the Data be shared? Persons in charge of the processing and internal data processors charge of managing the employment or collaboration relationship may have access to the Data.
    In order to perform the employment and/or collaboration contract, the following may have access with your Data, in their capacity as external data processors or – where provided by the law – as autonomous data controllers: public or private entities – including health organisations, company doctors, company and complementary social security and healthcare insurance funds, social and worker welfare institutions, tax-assistance centres, insurance companies, recruitment agencies, employer and employee trade union associations and organisations, freelancers, institutions or consortia, providers of services that support or enable those activities carried out by the Controller (and therefore – by way of example, but not exhaustively – to companies that provide IT services, expert reports, consultancy work, legal advice, auditing companies), associations, organisations, public administration bodies, trade union associations (in order to carry out a trade union deduction requested by a Data Subject, or in order to allow control on the performance of the contract, in accordance with the additional corporate agreements), the Data Subjects' family members, subsidiaries, parent companies or companies affiliated with the Controller and related suppliers, those to whom the company or branches of the company have been transferred, companies resulting from possible mergers, divisions or other transformations of the Controller, external structures responsible for carrying out activities which are connected or are the consequence of the performance of the contract, credit institutions for payment orders or other financial activities that are needed for the performance of the contract.

    8. Will the Data be transferred abroad? The Data may be transferred to countries inside the European Economic Area. The Data may also be transferred abroad – including countries outside the European Economic Area – where necessary for the conclusion of the employment or collaboration contract with the Company, or if the Controller decides to establish its servers or corporate databases outside the European Economic Area, or to outsource services to entities established abroad. In these case, Data will be transferred in accordance with the guarantees provided by applicable laws. The Data Subject has the right to obtain a copy of the data kept abroad and to obtain information regarding the place where these data are kept. In order to exercise these rights, he/she should send an express request to the Controller, at the address provided in paragraph 10 of this privacy policy. The Data will not be disclosed, except where service orders, work or weekday shifts are displayed on the company notice board, and in the case where instructions are provided regarding the organisation of work and the identification of tasks ascribed to individual workers. The Company will publish the Data Subjects' name, surname, e-mail and company phone number on the Company Intranet. It will also publish a picture and a professional profile of the Data Subject, as long as he/she chooses to consent thereto.

    9. For how long is the Data stored? Data collected in the manner described in this privacy policy will be stored for the entire duration of the working or agency relationship and for 10 (ten) years after it has come to an end, except where it has to be kept for longer due to legal disputes, requests from relevant authorities or in order to comply with applicable laws. After this retention period, the Data will be deleted, anonymised or aggregated.

    10. What are the rights of the Data Subject? In addition to the possibility for the Data Subject to refuse to provide his/her Data, without prejudice to the consequences mentioned in paragraph 5, he/she may exercise his/her right – at any time and free of charge – to (i) obtain the confirmation of the existence or non-existence of Data concerning him/her; (ii) to know the origin of the Data, the purposes of the processing, and the methods used, as well as the logic behind processing carried out with electronic means; (iii) request the Data to be updated, corrected or – if he/she wishes to – integrated; (iv) obtain the cancellation, transformation into anonymous format or blocking of data processed in violation of the law, as well as object to the processing on legitimate grounds. At any time, the Data Subject may also:

    a. ask the Company to restrict the processing where (i) the data Subject challenges the accuracy of the Data; (ii) the processing is unlawful and the Data subject opposes to the erasure, requesting instead
    that use thereof be restricted; (iii) although the Company does not need to process the Data anymore, the Data Subject needs the Data in order to establish, exercise or defend a right in court; (iv) the Data Subject has objected to the processing pursuant object to his/her Data being processed pursuant to article 21, paragraph 1 of the Privacy Regulation, pending an assessment on whether the Controller's legitimate grounds override those of the Data Subject;
    b. object to his/her Personal Data being processed;
    c. request that his/her Personal Data are erased, without undue delay;
    d. obtain the portability of his/her Personal Data; and
    e. if the conditions are met, file a complaint with the competent authority.

    Relevant requests may be sent in writing to the Controller, at the following email address: privacy@valagro.com.

    11. Who are the external data processors? Amongst others, the Company has appointed external data processors. You can request a complete list of all data processors from the Controller by following the procedure set out in paragraph 10 of this policy.

    12. Modifications and updates This policy will be valid from its entry into force. However, the Company may make changes and/or additions to the policy, also as a consequence of possible future modifications and/or additions of Privacy Regulations. The text of the updated policy will be published on the company’s intranet and on the company’s web site, allowing Data Subjects to promptly become acquainted therewith.