The following information is provided pursuant to Article 13 of EU Regulation No. 679/2016 (hereinafter the “Regulation”) to users who have contact with the Call Center service provided by the company BFT S.p.A. This document completes the short information orally provided to the user called at the beginning of the communication.
The Data Controller is the company BFT S.p.A., with registered office in Via Lago di Vico 44, Schio (VI), Italy (hereinafter “Bft” or the “Company”).
DATA PROTECTION OFFICER (“DPO”)
Pursuant to Article 37 of the Regulation, the Data Protection Officer for the Somfy group, which includes the Company, is Antje SORENSEN, available on the e-mail address email@example.com.
TYPES OF PROCESSED DATA
The data processed in course of call center activities are identification data (in particular name and surname and/or company name, landline and/or mobile telephone number, address, e-mail) communicated by the user when signing the contract with the Data Controller, and any further information that the user may provide to the Company’s individual when the same user calls customer service to solve problems or questions.
PURPOSE OF PROCESSING
The user’s personal data, freely communicated and acquired in connection with the activities carried out by the Company, will be processed lawfully and in good faith for the following purposes:
a) after-sale assistance to customers, without the user’s prior consent;
b) surveys on the level of customer satisfaction about the call center service and about the support received from the Customer Service.
LEGAL BASIS OF PROCESSING
The legal basis of processing is the performance of a contractual obligation and a request of assistance filed by the user.
METHOD OF PROCESSING AND STORAGE OF DATA
Personal data are processed both by paper tools and by IT tools. Specific security measures have been taken to prevent loss of data, their unlawful or incorrect use and unauthorised access.
NATURE OF DATA DISCLOSURE AND CONSEQUENCES OF THE REFUSAL TO PROVIDE AND FAILURE TO PROVIDE CONSENT
It is mandatory to provide personal data: personal data are necessary to use the services provided by the Data Controller, and failure to provide personal data makes it impossible for the user to use the services provided by the Data Controller.
The user may object at any time to data processing mentioned under letter b) above:
• by expressing his or her objection to the call center employee, who will take note of such objection;
• by sending an e-mail to the address firstname.lastname@example.org.
COMMUNICATION AND DISSEMINATION OF DATA
Personal data are processed by internal or external subjects, duly authorised and committed to preserve confidentiality, with a specific role as internal person in charge of processing or data processor, and who received adequate operational instructions.
For the performance of such activities, the Data Controller relies on third-party companies, which act on its behalf after contracting the relationship with such third parties appointed as external Data Processors pursuant to Article 28 of the Regulation. The list of external Data Processors is available upon informal request to be sent to the e-mail address email@example.com.
The data collected within call center activities will not be disseminated in any case whatsoever.
TRANSFER OF PERSONAL DATA ABROAD
Call center activities are carried out exclusively in Italy.
Personal data of the users and those collected in case of communications occurred by telephone with the call center operators may be transferred, for the same purposes mentioned above, to the other companies within the Bft’s group and to the companies within the Somfy Group, which includes Bft (hereinafter the “Group”), even if based in Countries outside the EU. The Group adopted adequate safeguards for the transfer of your data, implementing specific “Binding Corporate Rules” in compliance with the Regulation, which are available upon informal request to be sent to the e-mail address firstname.lastname@example.org.
PERSONAL DATA STORAGE
The Data Controller processes personal data for the period strictly necessary to perform the abovementioned purposes and, however, no longer than 10 years from the closure of the relationship.
RIGHTS OF THE DATA SUBJECT
You may exercise the rights envisaged by Articles 12 and ff. of EU Regulation No. 679/2016 (including but not limited to the right to request to the Data Controller to access to your personal data, to obtain their Rectification, erasure or restriction of processing, to object to processing, to withdraw your consent and file a complaint before the supervisory authority) by sending an informal request to the e-mail address email@example.com.
Following the same procedure, the user may object at any time to processing of his or her data for the purposes mentioned under letter b) above.