PRIVACY POLICY

Details

Hits: 4772

Since the beginning, the Company has complied with the provisions of Italian legislation on Privacy (Legislative Decree 196/2003 - Code regarding the protection of personal data), constantly adapting and updating its system and regulatory principles through continuous implementations of the document "Privacy Code - Security Policy Document"

With this premise, the Company reaffirms its commitment to the respect and protection of privacy, by adopting and maintaining updated its system based on changes introduced with the new European Regulation "GDPR - General Data Protection Regulation", applicable from 25 May 2018.

ISS International management considers itself directly committed to:

• Conduct all activities of personal data processing following a "risk based" approach, intended as an assessment of the negative impact on the freedoms and rights of the interested parties;
• Determine the methods and limits of data processing, taking into account the nature, scope, context and purpose of processing, as well as the likelihood and severity of risks to the rights and freedom of the users;
• To guarantee to the interested parties: access to information regarding their data and the purpose and method of its treatment; the right to data portability; the right to be forgotten, to request and obtain the removal of data; the right to be informed of data breaches;
• Implement and constantly monitor all security measures and improvement actions to prevent data breaches, both hard copy and automated;
• Train the necessary resources and constantly monitor their level of suitability, preparedness and qualification;

The general objectives of the company policy are to:

• Adapt the Privacy System in accordance to the requirements of Legislative Decree no. 196/2003 and of the GDPR 2016/679;
• The gradual and constant development of the Privacy System in compliance with current regulations and their amendments;
• Continuous improvement of staff involvement and participation in achieving company policy objectives;
• Constant monitoring of the risks deriving from our activity regarding the processing of personal data, for the protection of privacy;

For the operational management of the Privacy System, the Management has defined an organization chart and identified the following positions:

• Processor (external);
• Data Processing Officer (DPO)

who, together with the Controller, are responsible for implementing and constantly monitoring the appropriate technical and organizational measures to guarantee a level of security appropriate to the risk, taking into account the nature, object, context and purpose of the treatment of personal data.

Items defined in this document must be considered as prescriptive for all those who work and / or collaborate with the Company ISS International SpA; therefore, the Management hopes for and supports maximum participation and involvement in order to guarantee its effectiveness and continuous improvements.

Management commits itself to ensure that the objectives are compatible with real business capabilities in accordance with available technologies and market logic, and such as not to call into question the protection of the personal data of those concerned and the protection of their rights.

Management commits itself to revise this policy in order to adapt to regulatory changes and company dynamism whenever it is deemed appropriate.