Privacy Policy

O.S.R.A.V. ALFEO MORET SpA informs you that the data you provide will be processed according to the General Data Protection Regulation (EU) No. 2016/679 regarding the protection of natural persons when processing their personal data.
1. Data Controller
O.S.R.A.V. ALFEO MORET SPA (C.F. 00478620263) Registered Office in Via dell’Industria, 13 – Zona Industriale – 31029 Vittorio Veneto (TV) – Italy.
2. Where to contact the Data Controller
Registered Office in Via dell’Industria, 13 – Zona Industriale – 31029 Vittorio Veneto (TV) – Italy. Telephone: +39 0438 912090 Fax: +39 04238 501640 Email: Web:
3. Personal data subjected to processing
• Personal details such as: name and surname/company name; tax ID code; VAT code; address; email address; certified email; SDI code; telephone number, including mobile phones; fax; type and number of an ID document, permission to stay, driving licence, family members’ data, curriculum vitae, copies of educational diplomas and/or training certificates.
• Financial information such as: current account ID, income situation, ISEE (Equivalent Economic Status Indicator), CU (Income Certification) and other banking information.
• Health information: pathologies, medical case history, use of medicines, health worker tutors, medical analyses and reports (restricted to workers in protected categories).
• Video information.
• Information regarding calls on company land lines and mobile phones.
4. Legal principal and purpose of processing
• Legal principal on which OSRAV ALFEO MORET SPA bases its data processing: · to fulfil the contractual obligations the data subject intends to undersign; · to fulfil legal obligations; · legitimate interests In particular, personal data will be used to implement:
• Activities preliminary to the provision of services, sale of products and services included in the contract; • Personnel management: health supervision (Italian Legislative Decree 81/08) hiring, payroll processing and all things connected (restricted to workers);
• Provision of the services included in the contract;
• Invoicing/payments;
• Fulfilment of administrative, accounting and tax requirements connected with the contractual obligations, and communications with public authorities;
• Issue of training certificates by OSRAV or bodies appointed by the company;
• Protection of contractual rights/credit recovery;
• Processing medical data exclusively to fulfil agreements with data subjects included in ‘protected categories’; • Protection of data subjects’ safety and of corporate assets;
• Checking of proper use of company telephones;
• Marketing strategies: e.g. sending promotional and commercial communications relating to services and products provided by OSRAV ALFEO MORET SPA, by automatic contact (short text messages and e-mail) and traditional means (operator phone calls and traditional postal services), advertising corporate events, carrying out of market surveys and statistical analyses (the latter is not applicable to Osrav’s workers).
5. Processing

Processing may take place on paper or by electronic means. Data may be processed automatically through management IT systems. Processing comprises the collection, recording, organisation, storage, consultation, adaptation or alteration, selection, retrieval, comparison, communication, erasure and destruction of data. OSRAV ALFEO MORET SPA has put in place suitable security measures to ensure the confidentiality, integrity and availability of subject datas personal data and has imposed similar security measures on those authorised to process the data.
6. Provision of data and refusal
Personal data are collected directly by OSRAV ALFEO MORET SPA from the data subject or, with the subject’s consent, from the company’s registered office when entering into or implementing a contract. Provision of data is compulsory in order to implement a contract. Failure to provide them will make it impossible to implement the contract. The only exception relates to data provided for marketing purposes, where consent is optional.
7. Data communication
Addressees OSRAV ALFEO MORET SPA may appoint the following persons to process personal data on its behalf:
• Workers;
• External associates;
• Suppliers;
• Company doctor;
• Staff agencies;
• Banks and insurance companies.
For the purpose OSRAV ALFEO MORET SPA gives adequate instructions to ensure the security and confidentiality of the data. If communication is necessary or useful for the implementation of contractual or legal obligations, OSRAV ALFEO MORET SPA may communicate personal data to third parties, restricted to the provisions in clause 4 of this document. PRIVACY POLICY FOR PROCESSING PERSONAL DATA (ARTS. 13 and 14 EU GDPR 2016/679) List of types of third parties:
• Natural or legal persons who provide tax consultancy, administrative or tax services;
• Natural or legal persons who provide legal services (to protect contractual rights/recover credits);
• Natural or legal persons who provide financial or insurance services;
• Companies that provide IT services;
• Any subjects who carry out maintenance and run networking devices and communications networks;
• Subjects who provide services relating to payment collection (e.g. bank transfers, credit cards);
• Other bodies or authorities to which personal data must be communicated for legal reasons or obligations;
• Providers of training courses required by law, or technical training (restricted to workers);
• The company’s doctor (and any legal structure connected to him or her) in order to fulfil the obligations under Italian law 81/08 regarding the surveillance of workers’ health. Subjects in the above-mentioned categories who process personal data as independent data controllers in relation to specific operations under their contractual obligations. When requested, under the terms of clause 2 of this document, OSRAV ALFEO MORET SPA provides the names of such subjects and their roles.
8. Data storage period and criteria used to determine the time
Personal data are stored for the time strictly necessary to fulfil the aims for which they were collected, as per clause 4 of this document. Personal data processed for the purposes mentioned in clause 4, “administrative, accounting and tax obligations connected with contractual obligations”, are stored in order to fulfil obligations remaining even after expiry of the contract: to this end they are stored for a period of no more than 10 years (data used for marketing purposes is restricted to 2 years), or for a different period established by law. In this respect the Data Controller will store only the data required for such period. The data will be suitable, pertinent and restricted to such period. Personal data processed for the aims mentioned in clause 4 “protection of contractual rights/credit recovery” will be processed for the time needed to implement such aims, which will coincide with their lapsing. Such period shall not exceed 10 years unless events occur that interrupt prescription and therefore extend the period. To this end, the Data Controller shall store only the data necessary to pursue the aims. The data will be suitable, pertinent and restricted to said aims. Data regarding workers’ labour contracts shall be stored for the duration of the contract, and after that for 10 years. Medical data shall be stored indefinitely.
9. Location of personal data processing
Personal data are stored on paper, electronically and through telecommunications means located in member States that apply the GDPR.
10. Data subject’s rights
The data subject has the right to:
• Request the Data Controller to provide access to his or her personal data and the rectification or erasure of said data or restriction of processing of personal data concerning the data subject or to object to such processing;
• Receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (portability);
• Withdraw his or her consent to processing by informing one of the contacts mentioned in clause 2 of this document (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal; it shall be as easy to withdraw as to give consent);
• Lodge a complaint with the Italian supervisory body for data protection (Garante Privacy). The above-mentioned rights can be exercised without cost by forwarding a written declaration by registered post with a return receipt to the addresses given in clause 2.
11. Legitimate interests
The Data Controller’s legitimate interests may provide a valid legal justification for processing, on the condition that the interests, rights and fundamental freedoms of the data subject do not prevail. The data subject can object to processing at any time, without cost to himself or herself.