SECURITY AND PERSONAL DATA PROTECTION POLICY
The Management of GreenFence attaches particular importance to the legal processing, security and protection of personal data in any way such data comes into the Company's possession. Knowing how important the protection of personal data is, the Company has implemented the General Regulation on the Protection of Personal Data (2016/679) and fully and absolutely complies with it in all its actions and activities. The regulation specifically determines in which cases personal data may be used, stored, deleted, transferred and generally processed and, above all, how it can be protected.
Rights for Partners, Customers and Suppliers:
Therefore, in accordance with what is defined in the GDPR and if the personal data are no longer necessary in relation to the purposes for which they were collected or because the Data Subject withdraws his consent on which the processing is based and there is no other legal basis for processing, GreenFence expressly and unconditionally recognizes the following rights for each of its partners, customers or suppliers:
- Right to be Forgotten (Article 17 of the Regulation): The data subject has the right to request the deletion of his data and the controller has the obligation to delete them immediately. In the event that these have been made public, the Data Controller has the obligation to take all the necessary actions to delete them.
- Right to Information and Access to Data (articles 12 and 15 of the Regulation): The subject of the processing may have access to the data and take knowledge of it and the information so as to be able to verify its legality. This information refers to the purposes of the processing, the recipients or categories of recipients, the time period for keeping the data and, if any, the criteria that determine said criteria.
- Right to Correction (Article 16 of the Regulation): The subject has the right to request from the Controller the correction of inaccurate information or the completion of incomplete data, without undue delay.
- Right to Object (Article 21 of the Regulation): The subject will have the right to object to the processing of his data under specific conditions, in particular when it comes to “profiling” or for direct marketing purposes.
- Right to Data Portability (Article 20 of the Regulation): The subject has the right to receive the personal data concerning him and which he has provided to a Data Controller as well as the right to transmit them to another Data Controller. It also reserves the right to request the direct transmission of personal data, in case this is technically possible.
- Right to Restriction of Processing (Article 18 of the Regulation): The subject has the right to restrict the processing of the data when, for example, the accuracy of the data is disputed by the data subject or the processing is illegal according to the provisions of the Regulation.
- Right to Non-Automated Decision-Making and Profiling: The data subject has the right to object, at any time, to automated decision-making of his/her profiling, which produces legal effects concerning him/her or significantly affects him/her in a similar way.