Summary of the Agreement for joint control
Subject and purpose of the agreement
The purpose of the Agreement for Joint Control (hereinafter “the Agreement”) is to govern the ways with which and conditions under which the personal data relative to the following Gruppo IGD companies is processed:
- IGD SIIQ S.p.A., with registered offices in Bologna (BO), Via Trattati Comunitari Europei 1957-2007, n. 13 C.F./P.I. 00397420399 (hereinafter also referred to as “IGD SIIQ” or “Joint Controller”)
- IGD Management SIINQ S.p.A., with registered offices in Bologna (BO), Via Trattati Comunitari Europei 1957-2007, n. 13, C.F./P.I. 13174580152, (hereinafter also referred to as “Joint Controller”)
- IGD Service S.r.l., with registered offices in Bologna (BO), Via Trattati Comunitari Europei 1957-2007, n.13, C.F./P.I. 03961741208 (hereinafter also referred to as “Joint Controller”)
- Porta Medicea S.r.l., with registered offices in Bologna (BO), Via Trattati Comunitari Europei 1957-2007, n.13, C.F./P.I. 01591140494 (hereinafter also referred to as “Joint Controller”)
hereinafter also referred to as the “Joint Controllers”, who are the joint controllers of the data processed as part of the whistleblowing activities carried out by the latter (hereinafter the “activities”, described in greater detail in Art. 26 of Gruppo IGD’s Whistleblowing Procedures, adopted by the Joint Controllers).
More in detail, the Agreement identifies and describes the responsibilities for compliance with the obligations under current regulations relative to the processing of personal data, specifically Art. 26 of the GDPR.
General guidelines for carrying out the activities
The Joint Controllers agreed that the whistleblowing reports will be gathered by IGD SIIQ S.p.A., through the platform found at https://www.gruppoigd.it/en/governance/business-ethics/whistleblowing/ or received by mail, who will manage them accordingly.
During this phase, the Joint Controllers will process, with the support of the respective Supervisory Boards, the whistleblower’s personal data, as well as the personal data of the individuals identified in the report. The personal data above will be processed using paper supports and/or IT procedures by members of the Joint Controllers’ Supervisory Boards. These individuals will have access to the personal data solely to the extent needed to carry out the data processing.
Responsibilities of the joint controllers when processing personal data
Each Joint Controller will:
- process, jointly with the other Joint Controllers, the personal data in accordance with the principles of lawfulness, fairness and transparency called for in the GDPR;
- implement processing solely for the purposes of carrying out the activities called for in this Agreement;
- determine the ways in which the interested parties may exercise the rights referred to in Articles 15, 16,17, 18, 20 and 21 of the GDPR, as described in greater detail in Art. 8 below;
- provide the information called for in Articles 13 and 14 of the GDPR in accordance with the limits and methods defined in Art. 9 below;
- adopt the technical and organizational measures needed to guarantee secure data processing, as described in greater detail in Art. 6 below.
More in detail, IGD Siiq S.p.A., as Joint Controller and as agreed together with the other Joint Controllers, will:
- manage the IT platform used for reporting, described in greater detail above;
- make information about the data processing carried out by the Joint Controllers available to the interested parties;
- act as the contact for inquiries made by the interested parties.
Rights of the interested party
The Joint Controllers will implement the measures needed to provide the interested party with all the information and communications made relating to the processing in accordance with current applicable laws in a manner that is concise, transparent, comprehensible and easy to access, as well as expressed using simple and direct terms, in accordance with the means and limits referred to in this Agreement and the information made available by the interested parties.
The information will be provided in writing or using other methods, including, if called for, electronic means.
The interested parties may contact the Joint Controllers at the following address: privacy@gruppoigd.it
At any rate, each Joint Controller will advise the other Joint Controllers of any requests received from interested parties in order to provide the interested parties with a reply, including jointly, by the legal deadline.