For the processing of personal data of Customers, Suppliers and Business Partners
pursuant to UE Regulation 2016/679 (“GDPR”)
This is a general notice, in compliance with the provisions of the General Data Protection EU Regulation 679/2016 (GDPR) and other applicable laws.
When using certain services, users will be provided with specific and detailed privacy notices in accordance to Articles 13 and/or 14 of GDPR.
1. DATA CONTROLLER
Plug the Sun Limited
Unit E, 6/F., Capital Trade Centre, 62 Tsun Yip Street, Kwun Tong, Kowloon, Hong Kong
2. PLACE OF DATA PROCESSING
The personal data is processed at the premises of Plug the Sun Limited
3. PERSONAL DATA PROCESSED
a) Personal data processed for the purposes of Website operation.
Information systems and software procedures used to operate the Website acquire, during the normal course of operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
It concerns information that is not collected to be associated with specific individuals, but by their own very nature could, through the processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the Website and the App, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the operating system and the users.
Information collected in this way could be used for ascertaining responsibility in case of any computer-related offences that damage the Website and the App.
b) Data provided by users directly
The optional, explicit and voluntary mailing of data as requested by the various sections of this Website and of the App are used for the purpose of processing the user’s requests (including but not limited to: cases in which information or clarification is requested by writing to the e-mail addresses found on the Website and on the App).
Specific summary information dedicated to particular services on request will be provided or displayed on the Website pages and on the App.
4. DATA STORAGE
Plug the Sun Limited operates in order to store the personal data for the minor period of time as needed by the service provided to Customer or as asked by the applicable law. For each service asked by customer Plug the Sun Limited will provide a specific privacy notice, with a detail of the period for which the personal data will be stored or the criteria used to determine that period.
5. LEGAL BASIS FOR DATA PROCESSING
The data shall be processed on the base of different legal basis of processing, in accordance with the type of service provided by Plug the Sun Limited For each service asked by customer Plug the Sun Limited will provide a specific privacy notice with a detail of the applicable ground of processing.
6. DATA PROCESSING PURPOSE
Data collected during browsing are used in order to obtain anonymous statistical information on the use of the Website and to monitor its correct functioning.
a) Legal basis for data processing
Personal Data shall only be processed insofar as processing is necessary for the website operation and to improve the experience of online applications.
b) Data retention period
Throughout the session on the Website.
After the above retention terms have expired, the Data will be destroyed, erased or anonymized, consistent with the technical procedures of erasure and backup.
7. DATA PROVISION COMPULSORINESS
Excluding the browsing data, required to implement IT protocols, the provision of personal data by users is free and optional. However, failing to provide such data will make it impossible to carry out the requests made or intended to by the user
8. DATA RECIPIENTS
Personal data may be communicated to parties acting as data controllers (such as supervisory bodies and authorities and public organisations authorised to request data) or processed on behalf of the Company by parties appointed as data processors, who are provided with suitable operating instructions. These parties include the following categories:
a) companies belonging to Maccaferri Group, working as data processors or for administrative and accounting purposes (e.g. purposes connected with internal, administrative, financial and accounting activities);
b) natural and/or legal persons providing different services to the Company (e.g. suppliers of services for the management of the Website, such as system outsourcers, companies that provide connectivity services to the Internet, etc.). Such parties may also work as Data Processors;
c) parties and/or public and private entities the data will be communicated to for the purposes of fulfilling or enforcing the fulfillment of specific obligations provided for by laws, regulations and EU legislation. These subjects will operate as autonomous Data Controllers or Data Processors.
9. PARTIES AUTHORISED TO PROCESS DATA
The data is processed by individuals with appropriate technical skills, employees, collaborators of the Company or external parties, in their capacity as processors and officers, performing on behalf of the Company technical and organizational tasks on the Website.
10. PERSONAL DATA TRANSFERS OUTSIDE THE EU
The data may be transferred to non-EU Countries, in particular to:
a) Extra UE Countries whose data protection level is deemed adequate by the European Commission in accordance with article 45 of the GDPR;
b) Extra UE Countries other than those referred to in the preceding paragraph a), after signing Standard Contractual Clauses adopted/approved by the European Commission in accordance with article 46, 2, letters c) and d) of the GDPR.
A copy of the above mentioned safeguards can be obtained sending a specific request to the Controller, according to the modalities specified in the following paragraph “Data Subject’s rights – Complaint to the Supervisory Authority”.
11. DATA SUBJECTS’ RIGHTS – COMPLAINT TO THE SUPERVISORY AUTHORITY
We also inform you that, under provisions of GDPR, on the base of lawfulness of processing and of the modalities of processing, if the conditions are met, you have the following rights: access to and rectification or erasure of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal. Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
12. DATA PROTECTION OFFICER
For any questions regarding the processing of your personal data, please contact our Data Protection Officer, using the following contact: