Information provided pursuant to Art.13 of EU Regulation 2016/679 (hereinafter the GDPR) and Art.13 of Italian Legislative Decree no. 196/2003, the “Data Protection Code” (hereinafter the Code).
Data subjects are hereby informed of the following general details, valid for all aspects of processing:
References and the data subject’s rights
The Controller, in terms of processing personal data, is this Company, in the person of the legal representative pro-tempore. In order to ensure an adequate support to data subjects, the Controller has appointed a DPO, to whom data subjects may refer (contact details: Gregorio Galli – +39 0523.010250 – firstname.lastname@example.org ) in order to exercise their rights as set forth in articles 15-21 of the GDPR and Art.7 of the Code (right to access, rectify and delete data, right to restrict processing, right to data portability and the right to oppose processing), as well as to revoke any consent previously granted; in the event that there is no response to a data subject’s request, a data subject may lodge a complaint with the supervisory authority duly appointed with regard to protecting personal data (GDPR – Art.13(2)(d)).
2. PROCESSING DATA CONNECTED TO THE FUNCTIONING OF THIS SITE
The information systems and software procedures used to operate this site acquire, as part of their normal operation, certain personal data the transmission of which is implicit in the use of internet communication protocols. This involves information which is not collected in order to be associated to an identified data subject but which could, given its nature, through processing and association with data held by third parties, allow a data subject to be identified. This category of data includes the IP address or the domain name of the computer or device used by the user to access the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the numeric code indicating the status of the response given by the server (OK, error, etc.) and other parameters related to the user’s operating system and computer environment.
|Purpose and legal basis for processing
|This data is only used to obtain statistical information on how the site is used and to check that it is functioning correctly. Data may be used to ascertain responsibility in the event of a supposed computer crime against the site (the Controller’s legitimate interests).|
(GDPR-Art.13(1)(e) and (f))
|Data may be processed exclusively by internal personnel, regularly authorised and trained to process such data (GDPR-Art.29) or, potentially, by personnel responsible for maintaining the web platform (appointed in this case as external processors). Data will not be communicated to any other party, nor disclosed or transferred to a country outside of the EU. Only in the event of an investigation will this data be made available to a competent authority.|
|Data retention period
|Data is normally held for short periods of time, with the exception of a possible extension as a result of an investigation.|
|Data is not provided by the data subject but is acquired automatically by the site’s technological systems.|
About cookies: Cookies are small fragments of text (letters and/or numbers) that enable a web server to store information on the client (the browser) to be re-used during the course of the same browsing session on the site (session cookies) or thereafter, even days after visiting the site (persistent cookies). Cookies are stored, based on the user’s preferences, by each individual browser on the specific device used (computer, tablet, smartphone). Similar technologies such as, for example, web beacons, transparent GIFs and all forms of local storage introduced by HTML5, are used to collect information on the user’s behaviour and how the services are used. Below, we will simply use the term “cookie” to refer to cookies and every other similar technology.
Possible first-party types of cookie and ways of managing preferences
|Browsing or session techniques||To ensure normal browsing and use of the site||Through the main browsers, you can:
For information on the settings for each individual browser, see the specific paragraph. Note that if cookies are disabled or deleted, it might compromise your ability to browse the site.
|Analytical techniques||To collect information on the number of visitors and the pages viewed|
|Functional techniques||To allow the site to be browsed on the basis of a series of selected criteria|
|Profiling||To create profiles related to the user in order to send him/her advertising messages which are in line with his/her preferences|
Managing preferences through the main browsers
The user may decide to accept, or otherwise, cookies through his/her browser settings (note that, by default, almost every web browser is set to automatically accept all cookies). Settings can be modified and defined in a specific way for the various websites and web applications. Furthermore, the best browsers allow you to set different settings for “proprietary” cookies and “third-party” cookies. Generally, cookies can be configured from the “Preferences”, “Tools” or “Options” menu.
Given below are links to guides on how to manage cookies in the main browsers:
Internet Explorer: http://support.microsoft.com/kb/278835
Internet Explorer [versione mobile]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
Safari [versione mobile]: http://support.apple.com/kb/HT1677
The site may contain data collection forms aimed at ensuring that the person browsing the site has access to certain services/features (e.g.: information requests, registrations, etc.).
|Purpose and legal basis for processing
(GDPR-Art.13, comma 1, lett.c)
|Identifying and contact details may be required in order to be able to respond to the data subject. Sending a request is subject to the data subject’s specific, freely given and informed consent (GDPR-Art.6(1)(a))|
(GDPR-Art.13, comma 1, lett.e,f)
|Data is processed exclusively by personnel regularly authorised and trained to process such data (GDPR-Art.29) or, potentially, by personnel responsible for maintaining the web platform or for providing the service (appointed in this case as external processors). Data will not be disclosed or transferred to a country outside of the EU.|
|Data retention period
(GDPR-Art.13, comma 2, lett.a)
|Data will be stored for the time needed to achieve the purpose or purposes for which it was collected|
(GDPR-Art.13, comma 2, lett.f)
|Providing data marked as mandatory is needed in order to be able to obtain a response, whilst the optional fields are designed to provide staff with further useful information to facilitate contact.|
Data supplied voluntarily by users
The optional, explicit and voluntary sending of an email and/or a letter through the postal system to one or more of the addresses indicated on this site leads to the subsequent acquisition of the sender’s address, which is needed in order to respond to his/her request. Any other personal data given in the email or letter will also be acquired. If the sender sends his/her CV to apply for a position or for our records, he/she remains solely responsible for the relevance and accuracy of the data sent. Note that any CV that does not include authorisation for the data therein to be processed will be deleted immediately.
3. PROCESSING DATA CONNECTED TO RELATIONSHIPS ESTABLISHED WITH CLIENTS AND SUPPLIERS
3.1 The subject of the processing
The company processes identifying personal data of clients/suppliers (for example, first name, last name, company name, contact and tax details, address, telephone number, email address, bank and payment details) and their operational contacts (first name, last name and contact details). Such data is acquired and used within the scope of carrying out the services provided.
3.2 Purpose and legal basis for processing
Data is processed:
If the aforementioned data is not provided in full, the Controller will not be able to establish a relationship with the data subject. The aforementioned purposes represent, pursuant to Art.6(b), (c) and (f) the suitable legal basis for the data to be lawfully processed. Should there ever be an intention to process data for different purposes, the data subject will be asked for his/her specific consent.
3.3 Methods used to process data
Processing personal data is done using those operational means indicated in Art. 4(2) of the GDPR and, specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, extraction, alignment, use, combination, block, dissemination, erasure or destruction of the data. Personal data is subject to processing both on paper and electronically and/or with automated means. The Controller will process personal data for the time needed to achieve the purposes for which the data was collected and as related to any legal obligation.
3.4 Processing scope
Data is processed by internal personnel regularly authorised and trained pursuant to Art.29 of the GDPR. It is also possible to request the communication scope of the personal data, obtaining precise details about any external party that operates as an autonomous Processor or Controller (consultants, technicians, banking institutes, couriers, etc.).
4. UPDATES TO THE POLICY
Note that this advisory note may be updated following a periodic review, as well as in relation to applicable legislation and case law. In the event of any significant changes, an appropriate message or communication will be given, within a reasonable time, on the site’s home page. We recommend, however, that this policy be reviewed periodically.