(A) Traffic data
The computer systems and software procedures used to operate this Website need to acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, browser type, operating system, the domain name and website addresses from which you are logged in or out, the information on pages visited by User within the Website, the time of access, time period of User's staying on a single page, the internal path analysis and other parameters regarding the User's operating system and computer environment.
This technical / IT data is collected and used only in an aggregated and not immediately identifiable manner and can be used to ascertain liabilities in case of hypothetical crimes committed within or against the Website or upon competent authorities' request.
(B) Personal data provided directly from User
There are few sections of the Website (e.g. newsletter subscription) which are aimed to collect only those personal data which the User will decide to share with us. It remains understood that, in this case, the Controller must collect the data provided by the User in order to fulfil the requests received. Accordingly, if the User prefers that the Controller does not collect his/her personal data, he or she is invited not to send any request.
In any event, the Users will always be free, after having read this Policy in order to understand in detail how and for which purposes their personal data will be processed by us, to share his/her own data by filling out the specific forms available on the Website.
3. Purposes of the processing
The Website has been designed with the main goal of providing information - and therefore as an interactive window - regarding the activities, products and services offered by us. This is the reason why, in most cases, the collection of the User's personal data is not required.
In any case, according to the principles set forth by the GDPR, the Website is also set to minimize the collection of personal data, as well as to exclude the processing of such data in all cases when the purposes described hereunder can be achieved with different means and/or by anonymous data.
Your personal data will be processed by us for the sole purposes of:
allowing an appropriate navigation on the Website;
allowing the Users to better explore and get more information regarding the activities, services and products offered by us;
answering and fulfilling the Users' requests;
to run the recruitment process and collect the CVs delivered through the Website;
to comply with obligations provided for by applicable laws and/or requests or orders made by competent authorities;
delivering promotional newsletter regarding our products and services.
Should the data be collected in the future also for purposes other than those described above, it will be our duty, on one hand, to provide adequate information to the User relating to such new purposes in order to enable transparency and user awareness and, on the other hand, ensure that that a valid legal basis (such as the User's consent) exists, where needed, to undertake the relevant processing.
4. Legal basis of the processing
The provision of personal data by the User - unless otherwise noted - is optional, but it must be highlighted that in case of refusal to make some data available to us, it could be impossible to fulfill the User's request or provide certain specific services (such as the newsletter).
The processing activities listed from a) to e) above do not require the acquisition of the User's consent, as they are based on different legal bases, i.e. the need to perform and provide the services which have been directly requested by the User and the need to ensure compliance with a legal obligation applicable to the Controller.
On the contrary, although sending promotional newsletters requires the User's registration, we will not be able to deliver this kind of communication in absence of the User's prior specific consent.
5. Methods of the processing and data security
The personal data are collected and processed lawfully and fairly, for the above purposes and in accordance with the fundamental principles established by the applicable legislation.
Processing operations may take place both manually and electronically, or by information technology tools, always under technical and organisational measures that ensure the security and confidentiality of the data, especially in view of reducing the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to the personal data or, more generally, processing that is not compliant with the purposes of the collection.
The processing will be carried out under the authority of the Controller only by those subjects who have been duly authorized to access and process the data in accordance with the instructions provided for by us and the applicable data protection laws and regulations.
6. Communications to third parties
The personal data collected through the Website will not be shared or communicated to third parties, unless upon specific consent of the User.
Should the data be made available by us to third-party suppliers or partners (such as service providers, mail carriers, hosting providers, IT companies, communication agencies) in order to enable them to perform specific services connected to or necessary for the fulfilment of the purposes listed above, it will be responsibility of the Controller to appoint such third parties as data processor by virtue of their capacity, experience and reliability and to provide them with specific instructions regarding the security of the data. The updated list of appointed data processors can be accessed at any time by sending a written request to us, as specified below.
It remains understood the Users' personal data must be communicated to third parties, such as public or judicial authorities, to comply with binding orders and request, as well as with applicable legal provisions.
Personal data collected by the Website will be kept in a format that allows User's identification for no longer than necessary to fulfill the purposes for which the data have been originally collected and, in any case, within the time limits set forth by applicable laws and regulations, as well as to enforce or protect the rights of the Controller (consistent with the retention periods and statutes of limitations provided for by the law), where necessary.
When no longer necessary in accordance with the above, the data will be cancelled or anonymized.
8. Cookies (cross-reference)
9. Transfer of data abroad
Given the international nature of Controller's business activities, the data will be transferred and so processed abroad, still for the sole purposes described above, by us, both inside and outside the territory of the European Union.
In all cases when the data will be transferred to non-EU countries, the relevant transmission will be subject to specific data protection guarantees, as required by the law, e.g. through the adoption of Standard Model Clauses as approved by the European Commission, or other equivalent safeguards.
10. Data subjects' rights
The User can at any time exercise his/her rights, including:
accessing his/her personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to whom they may be disclosed, the applicable storage period, the existence of automated decision-making processes;
having incorrect personal data referred to him/her rectified without delay;
having his data erased in the cases provided for by the law;
obtaining restrictions to processing, where possible;
requesting portability of the data provided to the Controller, i.e. receiving them in a structured, commonly used and machine-readable format, also for transmitting such data to another controller, without any hindrance by us, in all situations where it is required by the law in force;
lodge a complaint to the competent Supervisory Authority.
To exercise these rights, or for any further information and/or clarifications, please write to - firstname.lastname@example.org.
The Data controller is Jon Laurie.
Below is highlighted the date when the last version of this policy has been uploaded.
Last Update: 16/01/2020