According to the provisions of the Regulation, the Company's processing will be carried out on the basis of the principles of fairness, lawfulness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality.
1) CONTROLLER and CONTACT DETAILS OF THE DATA PROCESSING OFFICER (DPO)
The Controller is Alfamation S.p.a. (Tax ID no. 02111480964) headquartered in Via Cadore, 21, Lissone, Italy. The Controller can be contacted directly at the Company's headquarters, also in order to exercise your rights under point 7).
The Company has appointed a Data Processing Officer (DPO), who can be contacted by email at firstname.lastname@example.org
2) PURPOSES OF THE PROCESSING
The personal data provided will be processed in accordance with the conditions of lawfulness under Regulation (EU) 2016/679 for the following purposes:
- browsing this website;
- requesting contact, sending the information requested;
- administration and accounting in general. For the purposes of applying the personal data protection provisions, data is processed for administrative and accounting purposes only if this is required to perform organisational, administrative, financial and accounting activities, whatever the nature of the data processed. More specifically, those purposes include internal organisational activities, activities required for the purpose of entering into a contract and performing contractual obligations, and for providing information.
2) PERSONAL DATA SUBJECT TO THE PROCESSING AND LEGAL BASIS
a) Browsing data
The IT systems and software procedures utilised to run the Site acquire some user-generated Personal Data as part of their normal functioning; the transmission of such data is implicit in internet communication protocols. These data are not collected to be associated with any identified data subjects; however, by their very nature, they may make users identifiable after being processed and matched with data held by third parties. This data category includes IP addresses or domain names of the computers used to connect to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used to submit the request to the server, the size of the returned file, the numerical code of the server response status (completed, error, etc.) and other parameters relating to the user's operating system and IT environment. These data are used only to collect anonymous statistical data about use of the Site, and to make sure it is functioning properly, as well as to identify any abnormalities and/or misuse. They are deleted as soon as they are processed. The data may be used to investigate culpability in the event of suspected cybercrime against the Site or third parties. The legal basis for the processing is provided under Article 6(1), point (f) (legitimate interests of the Controller).
b) Data submitted voluntarily by the Data Subject
You can contact our company via the “contact us” page that contains the contact details required. Data subjects may be required to submit data (name, surname, email, phone number) as part of their request for information.
The legal basis for the processing of those data is Article 6(1), point (b) of the Regulation insomuch as the processing is necessary to deliver the Services or to take steps at the request of the data subject. Provision of Personal Data for these purposes is optional but failure to provide them may make it impossible to meet the requests.
If the data is transmitted for the purpose of a job application, they will be processed in accordance with the procedures described in the privacy statement that can be consulted on this Site.
4) CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
For the purposes specified above, your Personal Data may be disclosed to the following recipients:
entities that commonly act as data processors, namely: i) persons, consultants, professional firms or offices that provide advisory and consultancy services to the Company in the accounting, administrative, legal, tax, and financial areas with regard to providing the Services; ii) entities with whom it is necessary to interact for the provision of the Services (e.g. hosting services providers, or providers of IT and/or marketing services, iii) or entities delegated to perform technical maintenance activities (including maintenance of network equipment and electronic communications networks); (collectively “Recipients”);
- entities, bodies or authorities to whom it is obligatory to disclose your personal data pursuant to the provisions of law or to orders from the authorities;
- persons authorised by the Company to process the Personal Data required to perform the activities strictly relating to the provision of the Services, who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
5) TRANSFER OF PERSONAL DATA
The personal data provided will be disclosed to recipients who will process the data as Processors (Article 28 of Regulation (EU) 2016/679) and/or as natural persons acting under the Authority of the Controller or Processor (Article 29 of Regulation (EU) 2016/679), for the purposes listed above.
Specifically, your data will be disclosed to:
entities that provide services for the management of the Company's IT system, and of the telecommunications networks;
- self-employed professionals, offices or companies as part of the advisory and consultancy arrangements;
- competent authorities for compliance with legal obligations and/or provisions of public bodies, at their request. The entities in the foregoing categories act as Data Processors, or they operate independently as separate Data Controllers. The list of designated Processors is constantly updated and available by writing to email@example.com
6) STORAGE OF PERSONAL DATA
Data may be processed by automated and/or manual means, using procedures and equipment in a manner that ensures utmost security and confidentiality, by specifically designated persons.
In accordance with the provisions of Article 5(1), point (e) of Regulation EU) 2016/679, the personal data collected will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
The period the personal data provided will be stored depends on the purpose of the processing:
- contact request (no more than five (5) years);
The period of storage of personal data is determined on the basis of criteria that the data subject can consult by sending a request to firstname.lastname@example.org
7) RIGHTS OF DATA SUBJECTS
Pursuant to Article 15 et seq of the Regulation, you have the right, at any time, to ask the Company to access, to rectify, to erase your personal data, or to object to the processing of your personal data; you also have the right to restrict the processing of your personal data in the cases envisaged by Article 18 of the Regulation, and have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, in the cases envisaged by Article 20 of the Regulation.
Your requests should be sent to: email@example.com
In any case, you have the right to lodge a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the Regulation, if you consider that the processing of personal data relating to you infringes applicable legislation.
8) AMENDMENT TO THIS INFORMATION NOTICE
This notice applies as from 17/10/2018. The Company reserves the right to amend it or simply to partly or fully update the content also as a result of changes to applicable legislation. Therefore, you are advised to visit this section regularly in order to be informed of the most recent and updated version of the information notice pursuant to Article 13, so that you are kept constantly updated about the data collected and how the Controller uses them.