Privacy policy

NOTICE PURSUANT TO ART.13 of the “European Regulation on the Protection of Personal Data” GDPR 2016/679

Welcome to our website (“https://www.weareconflux.com/”). Please read our Privacy Policy carefully, since it applies in any case in which you access our website and decide to navigate within it and use its services.

If you do not agree with the terms of this Privacy Policy, you should not use our website and Services nor otherwise provide us with your personal information. By using and/or accessing our Web site and Services or otherwise providing us with your personal information, you acknowledge that you have read and understand this Privacy Policy.

Pursuant to EU Regulation 2016/679 referred to as the “European Data Protection Regulation”, (hereinafter referred to as the “Regulation” or even just “GDPR”) we inform users that personal data entered on our website are processed in the manner and for the purposes described below.

In compliance with the requirements set forth in the Data Protection Regulation, “processing” of data means “any operation or set of operations carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.”

This Policy solely and exclusively applies to personal data processed through our website and therefore does not apply to any other websites that may be reached through links on it; it is effective as of the date indicated below. We may update this Privacy Policy from time to time by posting the updated version on this page. We encourage you to periodically check for any updates that have occurred to our notice.

1. Data holder

The data controller is: Conflux s.r.l. (“Conflux”), with registered office in Italy, Via Giovanni Spadolini 7 – 20141 Milan, Italy, VAT and Tax Code 11716181000.

For further information you may contact us at the following email address: legal@weareconflux.com.

2. Object of processing

The personal data collected and processed by the Data Controller are exclusively those provided by the data subject when sending a contact request, when sending a job application and/or when subscribing to the newsletter service, or data otherwise known to the Data Controller in connection with the above-described activities and are, in particular, the user’s first and last name, e-mail address and telephone number. In addition to the data provided directly by you, we use certain technologies, such as usage data collection tools and cookies, to automatically collect information that may contain personal data, as you browse our website, to provide you with a better experience.

This website processes only personal data, by which is meant, in accordance with current legislation, any information relating to a specific natural person (e.g. : first name, last name, social security number, date of birth), which allows its identification, either directly by means of the data or also indirectly, by reference to any other information, including a personal identification number (e.g. : employee identification code, association, first and last name and mobile phone number); the definition also includes location data, online identifiers or data referring to one or morè characteristic elements of the physical, physiological, genetic, psychic, economic, cultural or social identity of the identified or identifiable person.

3. Purposes and legal bases of processing

The personal data described above are processed by the Data Controller:

1. Pursuant to art. 6, paragraph 1, letter b), GDPR, for purposes connected with or instrumental to the Data Controller’s activity, such as, by way of non-exhaustive example: the proper operation of the website, archiving in its databases, newsletter subscription, replying to one or more queries forwarded by the data subject through the “Contact Us” form, managing an application for a job position sent through the forms in the “Work with Us” section;

2. Pursuant to art.6, paragraph 1, lett. c), GDPR, in order to comply with and fulfill obligations under applicable national and/or supranational legislation;

3. Pursuant to Art. 6, para. 1, lett. f), GDPR, in order to promote the services of the Data Controller to data subjects who have already used them, by sending periodic informations, commercial communications by e-mail, always without prejudice to the right of data subjects to object to the processing at any time (so-called “opt-out”);

4. Pursuant to Article 6, paragraph 1, lett. a), GDPR, with the express consent of the data subject, for the performance of direct mail marketing and statistical activities.

The provision of personal data for the purposes referred to in Articles 3.1 and 3.2 is optional for the data subject but necessary in order to carry out the same. In the absence of such provision of personal data, it will not be possible for the Data Controller to carry out the services and/or requests and/or activities and/or contracts in respect of the data subject.

The provision of personal data for the purposes referred to in Articles 3.3 and 3.4 is optional for the data subject, and from the failure to provide and/or the revocation of the same will not derive prejudicial effects, with reference to the other basic purposes described above.

4. Method of processing

Personal data are processed in accordance with the principles of fairness, lawfulness, and transparency. The Data Controller ensures that the data will be processed by means of computer tools and/or paper media, by individuals committed to confidentiality and specially designated and/or authorized through special appointments, within the limits of the performance of their work activities, with logics related to the purposes and in any case suitable to ensure the security and confidentiality of the person concerned, through the use of procedures aimed at circumventing the risk of loss, unauthorized access, illegal use and dissemination, in compliance with the limits and conditions placed by the Regulation.

5. Access to data

The personal data collected can only be accessed by subjects expressly designated by us or by Data Processors working on behalf of our company and will not be disclosed to third parties, unless this is expressly functional to the purposes of the processing previously set out and in any case in compliance with the regulations in force.

In particular, the personal data of the data subjects may be accessed, within the limits and for the strictly necessary purposes permitted by law, by the following types of subjects:

personnel expressly trained and designated by the Data Controller pursuant to Article 29 GDPR;

companies that perform services related to the operation and hosting of the website in the cloud;

companies that perform services related to the delivery, monitoring, navigation analysis, measurement and optimization of websites;

companies specializing in marketing, re-marketing, social media, operational management of communication campaigns via the Internet, e-mail and/or telephone systems;

companies specializing in the provision of data processing, storage and/or analysis services;

companies or professionals that provide consulting and/or fiscal, financial, economic, legal and/or organizational assistance to the Data Controller.

Personal data may be disclosed to third parties known to us and identified as Data Processors in accordance with Article 28 GDPR only and exclusively for the aforementioned purposes and will not be disclosed to further third parties. When we use service providers that, in any way, involve the transmission and processing of personal data, we enter into agreements requiring them to ensure the adoption of all proper technical and organizational measures to protect personal data.

The list of subjects over time appointed as Data Processors is available, upon request and in the forms required by law, at the contact details indicated in art.10.

6. Protection of processed data

We will use industry-standard physical, technical, and administrative security measures to keep your personal information confidential and secure and will not share them with third parties except as expressly provided in this Privacy Policy and/or required by Law. It remains your express responsibility to take any stricter security measures to protect the personal information you provide and your access information as it relates to how it is transmitted to the Data Controller. If you know or suspect that your personal data has been lost, stolen, misappropriated, or otherwise compromised, or in the event of any actual unauthorized use, please contact us immediately by e-mail at the address listed in Section 10.

7. Transfer of data

The management and storage of personal data will take place on servers located in Italy of the Data Controller and/or third-party companies, appointed by the Data Controller as Data Processors.

The data will not be transferred outside the European Union.

8. Period of data retention

The personal data of users who send a request for information via the contact form, will be processed and stored only for the time strictly necessary to fulfill the request, for the purposes outlined in art. 3.

The data collected for the activities of subscribing to the newsletter service, will be entered into the company database and kept for the time of the duration of the service, after which it will be deleted or anonymized within the timeframe established by the law. You can access, review, edit and delete your profile information by going to your account and editing your information. However, if you wish to update, delete, restrict use or disclosure of, or access the personal information we maintain about you in our systems, you must send us your request by e-mail to legal@weareconflux.com.

If there is a revocation of consent to specific processing by the data subject, the data will be deleted or anonymized within 72 hours of receiving the revocation.

9. Rights of the data subject

In relation to this processing of personal data and in accordance with the European Regulation, as a data subject you may, at any time, exercise your rights under Chapter III of the GDPR, explained below:

art. 15 GDPR (Right of Access): the data subject has the right to obtain from the Data Controller confirmation that personal data concerning him/her is being processed, and if so, to obtain access to the aforementioned personal data and to the information specified in this article, functional to the exercise of his/her rights;

Art. 16 GDPR (Right to Rectification): the data subject has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him/her and, taking into account the purposes of the processing, he/she also has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;

art. 17 GDPR (Right to erasure): if there is even one of the reasons indicated in this article to which reference is made, the data subject has the right to obtain from the Data Controller the erasure of his/her personal data;

art. 18 GDPR (Right to limitation of processing): the data subject has the right to obtain from the Data Controller the limitation of the processing of his or her personal data if any of the hypotheses provided for in this article apply;

Art. 20 GDPR (Right to portability): where technically feasible, the data subject has the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her provided to a Data Controller and has the right to transmit such data to another Data Controller without hindrance from the Data Controller to whom he or she provided it;

Article 21 (Right to object): the data subject has the right to object at any time to the processing of his or her personal data.

Finally, the data subject also has the right to lodge a complaint with the Garante per la protezione dei dati personali, following the procedures and directions published on the Authority’s official website at www.garanteprivacy.it.

The exercise of the rights is not subject to any formal constraints and is free of charge, except in specific cases provided for in current regulations.

10. Procedures of exercising rights

Data subjects may exercise their rights at any time, by sending an email to the address legal@weareconflux.com, or by writing to: Conflux s.r.l. (“Conflux”), Via Giovanni Spadolini 7 – 20141 Milano