NOTICE PURSUANT TO ART.13 of the “European Regulation on the Protection of Personal Data” GDPR 2016/679
Pursuant to EU Regulation 2016/679 referred to as the “European Data Protection Regulation”, (hereinafter referred to as the “Regulation” or even just “GDPR”) we inform users that personal data entered on our website are processed in the manner and for the purposes described below.
In compliance with the requirements set forth in the Data Protection Regulation, “processing” of data means “any operation or set of operations carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.”
1. Data holder
The data controller is: Conflux s.r.l. (“Conflux”), with registered office in Italy, Via Giovanni Spadolini 7 – 20141 Milan, Italy, VAT and Tax Code 11716181000.
For further information you may contact us at the following email address: firstname.lastname@example.org.
2. Object of processing
The personal data collected and processed by the Data Controller are exclusively those provided by the data subject when sending a contact request, when sending a job application and/or when subscribing to the newsletter service, or data otherwise known to the Data Controller in connection with the above-described activities and are, in particular, the user’s first and last name, e-mail address and telephone number. In addition to the data provided directly by you, we use certain technologies, such as usage data collection tools and cookies, to automatically collect information that may contain personal data, as you browse our website, to provide you with a better experience.
This website processes only personal data, by which is meant, in accordance with current legislation, any information relating to a specific natural person (e.g. : first name, last name, social security number, date of birth), which allows its identification, either directly by means of the data or also indirectly, by reference to any other information, including a personal identification number (e.g. : employee identification code, association, first and last name and mobile phone number); the definition also includes location data, online identifiers or data referring to one or morè characteristic elements of the physical, physiological, genetic, psychic, economic, cultural or social identity of the identified or identifiable person.
3. Purposes and legal bases of processing
The personal data described above are processed by the Data Controller:
The provision of personal data for the purposes referred to in Articles 3.1 and 3.2 is optional for the data subject but necessary in order to carry out the same. In the absence of such provision of personal data, it will not be possible for the Data Controller to carry out the services and/or requests and/or activities and/or contracts in respect of the data subject.
The provision of personal data for the purposes referred to in Articles 3.3 and 3.4 is optional for the data subject, and from the failure to provide and/or the revocation of the same will not derive prejudicial effects, with reference to the other basic purposes described above.
4. Method of processing
Personal data are processed in accordance with the principles of fairness, lawfulness, and transparency. The Data Controller ensures that the data will be processed by means of computer tools and/or paper media, by individuals committed to confidentiality and specially designated and/or authorized through special appointments, within the limits of the performance of their work activities, with logics related to the purposes and in any case suitable to ensure the security and confidentiality of the person concerned, through the use of procedures aimed at circumventing the risk of loss, unauthorized access, illegal use and dissemination, in compliance with the limits and conditions placed by the Regulation.
5. Access to data
The personal data collected can only be accessed by subjects expressly designated by us or by Data Processors working on behalf of our company and will not be disclosed to third parties, unless this is expressly functional to the purposes of the processing previously set out and in any case in compliance with the regulations in force.
In particular, the personal data of the data subjects may be accessed, within the limits and for the strictly necessary purposes permitted by law, by the following types of subjects:
Personal data may be disclosed to third parties known to us and identified as Data Processors in accordance with Article 28 GDPR only and exclusively for the aforementioned purposes and will not be disclosed to further third parties. When we use service providers that, in any way, involve the transmission and processing of personal data, we enter into agreements requiring them to ensure the adoption of all proper technical and organizational measures to protect personal data.
The list of subjects over time appointed as Data Processors is available, upon request and in the forms required by law, at the contact details indicated in art.10.
6. Protection of processed data
7. Transfer of data
The management and storage of personal data will take place on servers located in Italy of the Data Controller and/or third-party companies, appointed by the Data Controller as Data Processors.
The data will not be transferred outside the European Union.
8. Period of data retention
The personal data of users who send a request for information via the contact form, will be processed and stored only for the time strictly necessary to fulfill the request, for the purposes outlined in art. 3.
The data collected for the activities of subscribing to the newsletter service, will be entered into the company database and kept for the time of the duration of the service, after which it will be deleted or anonymized within the timeframe established by the law. You can access, review, edit and delete your profile information by going to your account and editing your information. However, if you wish to update, delete, restrict use or disclosure of, or access the personal information we maintain about you in our systems, you must send us your request by e-mail to email@example.com.
If there is a revocation of consent to specific processing by the data subject, the data will be deleted or anonymized within 72 hours of receiving the revocation.
9. Rights of the data subject
In relation to this processing of personal data and in accordance with the European Regulation, as a data subject you may, at any time, exercise your rights under Chapter III of the GDPR, explained below:
The exercise of the rights is not subject to any formal constraints and is free of charge, except in specific cases provided for in current regulations.
10. Procedures of exercising rights
Data subjects may exercise their rights at any time, by sending an email to the address firstname.lastname@example.org, or by writing to: Conflux s.r.l. (“Conflux”), Via Giovanni Spadolini 7 – 20141 Milano