Pursuant to art. 4, no. 1 of the GDPR, “personal data” refers to “any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The Data Controller is Albachiara (S.r.l.) in the person of its legal representative pro tempore Mr. Giulio Guasco, based in Via Ponte di Bagnolo 2/4/6 50059 Vinci (FI), Italy.
PURPOSES OF PROCESSING
The data you provide will be processed for purposes related to the request you made with particular reference to:
- managing “information request” sections;
- managing the “work with us” section of the Website: the data provided will be used to assess the user’s application in relation to any job opportunities within the organisation of the Data Controller company;
The provision of personal data for the purposes given above is always optional, albeit necessary for the aforementioned purposes. If you do not provide the requested information, you will not be able to take advantage of all the services offered by this website.
For all the aforementioned purposes, the Data Controller may appoint external suppliers to whom, only and exclusively, the data strictly necessary for carrying out this task will be transmitted.
Suppliers will act as Data Processors, appointed pursuant to art. 28 of the GDPR. The list is available upon request from the Data Controller at the following address; Albachiara (S.r.l.) with registered office in Via Ponte di Bagnolo 2/4/6 50059 Vinci (FI), Italy.
The User assumes responsibility for the personal data of third parties that have been obtained, published or shared by the User via this Website and guarantees that they have the right to communicate or disseminate such data, relieving the Data Controller from any liability to third parties.
PLACE OF PROCESSING AND PERIOD OF DATA STORAGE
Processing related to the services of the Website will take place at the headquarters of Albachiara (S.r.l.), in Via Ponte di Bagnolo 2/4/6 50059 Vinci (FI), Italy, depending on the type of personal data and will be processed only by authorised personnel, appointed “data processors” or “sub-processors”.
Your personal data will be processed and stored for the time necessary to carry out the purposes for which it was collected. When processing is based on the express and explicit consent of the user, the Data Controller may store the personal data for a longer period until such consent is revoked. Furthermore, the Data Controller may be obliged to retain personal data for a longer period in accordance with a legal obligation or by an order of the supervisory authority. In any case, the management of information collection is configured, from the outset, in such a way so as to minimise the use of the data.
DATA PROCESSING METHODS
The Data Controller will process the user personal data by adopting appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of said personal data.
Processing is carried out by means of the operations or set of operations indicated in art. 4 of the GDPR 2016/679: collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, restriction, transmission, erasure or destruction.
In relation to the purposes indicated above, processing will be carried out using IT and online tools, with organisational methods and with logic strictly related to the purposes indicated and, in any case, in such a way so as to guarantee the security and confidentiality of the data.
Processing may be carried out on behalf of the Data Controller, in compliance with the same methods and criteria given above, by categories of data processors and/or sub-processors involved in organising the Site (administrative, commercial and marketing staff, legal services, system administrators) or by external parties (such as third-party technical service providers, couriers, hosting providers, IT companies, communication agencies), which may be appointed for the purpose.
TYPE OF DATA PROCESSED
The personal data subject to processing by the Data Controllers mainly consists of:
In the course of their normal operations, the IT systems and software procedures for the functioning of this Website acquire some personal data, the transmission of which is implicit in the use of internet communication protocols.
This information is not collected in order to be associated with identified interested parties, but given the nature of such data, it may be used to identify users if processed and combined with data held by third parties.
This data category includes the IP addresses or domain names of computers of users who visit the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the user and other parameters relating to the operating system and the computer environment of the user.
This data is used only to obtain anonymous statistical information on site usage and to check its correct functioning, and is immediately deleted after processing.
Data Supplied Voluntarily by the User
The elective and voluntary sending of emails to the email addresses posted on the Website entails the subsequent acquisition of the sender’s email address – which is necessary to answer any requests – as well as the acquisition of any other personal information included in the message. Specific summary information will be gradually reported or displayed on the pages of the Website designed to allow access to the services on request.
No user personal data is acquired by the site. Cookies are not used to send personal information, nor are any kind of “persistent cookies” or user tracking systems used. The use of so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) are strictly limited to the transmission of session identifiers (made up of random numbers generated by the server), which are required for the safe and efficient exploration of the site. The so-called session cookies used on this site do not utilise other IT techniques that could potentially compromise the browsing privacy of users and do not permit the acquisition of the user’s personal identifying data. If you no longer wish to receive communications from Albachiara (S.r.l.), all you have to do is send an email to firstname.lastname@example.org specifying the following in the subject line: “Remove from the email list”.
RIGHTS OF DATA SUBJECTS
The data subjects to whom the personal data refers may, at any time, exercise the following rights, pursuant to articles 15-22 of the GDPR:
Right of access: the right to obtain from the Data Controller confirmation of whether personal data concerning you is being processed and, if this is the case, to obtain access to such data and the following information: processing purposes and methods, the categories of personal data provided, recipients and/or categories of recipients to whom the data was or will be communicated and, where possible, the storage period or, if this is not possible, the criteria used to determine that period;
Right of rectification: in accordance with art. 16 of the GDPR, the User may obtain the rectification of personal data that is inaccurate and, considering the purposes of the processing, may obtain the integration of data that is incomplete, also by providing an additional statement;
Right to be forgotten: in accordance with art. 17 of the GDPR, the User may obtain the deletion of their personal data and the Data Controller will be obliged to delete it without delay when the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
Right to restriction of processing: in accordance with art. 18 of the GDPR, the User may limit processing if one of the following events occurs: the accuracy of the personal data is disputed; the processing is unlawful; the data is no longer necessary for the purposes of the processing and the data subject requests said data to establish, exercise or defend their rights in court; pending verification of the balancing test concerning legitimate interest, in the case of opposition to processing.
Right to data portability: in accordance with art. 20 of the GDPR, the User may, at any time, request and receive their personal data from the Data Controller, “in a structured, commonly used and machine-readable format” and transmit it to another Data Controller without impediment. In this case, the User will be responsible for providing the details of the new Data Controller with written authorisation;
Right to object: the User may object to processing at any time and also in the case of processing for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing;
Right to lodge a complaint with a supervisory authority: without prejudice to the right to appeal in any other administrative or judicial setting, if the User believes that the processing of their personal data is in violation of the GDPR and/or applicable law, they can lodge a complaint with the competent supervisory authority.
Requests should be addressed to the Data Controller by email at the above address.
INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS
This type of service will allow you to interact with social networks, or other external platforms, directly from the pages of this website. The interactions and information acquired by this Website will, in any case, be subject to the User’s privacy settings on each social network.