NOTICE ON THE PROCESSING OF PERSONAL DATA for the WEBSITE attibassi.it
This notice is provided pursuant to Art. 13, Legislative Decree 196, 30/06/2003 (“Code for the protection of personal data” and to Art. 13 ,EU Regulation No. 2016/679 (“General European Regulation on the protection of personal data”).
The Company Coop Industria Soc. Coop. a r.l. (CO.IND.S.C.) with registered office in Saliceto, 22/H – 40013 – Castel Maggiore (BO), Tax Code 00499331205, in the person of Tino Cesari, as Data Controller (hereinafter, “Data Controller”), for the WEBSITE attibassi.it, informs you, pursuant to Art. 13, Legislative Decree 196, 30/06/2003 (hereinafter, “Privacy Code”) and to Art. 13, EU Regulation No. 2016/679 (hereinafter, “GDPR”), that your data will be processes according to the following procedures and for the purposes below:
1. What we process
Coop Industria Soc. Coop. a r.l. (CO.IND.S.C.) safeguards your personal data and complies with the legislation on personal data protection (Privacy Code and GDPR 12016/679). Your personal data is kept confidential and is only given to third parties according to the provisions in this Policy, or with your consent. We process the personal data you provide us when you use our website and/or after registering on our website.
More specifically, we process:
- the personal, identification and non-sensitive data (i.e. your name, surname, Tax Code, VAT No., e-mail, telephone number – hereinafter “personal data” or even “data”) you have provided in certain sections of our website;
- data you have not provided directly – and acquired, nevertheless, within the limits established in Art. 14. paragraph 5, GDPR – transmitted via Internet communication protocols (e.g. page accesses, amount of data transferred, successful access status message, session ID numbers, IP addresses, URL addresses, etc.) This data enables us to reconstruct the path taken by your visits to our website.
2. Why we process your data
Your data is processed:
A) without your express consent (Art. 24, letters a), b), c), Privacy Code and Art. 6, letters b) and e), GDPR) for the following Service Purposes:
- to process a contract request;
- to implement the pre-contractual measures taken at your request;
to process internal statistics;
- to fulfil pre-contractual, contractual and tax obligations arising from our relationship;
- to fulfil the obligations envisaged by law, a regulation, community legislation or by an order from the Supervisory Authority;
- to prevent or discover fraud or harmful abuse of the website;
- to exercise the Data Controller’s rights (e.g. the right to defence before the courts);
B) Only subject to your specific, clear consent (Arts. 23 and 130, Privacy Code and Art. 7, GDPR) for the following purposes:
- To select personnel by acquiring your C.V.
3. Why we need your personal data
We require your data for the purposes described in point 2, letter A), Numbers i and ii. If you fail to provide your data, we cannot guarantee your registration on our Website or answer your requests.
Providing your data for the purposes described in point 2, letter B) is optional. You can decide whether or not to provide any data or refuse to allow us to process the data given previously. In that case, you will no longer receive our newsletters, whereas you will continue to receive our services and have the right to register on our website.
4. How we process your data
We process your personal data via the operations indicated in Art. 4, Privacy Code and Art. 4, No. 2), GDPR and specifically: the collection, recording, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, block, communication, erasure and destruction of the data. We will process your data according to the principles of correctness, lawfulness and transparency either by automated procedures to store, manage and transmit the data and via suitable instruments, where applicable, and with state of the art technology to guarantee security and confidentiality, with the use of suitable procedures to avoid the risk of loss, unauthorised access, unlawful use and diffusion.
5. How long we store your data
The Data Controller will process your personal data for the time it takes to achieve the purposes described above, in compliance with existing legislation and for no longer than 2 years from the time we collect your data for Marketing purposes. The personal data acquired via your C.V. will be kept for up to 2 years. After that storage period, the data will be destroyed or pseudonymised.
6. Data access
Personal data processed by the Data Controller will not be published, i.e. it will not be revealed indeterminately in any form, and will not be made available even for simple consultation. It may be communicated to the workers employed by the Data Controller and to some external individuals, who collaborate with them. More specifically, your data may be made accessible to:
- the Data Controller’s employees and collaborators, consultants authorised to manage the website and supply the relevant services (e.g.: customer services, IT department, etc.), as internal Data Processors and/or persons appointed to process personal data and/or system administrators;
- third party companies or other parties (e.g.: banks, professional studios, consultants, insurance companies, etc.), which carry out outsourcing on behalf of the Data Controller, as external Data Processors and/or persons appointed to process personal data.
Your data may also be communicated, within the limits strictly necessary, to persons legally entitled to access them under the provisions of the law.
7. Data disclosure
Without your express consent (according to Art. 24, letters a), b), d), Privacy Code and Art. 6, letters b), c), GDPR), the Data Controller may disclose your data for the purposes indicated to the Supervisory or Judicial Authorities and all those other parties, to which disclosure is mandatory by law to carry out said purposes.
8. Data transfer
Personal data will be managed and stored on the servers of the Data Controller and/or third party companies appointed and duly named as Data Processors, located within the European Union, in compliance with the provisions of Arts. 45 et seq., GDPR. The servers are currently located in . Your data will not be transferred outside the European Union. It remains understood under any circumstance that, if the server needs to move in Italy and/or the European Union and/or Non-member EU Countries, this move will always be made in compliance with Arts. 45 et seq, GDPR. In this case, however, the Data Controller guarantees as of now that the transfer of data outside the EU will comply with the applicable provisions of law and, if necessary, it will draw up agreements, which guarantee an adequate level of protection and/or which contain the standard, contractual clauses envisaged by the European Commission.
9. Browser data
During their normal activity, the computerised systems and software procedures operating the website can acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with any specific data subjects. However, the nature of this information could enable users to be identified (i.e. parameters regarding the user’s operative system and computer environment) by processing and associating it with data held by third parties. The Data Controller uses this data only to extract anonymous, statistical data on the use of its Website and to check it is operating correctly. It then erases it immediately after processing. This data can also be used to ascertain liability in the event of hypothetical electronic offences against the Website.
11. Your rights as Data Subject
As Data Subject, you have the rights established in Art. 7, Privacy Code and Art. 15, GDPR and specifically:
- the right to obtain confirmation of whether your personal data exists, even though it has not yet been recorded, and to request its communication in an intelligible format;
- the right to obtain information regarding: a) the origin of your personal data; b) the purposes and procedures of the processing; c) the logic applied if processed using electronic instruments; d) the name and contact details of the data controller, processors and designated data protection officer, pursuant to Art. 5, paragraph 2, Privacy Code and Art. 3, paragraph 1, GDPR; e) the recipients or categories of recipients to whom the personal data may be communicated or who may discover it, such as the designated data protection officer in the country, processors or appointed persons;
- the right to: a) update, correct or, when you so wish, supplement the data; b) delete, restrict the use, transform into an anonymous form or block any data processed in breach of the law, including data which does not need to be stored for the purposes for which it was collected or subsequently processed; c) obtain certification that the operations in letters a) and b) have been communicated together with the contents, to those to whom the data has been communicated or diffused, except in the event it is impossible to do so or involves a use of disproportionate means compared to the right protected;
- the right to oppose in whole or in part: a) the processing of your personal data on legitimate grounds, even though the data processed is pertinent to the purpose for which it was collected; b) the processing of your personal data in order to send advertising material or for direct sales, or to implement market research or commercial communications via the use of automated call centres without the intervention of an operator, via e-mail and/or via traditional marketing procedures, via telephone and/or by mail. Please note that the right of opposition of the data subject, who has been subjected to the preceding point b) for marketing purposes via automated procedures also extends to traditional procedures, without prejudice to the possibility for the data subject to exercise his/her right of opposition even in part. Therefore, the data subject can decide to receive only communications via traditional methods or only automated communications or neither of the two types of communication.
Where applicable, you not only have the rights established by Arts. 16-21, GDPR (Right of rectification, right to be forgotten, right to restrict processing, right of data portability, right of opposition), but also the right to complain to the Data Protection Authority.
12. How to exercise your rights
You have the right to ask the Data Controller to access, rectify or erase your data, to supplement incomplete data, to restrict processing; to receive your data in a structured, commonly used format, which can be read by an automatic device; to revoke the consent given at any time to the processing of your sensitive data and to oppose the use of the data; to lodge a complaint with the Supervisory Authority and to exercise the other rights recognised to you by the applicable regulations.
You may exercise your rights at any time by sending:
a registered letter A/R to: Coop Industria Soc. Coop. a r.l. (CO.IND.S.C.) with registered office in Saliceto, 22/H – 40013 – Castel Maggiore (BO); an e-mail to the address: firstname.lastname@example.org
Where the data subject providing the data is under the age of 16, this processing is lawful only if and to the extent that consent is given or authorised by the holders of parental responsibility, who have provided their identification details, together with a copy of their identification documents.
14. Data Processor, Data Protection Officer and Data Processors
The Data Controller is Coop Industria Soc. Coop. a r.l. (CO.IND.S.C.) with registered office in Saliceto, 22/H – 40013 – Castel Maggiore (BO), Tax Code 00499331205, in the person of Tino Cesari.
The updated list of data processors and persons appointed for processing is kept at the Data Controller’s head office.
15. DPO – Data Protection Officer
Ferdinando Mainardi. Contact details: email@example.com; 3382274559