The right to privacy and protection of personal data of Users is of utmost importance for the Data Controller.
- By sending a registered letter with return receipt to the registered office of the Data Controller
- By sending an email to the address firstname.lastname@example.org.
1. Purposes of the processing
Users’ personal data will be processed lawfully by the Data Controller pursuant to art. 6 of the Regulations for the following purposes:
- Browsing of the website, with respect to the possibility of detecting User data that are necessary on a technical level, such as the IP address, while browsing the website.
- Sending newsletters, when specifically requested by the data subject.
- Responding to your requests for information, sent to us through the contact form provided.
- Legal obligations, i.e. to fulfil obligations envisaged by the law, an authority, a regulation or European legislation.
- Creating Custom Audiences on the Facebook advertising platform (Facebook Ads) to show targeted ads.
- Creating Customer Matches on the Google advertising platform (Google Ads) to show targeted ads.
The provision of personal data for the processing purposes specified above is optional but necessary, as failure to provide the data will make it impossible for the user to browse the Website, register with the Website, and take advantage of the services offered by the Data Controller on the Website.
With regard to the purposes set out in points 1/a, 1/b, 1/c, the legal basis for the processing is in fact the execution of the services provided through the Website and requested by you (pursuant to article 6, paragraph 1 , letter b of Privacy Regulation 2016/679). With regard to the purposes referred to in point 1/d of the previous paragraph, the legal basis of the processing is to fulfil a legal obligation of the data controller (pursuant to article 6, paragraph 1, letter c of Privacy Regulation 2016/679).
2. Processing methods and data retention times
The Data Controller will process the Users’ personal data using manual and IT tools, with logic strictly related to the purposes themselves, and, in any case, in order to guarantee the security and confidentiality of the data.
The personal data of the Website’s Users will be kept for the time strictly necessary to carry out the purposes described in paragraph 1 above, or in any case as necessary for the legal defence of the interests of both the Users and the Data Controller. With regard to the purpose referred to in 1.b., the data will be kept until you unsubscribe from the newsletter using the appropriate link contained therein or through the procedures for exercising your rights referred to in paragraph 4.
3. Scope of disclosure and dissemination of the data
The Users’ personal data may be disclosed to the employees and/or contractors of the Data Controller who have been appointed to manage the Website. These parties, who are formally appointed by the Data Controller as “appointed processors,” will process the User’s data exclusively for the purposes specified in this policy and in compliance with the provisions of the Applicable Regulations.
The Users’ personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller as “External Data Processors,” like, by way of example, suppliers of IT and logistics services involved in the operation of the Website, outsourced or cloud computing service providers, professionals, and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller by submitting a request to the Data Controller in the manner outlined in paragraph 4 below. With regard to points 1.f and 1.g, the data will be kept and used until you object through the procedures for exercising your rights referred to in paragraph 4.
4. Rights of Data Subjects
Users may exercise the rights granted to them by the Applicable Regulations by contacting the Data Controller in the following ways:
- By sending a registered letter with return receipt to the registered office of the Data Controller
- By sending an email to the address email@example.com
Pursuant to the Applicable Regulations, the Data Controller informs Users that they have the right to know
- the origin of the personal data;
- the purposes and methods of processing;
- the logic applied in the event of processing carried out with the aid of electronic instruments;
- the identity of the data controller and data processors;
- the parties or categories of parties to which the personal data may be disclosed or that may come to know them as processors or appointees.
Furthermore, Users have the right to:
- Access, update, correct, or, if interested, complete the data.
- Erase, transform into anonymous form or block data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed.
- Confirmation that the operations referred to in letters a) and b) have been brought to the attention of those to whom the data have been disclosed or disseminated, except in the case in which this obligation proves impossible or involves a use of means manifestly disproportionate to the right protected.
Furthermore, Users have:
- The right to withdraw consent at any time if the processing is based on their consent.
- The right to the portability of the data (the right to receive all their personal data in a structured format, commonly used and readable by automatic devices), the right to restrict the processing of personal data, and the right to their erasure (“right to be forgotten”).
- The right to object:
- In whole or in part, to the processing of their personal data for legitimate reasons even if pertinent to the purpose of their collection.
- In whole or in part, to the processing of their personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications.
- If personal data are processed for direct marketing purposes, at any time, to the processing of their data for such purposes, including profiling in so far as it is related to such direct marketing.
- If they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a supervisory authority (in the member state where they usually reside, work or where the alleged violation occurred). The Italian Supervisory Authority is the Personal Data Protection Authority – www.garanteprivacy.it – www.gpdp.it – E-mail: firstname.lastname@example.org
5. Managing newsletters, DEM and periodic communications
The company uses email marketing services to occasionally send newsletters and DEM (direct email marketing) to those who have chosen to subscribe by completing the relevant form on the website or by checking the relevant checkbox when requesting information of any kind using the contact form on the website.
These services enable the company to manage a database containing email contacts, telephone contacts or contacts of any other kind which can be used to communicate with Users.
These services may also enable the company to collect data showing the date and time Users see messages, the Users’ interaction with them and information on the clicks on the links inserted in the messages sent.
The email marketing software used to manage newsletters and DEM is MailChimp, and the email address of the subscribers is stored on the MailChimp servers (in the United States).
MailChimp (The Rocket Science Group, LLC.)
MailChimp is a service which manages addresses and sends emails that is provided by The Rocket Science Group, LLC.
Personal data collected: email address, name, surname, profession
Place of processing: USA
Users may request their data be removed from the database by sending a request to: email@example.com
or by clicking on the unsubscribe link found in every communication sent (newsletter).
Standards of reference:
- Italian Legislative Decree no. 196 of June 30, 2003, Code regarding the protection of personal data (hereinafter the Privacy Code).
- EU regulation no. 679 of April 27, 2016 concerning the protection of natural persons with regard to the processing of personal data, as well as the free movement of personal data (hereinafter EU Regulation).
- Italian Law no. 300 of May 20, 1970, most recently updated with the amendments envisaged by Italian Legislative Decree no. 185 of September 24, 2016 (hereinafter the Workers’ Statute).
- Italian Legislative Decree no. 81 of April 9, 2008, Consolidated Law on Health and Safety at Work (hereinafter the Consolidated Law on Health and Safety at Work).
- Provision of Authorization for the processing of sensitive data in labour relations, dated December 15, 2016, of the Personal Data Protection Authority (hereinafter the Authorization of the Personal Data Protection Authority).
We wish to inform you that upon submission of your resume, in order to verify the possibility of transforming your application into a working relationship, and in compliance with art. 13 of Italian Legislative Decree no. 196 of June 30, 2003 (the “Privacy Code”) and art. 13 of European Regulation no. 679 of 2016 (the “Privacy Regulation”), as a potential employer/customer Gazebo S.p.A. collects and processes your personal data (as “Data Subject”) and possibly personal data relevant to your family members.
Please note that with regard to the recruiting activity, with your specific consent Gazebo S.p.A. may process personal data that the Privacy Code defines as “sensitive” and the Privacy Regulation as “special” as they are necessary to identify, for example, general health status or specific conditions (e.g., physical problems, allergies, belonging to sheltered groups, and degree of disability) necessary to assess your fitness or otherwise to perform certain tasks or the possibility of the data subject to be hired as belonging to sheltered groups.
Subject to your specific consent and always with regard to the recruiting activity, as part of your personal data the Data Controller may also acquire and manage one or more photographic images to be included with the information acquired during the job interview.
1. Data Controller, Data Processors, and Data Protection Officer
The data controller of personal data is Gazebo S.p.A. (hereinafter the “Data Controller”), with registered office in via Molino Vecchio, 9 – 47043 Gatteo FC – Italy, VAT no. IT00186680401 email: firstname.lastname@example.org.
The updated list of Data Processors, where designated, can be provided upon request by the Data Subject.
In the event that a Data Protection Officer is appointed (pursuant to art. 37 of the Privacy Regulation), his or her identity will be disclosed by publishing such information in an integration to this policy.
2. Processing purposes and methods.
Personal data relevant to the Data Subject are processed as part of the Data Controller’s normal recruiting activity, to verify the possibility of transforming your application into an effective employment/working relationship.
With regard to this purpose, personal data are processed by specially appointed officers, who are authorized, and instructed to process data pursuant to art. 30 of the Privacy Code and articles 28 and 29 of the Privacy Regulation. Such personal data can also be processed by external parties (for example, recruitment companies, external consultants for the processing of remuneration and social security data, etc.), which can be qualified as independent Data Controllers or designated as Data Processors in writing. In any case, the processing will be carried out using manual, computerized and online tools, according to methods strictly related to the purposes and in any case in such a way as to guarantee the confidentiality and security of personal data and in full and absolute compliance with current legislation.
Your data will be retained by the Data Controller for the period of time strictly necessary for the aforementioned purpose, unless it is necessary to keep the data for a longer period in compliance with current regulations, including those regarding accounting. Your data will be processed in Italy, and, in any case, within the EU.
3. Mandatory or optional nature for data provision, consequences of any refusal, and legal basis for the processing.
With regard to the processing of personal data that the Privacy Code defines as “sensitive” and the Privacy Regulation as “special” as they are necessary to identify, for example, general health status or specific conditions (e.g., physical problems, allergies, belonging to sheltered groups, and degree of disability) necessary to assess your fitness or otherwise to perform certain tasks or the possibility of the data subject to be hired as belonging to protected categories, their provision is optional, however failure to provide them and the corresponding consent renders it impossible for the Data Subject to be hired for the aforesaid specific jobs or identification of belonging to any protected categories.
4. To whom and where can we can disclose Data Subject’s personal data?
With respect to the processing purposes specified above, and within the limits strictly relevant thereto, your personal data will be or may be disclosed to:
- All parties involved in the recruiting activity for the purpose of entering into a work contract; such parties are appointed and instructed in writing pursuant to the law by the Data Controller in accordance with the procedures established by the company’s job descriptions.
- External consultants appointed to carry out the aforementioned activity, unless designated in writing as Data Processors.
The parties specified above to whom your personal data may be disclosed (as not designated in writing as Data Processors), will process personal data as Data Controllers in accordance with current legislation, in full autonomy, being unrelated to the processing performed by Gazebo S.p.A
A detailed and constantly updated list of these parties with details of their respective locations is always available at the Gazebo S.p.A. headquarters.
Your personal data will not be disseminated.
5. The rights of the Data Subject.
Art. 7 of the Privacy Code and art. 15 and following of the Privacy Regulation give the Data Subject the right to obtain, in the modalities established by art. 8 and 9 of the Privacy Code and art. 12 of the EU Regulation 2016/679:
- Confirmation of the existence or otherwise of his or her personal data, even if not yet recorded, and their communication in an intelligible form.
- An explanation of the origin of the personal data, of the processing purposes and methods, of the logic applied in the event of processing performed with the aid of electronic tools, of the identity of the Data Controller.
- The updating, rectification, completion, erasure, transformation into anonymous form or blocking of data processed in violation of the law – including those that do not need to be kept for the purposes for which the data were collected or subsequently processed – the confirmation that these operations and their contents have been brought to the attention of those to whom the data have been disclosed or disseminated, except in the case where this obligation proves impossible or involves a use of means that are manifestly disproportionate to the protected right.
The Data Subject also has the right:
- To withdraw consent (where given) for the processing of personal data at any time (without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal).
- To wholly or partially object to the processing of his or her personal data for legitimate reasons even if pertinent to the purpose of their collection.
- To wholly or partially object to the processing of his or her personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications.
- To lodge a complaint with the Personal Data Protection Authority in the cases provided for by the Privacy Regulation, directly contacting the Personal Data Protection Authority, website www.gpdp.it – www.garanteprivacy.it – E-mail: email@example.com – Fax: (+39) 06.69677.3785 Tel: (+39) 06.69677.1
- To the portability of personal data within the limits referred to in art. 20 of the Privacy Regulation.
To know the detailed and constantly updated list of parties to whom the personal data of the Data Subject may be disclosed and to exercise the rights referred to in art. 7 of the Privacy Code and art. 15 and following of the Privacy Regulation, the Data Subject can contact Gazebo S.p.A. in its capacity as Data Controller.
6. Security measures.
All processing is carried out in compliance with the methods set out in art. 11 and following and 31 and following of the Code and through the adoption of the minimum security measures envisaged by the technical specification (Annex B to the Privacy Code) until May 24, 2018, and from May 25, 2018 also through the adoption of technical and organizational measures to guarantee a level of security adequate to the risk in compliance with the methods set out in art. 5 and following and 32 and following of the Regulation, as well as the relative provisions of the Privacy Authority.
In this regard, we confirm, among other things, the adoption of appropriate security measures to prevent unauthorized access, theft, disclosure, modification or unauthorized destruction of the Data Subject’s data.
7. Duration of the processing
In accordance with art. 11, letter e) of the Code and art. 5, letter e) of the Regulation, the personal data being processed will be kept for the time strictly necessary for the aforementioned purposes, and, in any case, for a period not exceeding 12 months (extendable to 36 months).