The owner of the processing of personal data is s.r.l. Nove 25 Registered office: Via R. Sanzio, 19 - MI P.IVA - C.F. : 04217070962 REA: MI - 1733121 in the person of the legal representative Egr. Mr. Roberto Dibenedetto.

The person in charge of data processing is Egr. Mr. Francesco Almansi (francesco.almansi@nove25.net)

 

Subject of treatment

The Holder treats: 

-personal, identifying data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references) hereafter, "personal data."

-the "special data" disclosed by you in connection with the conclusion of contracts for the services of the Data Controller and as the recipient of such data with regard to all communications made and received in dealings with the entities and individuals involved in the professional activity proper to the Data Controller and the Data Processor.

In particular, the object of processing includes:

Personal and identification data: (such as, for example, name, date of birth, place of birth, nationality, social security number, marital status, occupation, etc.);

-Contact data (such as, address, e-mail address, phone number, etc.);

-Data on education, professional experience and previous activities;

-Special categories of personal data (such as, for example, health status, union membership, etc.) only to the extent that such information is contained in the resume;

Photo as present on resume;

Purpose of processing

Your personal data are processed:

Pursuant to Art 6 EU Regulation No.679/2016 (and subsequent legislative adaptation provisions Legislative Decree 101/2018) (GDPR). lett. b), e) GDPR), for the following Service Purposes:

A)-conclude contracts for Holder's services:

-fulfill pre-contractual, contractual and tax obligations arising from existing relations with you and, in particular regarding the following purposes having contractual legal basis:

  The acquisition and processing of personal data voluntarily provided on the occasion of and as a consequence of the contract with customers or voluntarily provided to request information or quotes is necessary for the Owner to fulfill customer requests, to execute the contract itself, and to fulfill related obligations under accounting and tax regulations. 

Specifically, the purposes of processing are:

Purposes related to the execution of pre-contractual negotiations:

a) Managing the process of selecting and evaluating candidates for inclusion in the corporate organization, including evaluating individuals to fill positions sought;

The legal basis legitimizing the processing of data for the purposes specified above is the execution of pre-contractual negotiations requested by the data subject is party (art. 6 no. 1 letter b) GDPR). In connection with the evaluation of the application, the Data Controller may also process special personal data under Article 9 GDPR, such as, but not limited to, those revealing health status or religious beliefs or trade union membership.

The legal basis legitimizing the processing in this case is the specific and informed free consent of the data subjects (Art. 6 No. 1 letter a) of the GDPR).  In case consent is not given, it will not be possible to evaluate the application. 

Data subjects have the right to revoke their consent at any time, but processing carried out before revocation remains lawful. After revocation, the data controller will cease processing the data for which consent is required (Art. 7 No. 3 GDPR).

Purposes related to the fulfillment of legal obligations:

b) Fulfilling obligations under the law, with reference to possible subsequent employment.

The legal basis legitimizing the processing of data for the purposes specified above is the fulfillment of legal obligations (Art. 6 No. 1 letter c) of the GDPR).

Purposes related to the legitimate interest of the Owner:

c) Protection of the holder's rights and exercise of the right of defense in case of litigation.

The legal basis legitimizing the processing of data for the purposes specified above is the legitimate interest of the Data Controller (Art. 6 No. 1 letter f) of the GDPR), which in this case is fairly balanced with the rights and freedoms of the data subjects.

Purposes requiring consent:

The Controller may process special data ex art. 9 GDPR such as but not limited to: health status, membership in protected categories, disability, or union membership, etc.

The legal basis legitimizing the processing of data for the purposes specified above is the consent freely given by the data subject (Art. 6 No. 1 letter a) of the GDPR). 

-for exhibiting RALs and documentation attached to past work experience;

--for any request for judicial certificates and their processing in accordance with Article 10 GDPR

B)-fulfilling obligations under the law, a regulation, EU legislation or an order of the Authority (such as in the field of anti-money laundering) and for all purposes related to and having as legal basis the legal obligation;

C)-exercising the rights of co-owners, e.g. the right of defense in court, as well as for all purposes related to the exercise of the rights granted to entities on the basis ail their legal relationships with natural persons, legal persons and legal entities; the legal basis for such processing purposes is the exercise of defense in court.

Nature of data provision and consequences of refusal to respond

We inform you that, taking into account the purposes of the processing referred to in points A), B) AND C) as illustrated above, the provision of the data necessary for the purposes is free but their failure, partial or inaccurate provision may have, as a consequence, the impossibility of carrying out the activity and pre-contractual and contractual fulfillments as provided for in the contract of sale and / or supply of products. Where the person giving the data is under 13 years of age, such processing is lawful only if and to the extent that, such consent is given or authorized by the holder of parental responsibility for whom the identifying data and copies of identification documents are acquired.

Method of data collection: data are collected from the data subject.

Mode of treatment

The processing of your personal data is carried out by means of the following operations: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

The processing will be carried out either by manual and/or computerized and telematic means with logics of organization and processing strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data themselves in compliance with the organizational, physical and logical measures provided for in Articles 24 and 25 and 32 of the GDPR. 

Access to data by processing employees

Your data may be made accessible for the exclusive purposes set forth in this notice:

-to employees and collaborators of the Controller, the auxiliaries and third persons employed companies and companies in supply and outsourcing relationship with the Controller in their capacity as authorized persons for processing and/or internal data controllers and/or system administrators;

-to third-party companies or other entities (by way of example credit institutions, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors.

Disclosure of data

Without the need for your express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) EU Regulation n.679/2016 (and subsequent provisions of legislative adaptation D.Lgs 101/2018) (GDPR)., the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the fulfillment of the said purposes.

These parties will process the data in their capacity as autonomous data controllers.

Your data will not be disseminated.

Data Retention and Transfer

Personal data are stored on servers located in Milan, within the European Union and precisely outside the Holder's Head Office and in full compliance with the provisions and requirements necessary for the security and proper location of data storage units (Data centers).

The aforesaid location and manner of storage of data centers may be disclosed only to the data subject whose data is being processed and to the Supervisory Authorities for reasons of national security, public safety, defense in court, for the prevention, detection and prosecution of crimes, for the protection of the interests and freedoms of others, for the execution of civil actions, and for relevant objectives of public and economic interest. Whereas, The Data Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 5 years after the termination of the relationship for the Purposes of Billing Service and Corporate Accounting;

Considering that the Data Controller will process the "special" personal data referred to in Art.9 GDPR EU Regulation No.679/2016 for the time necessary to fulfill the above purposes and in any case for no longer than the termination of the relationship for the Pre-contractual Purposes inherent in the phase of mere contractual proposal of entering into a contract of sale of the product; Personal data are retained for the duration of the association and / or mandate relationship and in the case of revocation and / or other termination of the relationship.

Transfer of Data to Third Countries and International Organizations 

It should be noted that the Owner does not process data that involves the transfer of personal and special data to Third Countries or International Organizations. 

Rights of the data subject

Right of access to data under Articles 15-23 GDPR EU Regulation No.679/2016 (and subsequent legislative adaptation provisions Legislative Decree 101/2018)

Right of access to data 

In your capacity as data subject, you are the holder of the rights under Art. 15 GDPR: -to obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form; -to obtain indication of: (a) the origin of the personal data; (b) the purposes and methods of processing; (c) the logic applied in the case of processing carried out with the aid of electronic instruments; (d) the identification details of the data controller, data processors and the data controller's representative and the persons authorized to process the data; and (e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, data processors or persons authorized to process the data;

Right to rectify data

In your capacity as a data subject, you are the holder of the rights referred to in Article 16 GDPR, namely the rights to:

(a) updating, rectification or, when interested, integration of data

Right to erasure of data

In your capacity as a data subject, you are the holder of the rights referred to in Article 17 GDPR, namely the rights to:

b) deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;

Right to limitation of processing:

In your capacity as a data subject, you are the holder of the rights referred to in Article 18 GDPR, namely the rights to:

to request the restriction of data use for the sole reasons of public interest, only and exclusively and carried out with the consent of the data subject and for the establishment or defense of a right, in cases where the data subject disputes the accuracy of the data and processing, in the case of exercising the right to object to processing under Article 21 GDPR and in the other cases provided for in Article 18 GDPR 

Right to portability:

In your capacity as a data subject, you are the holder of the rights referred to in Article 20 GDPR EU Regulation No. 679/2016 (and subsequent provisions of legislative adaptation D.Lgs 101/2018), namely the rights of:mandate and, in the case of revocation and / or other termination of the relationship. 

-receive the personal data provided to the Data Controller in a structural format or on a commonly used, intelligible and accessible computer medium for any operating system (USB or duly encrypted ZIP file), 

-move without constraint, the complexes of information and data concerning you from the present holder to another holder chosen by you according to your purposes and in full compliance with the principles of transparency, lawfulness and proportionality of processing.

The right to data portability is without prejudice to other rights.

Right to object to processing:

In your capacity as a data subject, you are the holder of the rights referred to in Article 21 GDPR 

-oppose, in whole or in part:

(a) for legitimate reasons to process personal data concerning you, even if relevant to the purpose of collection;

(b) to the processing of personal data concerning you for any other purpose not relevant to the processing. 

Right to withdraw consent:

In your capacity as a data subject, you are the holder of the rights referred to in Article 7 GDPR, namely the right to withdraw consent, where provided and at any time.

Withdrawal of consent does not affect the lawfulness of processing based on the consent given before the withdrawal; 

Limitations to the obligations of data controllers and data processors under Article 23 GDPR

The obligations of the Data Controller and the Data Processor to make this disclosure pursuant to Art. 12 GDPR, not to submit to an automated procedure pursuant to Art.22 GDPR, and to make the disclosures pursuant to Art. 34 GDPR may be waived only upon Your consent or by necessity of disclosure to the Supervisory Authorities for reasons of national security, public safety, defense in court, for the prevention, detection and prosecution of crimes, for the protection of the interests and freedoms of others, for the independence of the judiciary, for the execution of civil actions, and for relevant objectives of public and economic interest.

Right to complain to the Privacy Authority:

In your capacity as a data subject, you are the holder of the rights referred to in Article 13 GDPR, namely the right to lodge a complaint with the supervisory authority 

Ways of exercising rights

You may exercise your rights at any time by sending a request by email to info@nove25.net and you may also exercise your rights by contacting the Privacy Guarantor, with Headquarters in Piazza Venezia n. 11 - 00187 Rome, Telephone switchboard: (+39) 06.696771,Fax: (+39) 06.69677.3785. For general information you can send an e-mail to: garante@gpdp.it @pec.it

Certified mail: protocollo@pec.gpdp.it

Product added to wishlist
gif_loading_whitex2