INFORMATION AND CONTACT DETAILS OF THE HOLDER OF THE TREATMENT Art. 13, paragraph 1 a) e b) Reg. UE n. 679/2016
Data Controller BlueIT SpASB , with registered office in Via Santa
Maria Valle 5, 20123 Milano (MI), C.F./P.I. 06357190963, iscrizione Registro imprese Milano Monza e Brianza e Lodi REA 1886930, capitale sociale euro 400.000,00 i.v.
Contact details of the Data Controller
Tel: 039-9718400 – Fax: 039-9718499 Email: email@example.com, firstname.lastname@example.org.
Contact details of the Data Protection Officer
BlueIT SpASB, with registered office in Via Santa Maria Valle 5, 20123 Milan (MI), VAT number 06357190963, as data controller of your personal data (hereinafter also “Data Controller”), informs you, pursuant to articles . 12 and 13 of EU Regulation no. 679/2016 (General Data Protection Regulation, hereinafter referred to as “GDPR” for the sake of brevity), that your personal data will be processed by specifically authorized subjects and limited to the purposes and with the methods that will be specified below, with reference to the functions of the web portal http://www.blueit.it/.
OBJECT AND PURPOSE OF THE TREATMENT
The Data Controller informs you that, specifically, will treat your (i)common personal Data, name and surname, e-mail, telephone number/fax, accounting, tax and banking data, and (ii) common personal Data and/or data belonging to particular categories of data ex art. 9 del GDPR possibly contained in Curriculum Vitae; and (iii) identification and IP addresses or domain names, with the methods that will be specified later.
Personal Data of Users of the Website will be treat in accordance with the provisions of the GDPR, for the performance of the features of this Website, with particular reference to the data collection procedures for completing the form “Contacts” and sending the Curriculum Vitae through the “Work with us” function.
In particular, the Personal Data provided to the Data Controller will be treated for the pursuit of the following purposes:
- to follow up the specific requests made to the Data Controller by the User through the Website and its communication tools, in particular through the “Contacts” form aimed at the transmission of requests for information of any kind;
- for the spontaneous submission by the User of Curriculum Vitae through the function of the “Work with us” Website.
This information is effective only with reference to the web portal http://www.blueit.it/, but not with reference to others Web portals o Website possibly consultable through the links therein, of which the Data Controller is in no way liable.
LEGAL BASIS OF TREATMENT
Except for what specified for navigation Data, your communication to the Data Controller of your personal Data has as a basis for the lawfulness of treatment the following legal bases:
- Art. 6, par. 1, letter b) of GDPR, concerning the performance of a contract of which the “Interested part” is a part or the execution of pre-contractual measures taken at the request of the same, for the purposes referred to in points a) and b).
- Art. 9, par. 2, letter a) of GDPR, concerning your explicit consent, for the purposes referred to in point b).
The provision of your personal data, possibly also belonging to particular categories pursuant to art. 9 of the GDPR, is necessary for the complete fulfillment of the purposes referred to in points a) and b) and, consequently, your refusal to provide the Data may result in the non-performance of the services and functions of the Website. In any case, the consent given by you may be revoked at any time, with immediate interruption of the company’s activities and services.
METHODS OF TREATMENT
The treatment of personal Data communicated by you is carried out by means of the operations indicated in art. 4 n. 2) of the GDPR, namely: “Collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of Data”.
The Personal Data communicated by You are subjected to automated treatment for the time strictly necessary to achieve the purposes for which they were collected, with technical and organizational methods adopted to prevent the loss of Data, illicit and / or incorrect use and unauthorized access, and such, therefore, to guarantee a level of security appropriate to the risk pursuant to art. 32 of the GDPR, by persons specifically authorized, in compliance with the provisions of art. 29 of the GDPR, or of employees and / or collaborators of the Data Controller in their capacity as authorized subjects and / or system administrators, who can carry out operations of consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of the law necessary to guarantee, inter alia, the confidentiality and security of the Data as well as the accuracy, updating and relevance of the Data in accordance with the stated purposes and methods.
It should be noted, in particular, that the personal Data you provide will be treated only at the headquarters of the Data Controller. The Data will not be disseminated, and, pursuant to art. 13, paragraph 1, lett. (e) may be treated only by authorized persons and / or by any external Data Controllers pursuant to art. 28 of the GDPR (in the case of individual professionals and / or complex professional associations), and / or by persons operating as independent Data Controllers, whose list is available at the Data Controller’s office and is provided following a written request from you the Interested person, and among which are explicitly listed hosting companies and / or technical personnel in charge of the management and / or maintenance of the Website, but only and exclusively for the purposes expressly and specifically indicated above.
DISTRIBUTION OF PERSONAL DATA
In relation to the purposes indicated above, the Data may be communicated to the following persons and / or categories of persons indicated below, or may be disclosed to companies and / or persons, who provide services, including external ones, on behalf of the Data Controller.
Among these people are indicated for greater clarity: professionals and consultants also in an associated form; persons that the company uses for the acquisition of commercial information related to contractual or pre-contractual requirements; companies, entities, external consortia, banks and credit institutions, non-bank financial intermediaries, insurance operators in compliance with regulatory limits; persons that carry out activities of control, revision and certification of the activities carried out by the company, possibly also in the customers’ interests; subjects providing services for the management of the information system and telecommunications networks (including e-mail and management of Web portals and Websites – cloud storage services – hosting); competent authorities and / or Supervisory Bodies for the fulfillment of legal obligations; accounting and tax consulting firm; labor consultants; companies and law firms for the protection of contractual rights; subjects that carry out checks, audits and certification of the activities carried out by the Data Controller who act as external data processors pursuant to art. 28 of the GDPR, or in complete autonomy as subjects distinct from the Data Controller.
This Website may share some of the Data collected with services located outside Italy and the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) also through the social plugin and the Google Analytics service. The transfer outside the EU is authorized on the basis of specific decisions of the European Union Commission and the Guarantor for the protection of personal data, in particular the decision 1250/2016 (Privacy Shield), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
In any case, in the event that extra-EU transfer of personal Data should be necessary, the Data Controller ensures that the data will be transferred in accordance with the applicable legal provisions and in particular in accordance with articles 44 – 45 – 46 – 47 – 48 and 49 of the GDPR.
PERIOD OF CONSERVATION OF PERSONAL DATA
We point out that, in compliance with the principles of lawfulness, limitation of purposes and the storage and minimization of Data, pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and traited, or for the entire duration of the fulfillment of the aforementioned purposes, and therefore, exhausted the purposes of the processing, your Data will be deleted from any physical and IT support.
With specific reference to the Curriculum Vitae, it should be noted that, if not corresponding to the profiles of interest of the Data Controller, they will be immediately canceled, whereas, if they are of potential current or future interest by the Data Controller, they will be kept for a maximum of 5 (five) years from receipt, term within which the Data Controller may carry out the evaluation of applications and selection of personnel; Once this specific purpose of the processing has been exhausted, in the event of a negative outcome of the selection process, its Data will be deleted from any physical and IT support..
AUTOMATED DECISION-MAKING PROCESSES AND PROFILING
The Data Controller informs You that, for the purposes of processing your personal Data, it does not make use of automated decision-making processes, those aimed at making decisions based solely on technological means based on predetermined criteria (without human involvement), or performing profiling, or the one aimed at using your personal Data to analyze or predict aspects of professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or travel etc.
RIGHTS OF THE DATA SUBJECT
Right of Access pursuant to art. 15 of the GDPR and Right of Rectification pursuant to art. 16 of the GDPR.
As interested person, pursuant to art. 15 of the GDPR, You have the right to obtain from the Controller Data confirmation of the existence or otherwise of the treatment of personal Data concerning you, to obtain access to them and to all the information referred to in the same art. 15, paragraph 1, letters from (a) to (h), by issuing a copy of the Data treated in a structured format, in common use, readable by an automatic and interoperable device.
You, pursuant to art. 16 of the GDPR, you also have the right to obtain from the Data Controller the rectification and/or integration of the Data being processed if they are out of date and/or inaccurate and/or incomplete.
Right of cancellation pursuant to art. 17 of the GDPR and Right to limit the processing pursuant to art. 18 of the GDPR.
As interested person, you have the right to obtain, without undue delay, from the Data Controller, exclusively in the cases referred to in art. 17, paragraph 1, letters from (a) to (f) of the GDPR, the deletion of data concerning them – with the exception of the cases specifically provided for by art. 17 paragraph 3.
As an interested party, pursuant to art. 18 paragraph 1, letters from (a) to (d), of the GDPR, you have the right to request and obtain from the Owner, the limitation of the treatment of your personal Data, or that such Data are not subject to further processing and can no longer be changed. The Data Controller ensures that the limitation of the treatment is implemented through appropriate technical devices that guarantee its inaccessibility and not modifiable.
Right to data portability pursuant to art. 20 of the GDPR .
As Interested person, You have the right to receive, pursuant to art. 20 of the GDPR, by the Data Controller of your personal Data, whose processing is carried out by automated means, in a structured format, commonly used and readable by automatic device, and also has the right to transmit such data to another owner of the processing, or obtaining from the Data Controller, where technically feasible, the direct transmission of such Data to another data controller specifically identified.
Right to object to processing pursuant to art. 21 of the GDPR .
You have the right to oppose at any time to the treatment of personal Data concerning You, for reasons related to your particular situation, in cases where the treatment of your Data is necessary (1) for carrying out a task of public interest and / or connected to the exercise of public authority for which the Data Controller is invested; (2) for the pursuit of a legitimate interest of the owner or of a third parties; (3) for profiling activities performed by the data controller on the basis of the previous points.
The Data Controller refrains from further processing personal Data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court.
You also have the right to object to the processing of your personal data for reasons related to your particular situation if they are processed for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, except in the case where the processing is necessary for carrying out a task in the public interest.
METHODS OF EXERCISING THE RIGHTS OF THE INTERESTED PART
You may exercise the rights listed above by request to be sent to the e-mail address email@example.com or by registered mail with the address “Via Santa Maria Valle 5, 20123 Milano (MI)”, at the c.a. of the Legal Manager, internal contact person in matters of privacy and protection of personal Data.
The Data Controller will confirm the receipt of your request and provide you with information on the action taken, with reference to the exercise of your rights under articles 15 to 22 of the GDPR, within 1 (one) month from receipt of the request. If necessary, and taking into account the complexity and the number of requests, the Data Controller may extend this term of 2 (two) months, subject to a reasoned communication to be sent within 1 (one) month from receipt of the request.
The Data Controller will communicate any correction, cancellation, limitation, opposition to all recipients, as identified by the art. 4, paragraph 1, n. 9 of the GDPR, to which such Data have been transmitted, unless this proves impossible and / or involves a disproportionate effort.
Following the sending of your request for rectification, cancellation, limitation, opposition, if the Data Controller has reasonable doubts about your identity will request further information to confirm it. These communications will be sent by email from firstname.lastname@example.org and will be treated by persons specifically authorized for the purpose.
In the event that the Data Controller fails to comply with your request within the period of 1 (one) month from receipt of the request, the latter will inform you of the reasons for the non-compliance, informing you from now on your right to propose a complaint to the Authority of Control (Guarantor for the Protection of Personal Data), as specified in accordance with art. 13, paragraph 2, letter (d) and governed by Articles 77 et seq. of the GDPR and 141 et seq. of Legislative Decree 196/2003, as amended by Legislative Decree n. 101/2018.