1. Data Controller
2. Purposes of the data processing
3. Nature of data provision
4. Categories of data processed
5. How are processed the data?
6. To whom can the collected data be disclosed?
7. Which are the data subject’s rights?
8. Right to withdraw consent and to object
1. DATA CONTROLLER
1. The Controller of the processing of personal data of the users is Fortech S.r.l. (VAT N.: 03618500403), with registered offices in Rimini (RN); Via Rigoletto n. 4, 47922, tel.: 0541/364611, fax: 0541/753013, E-mail: firstname.lastname@example.org; P.E.C.: email@example.com (hereinafter referred to as “the Controller” or “the Company”).
2. PURPOSES AND METHODS OF DATA PROCESSING
1. By accessing and visiting this Website, as well as receiving the services offered to users through the Site, information concerning the user as an identified or identifiable natural person can be collected and processed. In the event that personal data are acquired, they will be processed in compliance with the current legislation on the personal data protection and only to meet the following purposes:
a) purposes strictly related and instrumental to allow the user to access and use the Site, its features and the services required;
b) to comply with any obligation provided for by law and European legislation;
c) for internal operational and management purposes relating to the services offered through the Website;
d) for statistical purposes, in a completely anonymised and aggregate form;
e) to evaluate the job applications submitted by users with regard to the job offers posted by the Company;
f) sending newsletters.
2.In cases where explicit and voluntary consent has been provided, the data of the users of the Website collected for the aforementioned purposes may also be processed for other purposes, provided that an express and explicit consent of the user will be acquired for each further processing of data. In this way, the users’ data collected can only be used if the user freely and clearly consents to each further processing of data.
3. NATURE OF DATA PROVISION
1. The provision of personal data is mandatory for the purposes referred to in Article 2, paragraph 1, as the legal basis of the processing is the performance of the services required by the user, or the use of the Site or any additional service made available through the Site that may be expressly required (as for the newsletter service and the job applications). Any failure to provide such consent will therefore prevent the performance of the services required; however, it will be possible to visit the Site without providing any personal data, even if some features may not be available and some services not provided.
2. In particular, the consequences of failure to provide personal data will always made explicit and strictly related to each service: for example, any refusal of consent to a given processing may prevent the consultation of the Site and the use of its features (as for the cookies) or the receipt of the newsletter (in the case of the newsletter service offer). Therefore, the user will be adequately informed for each specific case; anyway, it will be possible to consult the Website even denying consent to the processing of personal data, when required; in this case, some features may not be available.
4. CATEGORIES OF DATA PROCESSED
Different types of personal data may be processed and treated differently, depending on the services rendered.
4.1 Navigation data
The information systems and software procedures used to the operation of this web site acquire personal data as part of their standard functioning. Such information is not collected in order to relate it to identifiable data subjects, however, it may allow User identification after being processed and matched with data held by third parties.
This data category includes the: IP addresses or names of computer domains used by visitors who access the website; URI (Uniform Resource Identifier) addresses of the requested resources; time of request; method used to submit the request to the server; size of the file obtained in response; numerical code indicating the status of the response from the server and other details relating to the operating system and the information environment of Users. This data is used only to obtain anonymous statistical information about the website and to check its correct functioning, and is deleted immediately after processing. This data may also be used to ascertain responsibility in the case of possible computer crimes against the website. Excepting this, data on web contacts is not stored for more than seven days. As for cookies, please refer to paragraph 4.4.
4.2.1 Data supplied voluntarily by the User (messages)
The voluntary and explicit sending of communications by means of contact forms supplied by the site or by e-mail emails to the contact addresses on this website will entail the subsequent acquisition of the sender’s data, including his e-mail address, and the consent to receive replies to his request.
The personal data provided herein are used solely for the purpose of responding to the submitted requests and are disclosed to third parties only if this is necessary for that purpose. The data will be stored for the times prescribed by law.
4.2.2 Data supplied voluntarily by the User (advertising materials and/or quotes)
Users can voluntarily provide personal information to Fortech S.r.l in the context of a service they requested by them. Such provided data may be used to send e-mail communications relating to services similar to those previously required by the user, pursuant to art. 130, paragraph 4 of the Italian Legislative Decree n. 196/2003, without the need for express and prior consent (so-called soft spam). Each message includes a notice that its recipient can at any moment revoke his/her consent without formalities to such processing of personal data. Data subject can request the Data Controller to delete or anonymize his/her personal information.
4.2.3 Data supplied voluntarily by the User (applications regarding open job positions at the Company)
Users can voluntarily provide personal information to Fortech S.r.l. in order to submit their application for open job positions at the Company, by sending a specific communication to the e-mail address firstname.lastname@example.org and authorizing the Company to process their personal data for the aforementioned purpose.
Consent: the provision of data is mandatory only for the purpose of submitting an application for a job position; therefore, the sending of his/her own curriculum vitae is left to the candidate’s will and any failure to provide such consent will prevent to use the service, without further consequences. The user is not obliged to provide his/her consent to the processing, pursuant to art. 9, paragraph 2, letter b) of the GDPR, when it concerns data contained in the curricula spontaneously transmitted. Likewise, consent is not necessary, pursuant to art. 26, paragraph 3, letter b-I) of the Italian Legislative Decree no. 196/2003 (c.d. Privacy Code) for any sensitive data spontaneously provided by the candidate. If the data subject will be called for an interview, at that time his/her specific consent for the processing of data will be acquired.
Purpose: the personal data, potentially including also sensitive data, directly provided by the data subject are processed and used to perform the user’s request and, more precisely, to examine whether the conditions for hiring and/or starting a working partnership are met.
Type of personal data: the candidate will not be required to provide “special categories of personal data” as referred to in art. 9 of the GDPR or data revealing the user’s state of health, unless such data is needed for establishing a working relationship, with particular reference to any preliminary medical examinations and/or the data revealing that the user belongs to sheltered groups.
Storage period: the data will be stored by the Data Controller for the time strictly necessary to achieve the purposes for which they were collected, except for the possible establishment of a working relationship.
Erasure of personal data: to request the erasure of the user’s data sent by him/her by e-mail the candidate can only send a request to the Data Controller, at the addresses indicated above. The erasure could be managed automatically, so that the candidate could receive further communications whose submission had been planned before the reception of his cancellation request, for no longer than 72 hours.
The Company’s newsletter is sent by e-mail to those who explicitly request it, by filling out the appropriate form on the Website and authorizing the Data Controller to process their personal data for the aforementioned purpose.
Consent: The provision of data is mandatory only for the purpose of receiving the newsletter and any failure to provide it will prevent to use the service, without further consequences.
Purpose: The personal data provided by users will be processed only for the purpose to send the newsletter and will not be disclosed to third parties.
Modalities: The data collected will be processed with IT tools and/or automated means; specific security measures are adopted in order to prevent loss, unlawful use or to prevent unauthorized access to the Site.
Removal from the service: in order to stop receiving the newsletter, simply select the link for removal at the end of each e-mail or send a specific request to the e-mail address email@example.com.
The erasure could be managed automatically, so that further newsletters whose submission had been planned before the reception of his cancellation request may be received for a period subsequent to such request, in any case for no longer than 72 hours.
4.4 Cookie (for more details see cookies policy)
What is a cookie? Cookies are information stored by the browser when you visit a Web Site using a PC, smartphone or tablet. Each cookie contains several pieces of data (e.g. the name of the server from which it originates, a numeric identifier, etc.). Cookies can remain in the system for the duration of a session (until the closing of the browser), or for long periods, and may contain a unique identifier.
What are they used for? Cookies are used for different purposes, depending on their type: some are strictly necessary for the correct function of the Web Site (technical cookies), whereas others optimise performance in order to provide the User with a better experience while they are visiting the Web Site. In addition, cookies allow Web Site usage statistics to be obtained, such as cookies analytics; others are for the purpose of displaying advertisements (in some cases advertisements are targeted based on cookie profiling).
How can you disable them? You can disable cookies either through your browser settings (paragraph 4.4 “How to disable cookies?”), or through the mechanisms made available by a third party (paragraph 4.3 “Specific types of cookies used on the site”).
4.4.2 General types of cookies used on the Web Site
Technical cookies (first party): these are essential for the proper operation of this Web Site.
Analytics cookies (third-party): are used to create User profiles in order to send advertising messages in accordance with the preferences expressed by the User during the browsing, by using a third-party service.
4.4.3 Specific types of cookies used on this Web Site
First party cookies: only technical cookies are used and only for the purpose to store User’s consent (duration: 12 months);
4.4.4 How to disable cookies?
Control via browser: The browsers commonly used (e.g. Internet Explorer, Firefox, Chrome, Safari) accept cookies by default, but this setting can be changed by the User at any time. This applies to both PCs and mobile devices like tablets and smartphones, and it is a function generally and widely supported.
Therefore, cookies can easily be disabled or turned off by accessing the browser’s options or preferences, and in general third-party cookies can also be blocked. As a general rule, these options will only have an impact on that browser and on that device, unless there are active options to synchronize the preferences on different devices. Specific instructions can be found on the Options page or Help page of the browser itself. Disabling technical cookies, however, may affect the full and/ or proper functioning of different sites, including this one.
Normally, browsers used today:
Below are links to the support pages for the most popular browser (with instructions on how to disable cookies on these browsers):
Internet Explorer (http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11);
Safari (iOS)( https://support.apple.com/it-it/HT201265 );
Chrome (desktop: https://support.google.com/chrome/answer/95647?hl=it; Android e iOS https://support.google.com/chrome/answer/2392971?hl=it).
Third-party cookies: these may be disabled either using the methods described above, or by referring to each third party (following the links listed in the previous paragraph).
On-line tools: You may note that from http://www.youronlinechoices.com/ you can not only learn more about cookies, but also check the installation of numerous cookies on your browser and/or device and, if supported, also disable them.
5. HOW THE DATA ARE PROCESSED
1. Data will be managed lawfully and used only for the aforementioned purposes. It will be processed using suitable means to guarantee its security and confidentiality, using the most appropriate means (hard copy or electronic) to store, manage and transmit the data. This data will be retained for the period stipulated under the relevant law.
6. TO WHOM CAN THE COLLECTED DATA BE DISCLOSED?
1. The processing operations related to the web services of this Site take place at the Data Controller’s premises and are only handled by internal and/or external technical staff specifically delegated for processing. In particular, where necessary and only with prior consent, the data may be disclosed to third parties whose collaboration is needed for the performance of the services offered. The data collected via the web, or in any case arising from web services, may be disclosed to the technological and instrumental partners who cooperates with the Data Controller to provide the services required by users, always in compliance with the purposes set forth in article 2. To this purpose, the subjects who will have access to personal data will be specifically authorized for processing by the Data Controller and, if due, appointed as Data Processors, pursuant to Articles 28 and 29 of the GDPR.
2. The data collected for the aforementioned purposes may also be disclosed to subjects authorized under the relevant legislation.
3. A list of the subjects to whom the Data Controller discloses the personal data collected for the aforementioned purposes is available and can be consulted at the Data Controller’s office and can be requested at the addresses indicated above.
7. WHICH ARE THE DATA SUBJECT’S RIGHTS?
1. The interested party is the natural person, identified or identifiable, to whom the personal data processed relates and, therefore, the user who accesses the Site and who, if necessary, requests the provision of services by the Data Controller.
2. Each data subject have the right of access at any time to personal data which have been collected concerning him or her (right of access) in order to be aware of, and verify, the lawfulness of the processing. The data subject is also entitled to exercise all the existing rights pursuant to the current national and European legislation on the personal data protection (set forth in the Italian Legislative Decree n. 196/2003 and the EU Regulation No. 2016/679 and subsequent amendments and additions): in particular, he/her may request at any time the rectification and updating of incorrect or inaccurate data, the limitation of the processing and the erasure of the same (right to be forgotten), as well as lodging a complaint to the Data Protection Supervisory Authority .
3. With reference to personal data processed by automated means, the data subject may also receive data concerning him or her in a structured, commonly used, machine-readable and interoperable format, and to transmit them to another data controller (right to data portability).
8. RIGHT TO WITHDRAW CONSENT AND TO OBJECT
1. Each data subject has also the right to withdraw his or her consent at any time, without prejudice to the lawfulness of the processing based on consent before its withdrawal.
2. The data subject is also always entitled to object to the processing of any data concerning him or her if it was carried out for direct marketing purposes by the Data Controller; in this case, his/her data will no longer be processed for these purposes (right of objection).