Information Notice pursuant to art. 13 Regulation (EU) 2016/679 on 27th April 2016
According to the European Regulation nr. 2016/679 (“GDPR”) any person who carries out personal data processing is required to inform the data subject (i.e. the person whom data belong to) on some elements qualifying data processing, which must be carried out with fairness, lawfulness and transparency, protecting the confidentiality and rights of the data subject.
GENERAL PRINCIPLES OF DATA PROCESSING
Data processing will be performed through collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction and will be carried out by the data controller, data processor and persons authorized to process data.Personal Data will be processed lawfully, fairly and in a transparent manner; will be collected for specified, explicit and legitimate purposes and processed in a manner that is not incompatible with such purposes; they will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, accurate and up-to-date; they will be processed with the utmost confidentiality, mainly with electronic and automated means, and stored both electronically and on paper, and on any other type of suitable means, in accordance with the principles of the General Data Protection Regulation, the requirements given by the supervisory authority and, in any case, in such a way as to ensure adequate level of security, including protection, with adequate technical and organizational measures, from non-authorized or unlawful processing, or even accidental loss. Data will be stored in a manner that permits the identification of the data subjects for the extent strictly necessary to the achievement of the purposes for which they were processed.
SeQure undertakes the responsibility to observe specific security measures in order to prevent data loss, illegitimate or unfair use and unauthorized access, in full compliance with statutory and regulatory provisions.
The personal data voluntarily provided by yourself (both by email and other means of communication, or by spontaneous sending of your curriculum vitae through the website at the time of your application), will be stored in seQure’s database exclusively for the purposes specified above and for the time required by the relevant legislation.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
Data Controller is seQure S.r.l., a sole shareholder company, with registered office in Verona, Via Roveggia n. 122, VAT Number 04481490235.
For the purposes of exercising the rights provided for in the GDPR, and for any request relating to your personal data, you may contact the Data Controller by sending a communication to the following e-mail address: firstname.lastname@example.org
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
SeQure S.r.l., a sole shareholder company, has appointed as Data Protection Officer (DPO) Avv. Simone Baggio, whose office is in Bassano del Grappa (Vicenza) – Italy, Via Mure del Bastion, 38, email address: email@example.com.
PURPOSES AND LEGAL BASIS OF DATA PROCESSING
We hereby inform you that the personal data voluntarily provided by yourself will be processed by seQure S.r.l., as Data Controller, in order to answer your requests and for promotional purposes. Particularly, with regard to promotional activity, your personal data will be processed for:
- Marketing Activities (direct sale, sending of advertising material, market research, commercial communication);
- Communication of data to third parties for marketing purposes.
Data processing for marketing purposes is not allowed unless previously permitted by the data subject pursuant to art. 6, lett. a) of the European Regulation nr. 2016/679; data processing aimed at performing specific requests of the data subject is lawful and in accordance with art. 6, lett. b) of the European Regulation nr. 2016/679 since it is aimed at implementing pre-contractual measures upon request of the data subject.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
It is hereby specified that the third parties to whom personal data are provided for the aforementioned purposes are represented by companies belonging to the PM Holding S.r.l. Group, and namely: PM Holding S.r.l., with registered office in Verona (Italy), Via Roveggia n. 122; CROS NT S.r.l., with registered office in Verona (Italy), via Germania n. 2; seQure S.r.l., with registered office in Verona (Italy), via Roveggia n. 122. The Information Notice on data processing carried out by the companies listed above can be found at the following links: pmholding.it; crosnt.com; arithmostech.com.
Personal data acquired by the undersigned company are not subject to dissemination. These data may be communicated within the company and be known by the persons tasked with data processing and appointed as data processors by seQure S.r.l.
For the purposes of maintenance of this website, seQure S.r.l. may use third parties, who therefore may have access to your data. However, these individuals will be appointed as Data Processors or authorized persons tasked with data processing, and will receive adequate operating instructions, particularly in relation to the adoption of minimum security measures.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
seQure S.r.l. is going to transfer your personal data for the purposes specified to Cros NT LLC, with registered office in 1340, Environ Way, 3rd Floor, Chapel Hill (USA), by adopting data protection clauses set forth by the European Commission.
For the purposes specified, seQure S.r.l. uses the platform Saleforce, which is managed by the company salesforce.com Italy S.r.l., with registered office at Via Copernico n. 36-42, 20125 Milano, Italia.
PERIOD OF STORAGE OF PERSONAL DATA
Personal data provided will be processed by the undersigned company for the purposes previously specified; they will be stored for the time necessary to achieve the aforementioned purposes, and in any case until the data subject withdraws the consent to data processing.
RIGHTS GRANTED TO THE DATA SUBJECT
Data Subjects are entitled to obtain access to personal data from the Data Controller, for free and without any limitation to third parties’ rights and freedoms. Particularly, they have the right to receive confirmation of whether or not their own personal data are being processed, and to receive the following information: a) the origin of the personal data, in case they were not collected from the data subject; b) the categories of personal data; c) the purpose and modality of treatment; d) the existence of an automated process, profiling included, and in that case the logic applied, the importance and any expected consequence of such processing for the data subject; e) updating or rectification; f) the deletion or limitation of the processing of their data (anonymization, blocking of unlawful data processing, including those whose storage is not required in relation to the purposes for which they were collected or then processed); g) the recipients or the categories of recipients to whom personal data have been or will be communicated, especially if they belong to international organizations or third countries (in the latter case, the data subject has the right to be informed of the existence of adequate guarantees pursuant to article 46 relating to data transfer); h) when possible, the expected period of storage of personal data or, in case it is not possible, the criteria used in order to determine such period.
Data Subjects have the right to withdraw their consent to data processing and to oppose data processing. Anyhow, the withdrawal of consent to data processing shall not affect the lawfulness of data processing based on the consent given before its withdrawal.
Data subjects also have the right to data portability.
RIGHT TO LODGE A COMPLAINT
Data subjects have the right to lodge a complaint to the Supervisory Authority, which is represented in Italy by the Data Protection Authority, with its headquarters in Rome, Piazza Monte Citorio, 121.
MANDATORY OR OPTIONAL NATURE OF DATA COMMUNICATION
The communication of your personal data is optional. The refusal to communicate them will prevent the company from pursuing the purposes specified in this information notice.
EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
The undersigned company does not use any automated decision-making process.