Privacy & Legal Notices
Information provided pursuant to Article 13 of EU Reg. 2016/679 (hereinafter GDPR) and Italian Legislative Decree 101/18
For SIET SPA, personal data represent a heritage of great value and an asset to be protected, by adopting procedures and behaviors aimed at guaranteeing their protection. Transparency towards data subjects therefore represents a primary objective, pursued through effective communication tools and aimed at making basic information on the processing of their data available to interlocutors. In this regard, this information page, created according to the requirements of the EU Reg. 2016/679 "General Data Protection Regulation", contains specific information referring to the following areas:
- General information
- Data processing connected to the functioning of this site;
- Data processing related to relations with candidates to establish an employment relationship;
- Data processing connected to contractual relationships established with current and potential customers and suppliers;
- Processing of data related to relations with visitors to the SIET SpA Company Headquarters;
- Update of the policy
1. General Information
The interested parties are informed (ex. Art.4, c.1 of the GDPR) of the following general profiles, valid for all areas of processing:
- all data is processed in a lawful, correct and transparent manner in relation to the interested party, in compliance with the general principles established by Article 5 of the GDPR;
specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
References and rights of the interested parties
The Data Controller is the undersigned Company, in the person of its pro-tempore legal representative;
the Company has appointed a Data Protection Officer/Data Protection Officer, who can be contacted to exercise all the rights provided for by articles 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), as well as revoke a previously granted consent; in case of failure to respond to their requests, the interested parties can lodge a complaint with the Supervisory Authority for the protection of personal data (GDPR - Article 13, paragraph 2, letter d).
DPO: Galli Data Service Srl, contact person Dr. Inzani Claudio – +39-0523/497066 – [email protected]
OWNER: SIET SPA Tel. +39 0523 329011 Fax +39 0523 329010 - Email: [email protected]
Rights of the interested parties
- right to request the presence and access to personal data concerning him (Article 15 "Right of access")
- right to obtain the rectification/integration of inaccurate or incomplete data (Article 16 "Right of rectification")
- right to obtain, if there are justified reasons, the cancellation of data (Article 17 "Right to cancellation")
- right to obtain limitation of treatment (Article 18 "Right to limitation")
- right to receive data concerning him in a structured format (Article 20 "Right to portability)
- right to oppose the processing and automated decision-making processes, including profiling (Art.21, 22)
- right to revoke a previously given consent;
- right to submit, in the event of no response, a complaint to the Data Protection Authority.
1) DATA PROCESSING CONNECTED TO THE FUNCTIONING OF THIS SITE
1.1) Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
Purpose and legal basis of the processing
(GDPR-Art.13, paragraph 1, letter c) These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site (legitimate interests of the owner).
(GDPR-Art.13, paragraph 1, lett.e,f) The data may be processed exclusively by internal personnel, duly authorized and instructed in the treatment (GDPR-Art.29) or by any persons in charge of maintaining the web platform ( appointed in this case external managers) and will not be communicated to other subjects, disseminated or transferred to non-EU countries (unless subject to compliance with the provisions of chapter V of the GDPR). Only in the event of an investigation can they be made available to the competent authorities.
Data retention period
(GDPR-Art.13, paragraph 2, letter a) The data are normally kept for short periods of time, with the exception of any extensions connected to investigation activities.
(GDPR-Art.13, paragraph 2, letter f) The data are not provided by the interested party but automatically acquired by the site's technological systems.
1.3) Site-Specific Features
Some pages of the site could involve a request for information from the navigator in relation to specific services (eg: request information, user registration, work with us, reserved area, etc.).
Purpose and legal basis of the processing
(GDPR-Art.13, paragraph 1, letter c) Only the data necessary for the correct provision of the service and necessary to give a correct and exhaustive response to the interested parties will be requested. The treatment is subject to the acceptance of specific, free and informed consent (GDPR-Art.6, comma1, lett.a).
(GDPR-Art.13, paragraph 1, lett.e,f) The data are processed exclusively by duly authorized and trained personnel (GDPR-Art.29) or by any persons in charge of maintaining the web platform (appointed in this case of external managers). The data will not be disclosed or transferred to non-EU countries (unless subject to compliance with the provisions of chapter V of the GDPR).
Data retention period
(GDPR-Art.13, paragraph 2, letter a) The data are kept for times compatible with the purpose of the collection.
(GDPR-Art.13, paragraph 2, letter f) The provision of data referring to the mandatory fields is necessary in order to obtain an answer, while any optional fields are aimed at providing the staff with further elements useful for facilitating contact.
1.4) Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic and/or ordinary mail to the addresses indicated on this site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
1.5) Application for recording site user behavior
This site is equipped with an "application" software similar to cookies, capable of recording certain navigation data, including the pages visited, the time and length of stay. Only in some cases, defined below, can such data be associated with an identifiable subject:
- navigation via static IP, registered in public domain lists the technology in question does not detect any personal data of the actual site visitor, but simply provides the holder of the public static IP, typically the company to which the provider has assigned the 'IP (therefore a purely corporate and anonymous data);
- browsing through a registered user: the user is provided with suitable information and specific consent is requested when registering on this site;
- navigation via social profile: the user is provided with suitable information and specific consent is requested when registering on the social.
The data is used by the Data Controller in order to improve its online presence, analyzing its Return on Investment and supporting any strategic marketing actions.
The data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected (typically data relating to the last 3 months of navigation are kept).
Visitors to sites on which this application is installed are assigned a technical identifier, browser cookies track the pages and products viewed by the visitor. the application is also able to define whether the visitor comes from a newsletter or is registered on the website: only in this case, and with the specific informed consent of the user at the time of registration, the data collected may be associated with the registered phisycal person.
Collection and use of data
The application collects data with the aim of studying the behavior of users of a website or a newsletter to try to improve the user experience and in general the quality of the site and the services offered.
To do this, it collects navigation data through public IPs, cookies and equivalent technical identifiers. These identifiers are stored in the user's browser cookies.
The data is never associated with sensitive categories such as race, religion, sexual orientation or health. We may combine personal information from a registration with data from the public IP holder
A separate database records data related to the user's activity on the website, the number of pages viewed, which products he visited, for how long and his geographical origin.
Only if the user is registered on the website or has given his consent to receive the newsletter, his e-mail address and name are associated with his behaviors.
2) PROCESSING OF DATA RELATED TO RELATIONSHIPS WITH CANDIDATES TO ESTABLISH AN EMPLOYMENT RELATIONSHIP
The page allows the interested party to propose their professional candidacy for a job at the Company. Identification data and contact details are requested, as well as the candidate's curriculum vitae.
Purpose and legal basis of the processing
(GDPR-Art.13, paragraph 1, letter c) The data are acquired for the correct management of personnel selection procedures. evaluation of the requests as well as for the following responses. The sending of the request is subject to specific, free and informed consent (GDPR-Art.6, comma1, lett.a). At the time of hiring, the candidate will receive regular information related to the established professional relationship.
(GDPR-Art.13, comma 1, lett.e,f) The data are processed exclusively by duly authorized and trained personnel (GDPR-Art.29). The data will not be disclosed or transferred to non-EU countries.
Data retention period
(GDPR-Art.13, paragraph 2, letter a) The data are kept for times compatible with the purpose of the collection
(GDPR-Art.13, paragraph 2, letter f) The provision of data referring to the mandatory fields is necessary in order to be able to submit your application.
If the sender sends his/her curriculum vitae to submit his/her professional application, he remains solely responsible for the pertinence and accuracy of the data sent. It should be noted that any curriculum without authorization to process data will be immediately deleted.
3) PROCESSING OF DATA CONNECTED TO RELATIONSHIPS ESTABLISHED WITH CUSTOMERS, SUPPLIERS AND POTENTIAL CUSTOMERS
3.1 Object of the treatment
The Company processes personal identification data of customers/suppliers or potential customers (for example, name, surname, company name, personal/fiscal data, address, telephone, e-mail, bank and payment references) and their operational contacts (name surname and contact details) acquired and used in the context of the provision of the services provided.
3.2 Purpose and legal basis of the processing
The data is processed for:
- conclude contractual/professional relationships;
- fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order from the Authority;
- exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; ordinary internal operational, managerial and accounting needs).
Failure to provide the aforementioned data, even if legitimate, will make it impossible to establish the relationship with the Data Controller. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If you intend to carry out treatments for different purposes, a specific consent will be requested from the interested parties; companies subscribed to the newsletter service, subject to express consent, regularly receive the technical and/or commercial information of their interest; it is also envisaged that acquired customers receive information of a technical and/or commercial nature pertinent to the services acquired (soft spam); as required by law, it is in any case always possible to unsubscribe from the newsletter by clicking on the appropriate button inside the messages.
3.3 Processing methods
The processing of personal data is carried out by means of the operations indicated in the Art. 4 no. 2) of the GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data is subjected to both paper and electronic and/or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.
3.4 Scope of processing
The data is processed by duly authorized and trained internal subjects pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects who operate as independent data processors or data controllers (consultants, technicians, banks, carriers, etc.).
4) TREATMENT OF DATA CONNECTED TO RELATIONSHIPS ESTABLISHED WITH VISITORS
4.1 Object, purpose and legal basis of the processing
SIET informs you that the SIET area is under video surveillance, therefore the images will be treated for personal safety and protection of company assets.
4.2 Processing methods
The images are recorded and stored by continuous recording on a fixed medium. Their conservation for a longer period than that permitted will take place only in the event of crimes having occurred and/or there are investigations by the judicial or police authorities. In the absence of notification or complaint, the recorded images will be canceled by overwriting. The images will not be disseminated.
4.3 Scope of processing
Data processing is performed through IT procedures and images are viewed exclusively by persons specifically appointed by the Company. The external company that offers the maintenance service of the video surveillance system will also have access to the displayed images, while the recorded images will be able to be accessed by the police and the competent authorities. The images taken will not be communicated to other subjects or disseminated.
The interested parties captured by the video cameras can exercise the rights provided by the articles 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), at the headquarters of the Data Controller.
In the same way, you will be able to get to know the complete list of subjects appointed as Data Processors.
5) UPDATE OF THE POLICY
It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. The interested party is therefore invited to periodically consult this policy.