INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to article 13 of Regulation (EU) 2016/679
A. DATA CONTROLLER
(Identity and contact details)
The data controller is COCIF – Società Cooperativa (VAT: 00124220401), with registered office in Longiano (FC), Italy, Via Ponte Ospedaletto n. 1560, tel: +39 0547-56144, fax: +39 0547-54094, e-mail: firstname.lastname@example.org, certified email address: email@example.com. (hereinafter referred to as “Cocif” or “Holder”).
B. PURPOSES OF THE PROCESSING, TYPES OF DATA PROCESSED AND STORAGE PERIOD
- Navigation data
The computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit in the navigation of the websites. These data are not gathered for association with identified subjects, but by their very nature, when processed or associated with data held by third parties, they might allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who log onto the Website, the URL addresses of the resources requested, the time of the request, the method used when submitting the request to the server, the size of the file obtained in reply, the numerical code indicating the server’s response status and other parameters relating to the user’s operating system and platform.
- Data supplied by the user
The optional, explicit and voluntary communications via contact forms or through e-mail addresses listed on this Site, entails the subsequent acquisition of the personal data and information supplied by the user, and gives consent to receive any response messages to his/her requests. Personal data supplied by users which forward requests for delivery of informational material are only utilized in order to implement the requested service and are communicated to third parties if this becomes necessary for this purpose (refer to the chapter “option of data transfer”). In order to deal properly with a request, it is necessary that users enter data in the fields marked as “mandatory”; otherwise, it will not be possible to proceed with its processing. The following information must be provided: name, email, country and qualification (for example, designer, dealer or private). In fact, this information is necessary to enable the Data Controller to better manage the request sent by the user and provide a timely and complete response.
Conversely, failure to provide the data marked as “optional”, will have no consequences on the ticket management.
The data are stored for the period necessary to process the request and in compliance with current laws and regulations.
- Data supplied voluntarily by the user
(Applications regarding job positions at Cocif – “Work with us” Service)
Each Data Subject may voluntarily provide their personal data to Cocif in order to submit their application for open positions, using the appropriate form on the Site and thus authorising the Data Controller to process their personal data for the above purpose.
The provision of data is required only for the submission of its application and is therefore left to the will of the individual candidate. Please note, any refusal will make it impossible to use the service, without further consequences.
The consent to the treatment is not necessary, according to Art. 111a of Italian Legislative Decree No. 196/2003 (so-called Privacy Code, as last amended by Italian Legislative Decree No. 101/2018), when the processing concerns data contained in the curricula spontaneously sent by candidates for the eventual establishment of the employment relationship/partnership. This is also the case for data which are included in the particular categories provided by Art. 9 GDPR (assuming that the data in question is known in the light of the establishing working relationship, with particular reference to the possible affiliation of the candidate to protected categories or the need to carry out pre-hire medical examinations, as provided by Article 9, paragraph 2, letter b) of GDPR). By the time of the interview, the Data Subject will be given all the information on the processing of personal data, pursuant to Art. 13 of GDPR.
The erasure of data sent by the user, is automatically performed as soon as 12 months have passed or upon request sent by the Data Subject to the Data Controller, using the contact details provided in section A (“Data Controller”).
To those who request it, Newsletters are distributed via e-mail, automatically and free of charge. Users can receive this service by filling out the form on the Site. To subscribe to the newsletter service, in addition to the e-mail address to which to send the relevant communications, it is mandatory to provide the following data: country and occupation (for example, designer, reseller or private individual). This information is necessary for the service to be correctly provided by the Data Controller and for the communications and updates received to be adequate and of interest to the user.
The data provided will be used with IT and electronic tools for the sole purpose of providing the requested service and, for this reason, will be kept exclusively for the period in which it will be active. To stop receiving newsletters, simply select the “cancel my subscription” link in each e-mail received, or send a specific request to firstname.lastname@example.org
Erasure is handled automatically, so further newsletters may be received for a period subsequent to this request, but no later than 72 hours from the request for erasure, and whose sending was planned before receipt of the request for erasure.
- Cookies and other tracking systems
Technical, analytical and profiling cookies are used on the Site. Data will be processed for the following purposes:
• allow the technical operation of the Site;
• carry out aggregate analysis on anonymised data;
• create Custom Audience on Facebook Advertising Platform (Facebook Ads) in order to show targeted advertisements;
• create Customer List (Customer Match) on Google advertising platform (Google Ads) in order to show targeted advertisements.
C. LEGAL BASIS OF THE PROCESSING
The legal basis is:
- for paragraph B.1, Navigation data, the legitimate interest of the Data Controller in the proper functioning of the Site and the improvement of the services provided;
- for paragraph B.2, Data communicated by the user, the provision of services requested by the Data Subject;
- for paragraph B.3, Data voluntarily provided by the user (applications for positions at Cocif – Service “Work with us”), the execution of a pre-contractual measure;
- for paragraph B.4, Newsletter, the consent of the Data Subject;
D. RECIPIENTS OF THE DATA
The personal data collected are processed by the subjects authorised by the Data Controller, who act on the basis of specific instructions provided in order to purposes and methods of treatment.
In addition, the subjects designated as data processors by the Data Controller to provide the services under its responsibility, may be recipients of the data collected as a result of consultation of the Site. The relevant list can be requested from the Data Controller using the contact data referred to in point A (“Data Controller”).
In particular, pursuant to Art. 13, par. 1, letter f) of GDPR, users are informed that for the provision of the newsletter service (point B.4), the Data Controller makes use of The Rocket Science Group LLC d/b/a Mailchimp, with headquarters in 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA, which participates in the EU-U.S. Privacy Shield Framework and thus ensures an adequate level of protection of personal data processed in accordance with European regulations.
A list of subjects who have adhered to the Privacy Shield is available at the following link: https://www.privacyshield.gov/list.
For further information, please refer to https://mailchimp.com/legal/privacy/; in addition, you can contact the Data Controller (contact details indicated in point A above) or the Mailchimp Data Protection Officer (email@example.com).
E. RIGHTS OF DATA SUBJECTS
In relation to personal data and in accordance with the provisions of the GDPR, the Data Subject has the right to request:
- access to the data;
- rectification of any errors in our data bases;
- erasure of data where they are held without legal grounds;
- the limitation of data processing;
- the portability of the data.
The following table illustrate in detail how to exercise rights:
||HOW CAN YOU PRACTICE IT?
By sending an email to firstname.lastname@example.org, you can ask to:
- Ask for confirmation of any processing of personal data;
- Receive a copy of the data;
- Provide you with other personal data that is not already included in this policy.
||By sending an email to email@example.com, you can ask the correction of personal data is inaccurate or incomplete.
Before proceeding with the correction, we will verify the accuracy of the data in our files.
Right to be forgotten
By sending an e-mail to firstname.lastname@example.org, you can request the erasure of personal data, but only in the event that:
- Their permanence is no longer necessary in relation to the purposes for which they were collected;
- Previous consent given has been revoked (where processing is based on consent)
- The treatment was carried out unlawfully;
- It is necessary to comply with a legal obligation to which Cocif is subject (in relation to an order from an Authority).
By sending an email to email@example.com, you may ask to limit the personal data processed, but only in the event that:
- Their accuracy has already been challenged;
- Are no longer necessary for the purposes for which they were collected, but there is a legal dispute about their use;
However,following a request for limitation by the Data Subject, the use of his or her personal data is permitted when:
- However, your consent remains;
- It is necessary to exert or resist legal action;
- In order to protect the rights of another natural or legal person involved in the processing.
||By sending an email to firstname.lastname@example.org, you can request a copy of the personal data processed by the Data Controller in a format that is structured, readable and commonly used.
The rights may be exercised by contacting the Data Controller using the contact details in section A (“Data Controller”).
F. RIGHT OF COMPLAINT
Interested parties who believe that the processing of their personal data through this Site is in violation of the provisions of the Regulation have the right to submit a complaint to the national authority responsible for the protection of personal data or to bring an action before the appropriate courts (as provided for in Articles. 78 and 79 of the Regulation). In Italy, the competent authority is the Guarantor for the protection of personal data, whose contact details are available at https://www.garanteprivacy.it/