Pursuant to art. 13 of EU Regulation 2016/679 on the protection of personal data
Thank you for visiting our website. Hereunder you will find all the information you need to understand the purposes and methods of processing your personal data as well as all other information required by article 13 of EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”).
1. Identity and contact data of Data Controller
The Data Controller is COMETAL S.R.L., with registered offices in Via Bertole, 29 – 12077 Monesiglio (CN), in the person of its Legal Representative. VAT no.: 02348690047. Telephone: (+39) 0174 900507, email: email@example.com
2. Type of processed data, legal basis and purposes of processing, period of data retention
2.1 Browsing data
It is possible to access the website without being asked to provide any personal data. However, the computer systems and software used to operate the website do acquire, during their normal operation, some personal data the sending of which is implicit in the use of Internet communication protocols (IP address, browser type and parameters of the device used to connect to the website, name of the Internet service provider, date and time of visit, web page of origin of the visitor and exit, etc. ...).
Such information is not collected for the purpose of associating it with users but, due to its very nature, could, through processing and association with data held by third parties, allow user identification.
Cometal S.r.l. processes such data in order to monitor the technical operation and performance of the website, to obtain anonymous statistical information on the use of the website (such as, in particular, the number of accesses), and to understand how to improve the services and ensure their evolution. These data, which are therefore necessary to ensure the operation of the website, are erased a few hours after processing.
The legal basis for the processing of such data is the legitimate interest of the Data Controller (art. 6(1)(f) GDPR) in ensuring the smooth operation of the website and secure browsing.
- Data collected by means of contact form (“Contacts”)
You will not be asked for health data and, in general, special categories of personal data referred to in article 9 of the GDPR. The data provided will be processed and stored for the time strictly necessary to answer your queries and provide you with the desired information or to manage your specific requests.
The legal basis for the processing of such data is to be found in the performance of a contract to which the data subject is a party or in the performance of pre-contractual measures taken at the request of the data subject (art. 6(1)(b) GDPR).
Data collected by sending your application (“Work with us”)
If you decide to send your application through the email address made available in the “Work with us” section of this website, Cometal S.r.l. will process your data (personal data, contact data, curriculum vitae et studiorum), in order to enable the assessment of your profile, your aptitudes and your professional skills within the company’s personnel selection processes.
The data provided will be kept in our archives for a period limited to the duration of any selections in progress and in any case for a period of time not exceeding 3 years from the time of collection.
The voluntary forwarding of your application and the voluntary delivery of your curriculum vitae is considered a specific authorisation to process your personal data, with the guarantee that the Data Controller will process such data only for the purposes of selection. The legal basis for the processing of such data is therefore to be found in the consent to processing expressed by the data subject (art. 6, par. 1, lett. a), GDPR).
3, Processing methods
The data collected in the ways indicated in par. 2), will be processed using paper, computer and electronic media with organisation and processing logics strictly related to the purposes of collection and in any case in such a way as to ensure the security, integrity and confidentiality of the data in accordance with the organisational, physical and logical measures provided by applicable regulations.
The personal data will be processed internally by authorised persons, under the authority of the Data Controller, properly trained as regards regulatory principles and logical and technological security procedures (art. 32, par. 4, GDPR).
4. Scope of communication and dissemination of data
Without prejudice to communications made in compliance with legal obligations or with an order of the judicial or police authorities, your data may be shared with partners and suppliers of IT services which support Cometal S.r.l. in the provision of this website. Such recipients are selected by us on the basis of their competence in terms of data security and confidentiality. We enter into contracts with all such recipients to ensure that they provide a high level of security as regards the protection of your data.
Your data will not under any circumstances be disseminated.
5. Transfer of data outside the European Union
Your personal data will be processed by the Data Controller within the territory of the European Union. It is in any case understood that the Data Controller, if necessary, shall be entitled to move the servers outside the EU, for example in the case of use of Cloud services. In this case, the Data Controller forthwith assures that the transfer of data outside the EU will take place in compliance with applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
6. Rights of data subjects and how to exercise them
In relation to the data processing described herein, you are entitled to exercise your rights under the GDPR (art. 7(3) and art. 15-22), including:
- to receive confirmation of the existence of your personal data and to access their content (right of access);
- to update, amend and/or rectify your personal data (right to rectification);
- to request the deletion of your account or request the deletion or restriction of the processing of data processed unlawfully, including data the retention of which is unnecessary for the purposes for which the data were collected or otherwise processed (right to be forgotten and right to restriction);
- except where processing is provided for in compliance with a legal obligation, to object to processing, in the cases provided for by the Regulation (right to object);
- to withdraw consent, where given, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal, for all or part of the processing in question;
- to receive a copy of the data in electronic format concerning you and rendered in the context of the contract and to request that such data be sent to another data controller (right to data portability).
To exercise these rights or to request further information regarding this policy, you can contact the Data Controller by sending an email to firstname.lastname@example.org
Pursuant to article 77 of the GDPR, you also have the right to lodge a complaint with the Personal Data Protection Supervisory Authority. The procedures and directions for lodging a complaint are published on the official website of the Authority (www.garanteprivacy.it).
7. Amendments and updates