In accordance with Articles 13 and 14 of the European Regulation 679/2016 on the protection of personal data, so called “General Data Protection Regulation” (“GDPR”), we wish to inform you that this website (hereinafter, “Site“) collects personal data of the users who visit this Site (hereinafter, “Users“).
The data controller (hereinafter, “Data Controller“) of your Personal Data is DS Group S.p.A., with registered office in Corso Venezia 36, 20121 – Milan (MI), in the person of its pro-tempore legal representative.
For any information and/or request relating to the processing of personal data on the Site, the Data Controller can be reached both at the postal address given in the previous lines, and at the following e-mail address: firstname.lastname@example.org .
The Data Controller acknowledges that it has appointed its Data Protection Officer (‘DPO’), who can be contacted at email@example.com.
Types of Data Collected
Personal Data may be freely provided by the User or, in the case of usage data, automatically collected during the use of this Site.
The computer systems and software procedures used to operate this site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
– obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
– monitor the proper functioning of the services offered.
Browsing data are not retained for more than seven days (except in the case of criminal investigations by judicial authorities).
Sending messages and/or CVs via the appropriate forms on the Site (e.g. ‘Contact Us’ or ‘Join Us’ forms) entails the subsequent acquisition of the data provided by the User.
Finally, the Data Controller processes data posted on the Data Controller’s social pages that the Data Controller has access to through social media features that the User enabled when registering on such platforms. The Data Controller may use and republish data that the User posts online publicly, through social media sharing tools, in accordance with the GDPR and the social media terms and conditions of use that the User has agreed to.
Method and location of data processing
The Data Controller takes appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of personal data. The processing is carried out using computer and/or telematic instruments, with organisational methods and logics strictly related to the purposes indicated. The data are processed by persons authorised to process the data involved in the organisation of this Site (e.g. administrative, sales, marketing, legal, system administrators) or by external parties (e.g. third party technical service providers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as data processors (hereinafter, “Data Processors“) by the Data Controller (pursuant to Article 28 of the GDPR). The updated list of Data Processors can always be requested to the Data Controller. Personal Data may also be disclosed, in accordance with the law, to police forces, judicial authorities, information and security bodies or other public entities for purposes of defence or state security or the prevention, detection or repression of crimes.
The Data are processed at the Data Controller’s offices and in any other place where the parties involved in the processing are located. Users’ Personal Data may be transferred to third countries that do not guarantee an adequate level of security in respect to European standards and for which no adequacy decision has been issued by the European Commission pursuant to Article 45 GDPR. For this reason, the Data Controller has signed with third parties intending to transfer data to such countries standard contractual clauses or another appropriate instrument pursuant to Article 46 GDPR, as well as any additional security measures.
Legal basis and purpose of Data Processing
The processing of the User’s Personal Data by the Data Controller on the Site has the following purposes and legal basis:
(a) for the purpose, in accordance with Article 6.1(f) of the GDPR, of the legitimate interest pursued by the Data Controller, consisting in ensuring the security of the Site and the information exchanged on it, i.e. the ability of that Site to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible;
b) to process requests for information transmitted via the appropriate forms published on the Site pursuant to Article 6.1(f) of the GDPR;
(c) if the User fills in the “Join Us” section to enable the Data Controller to evaluate the application, for the purposes of possible employment in accordance with Articles 6.1(b) and 9.2(b) and (e) of the GDPR;
d) to manage interaction with users (comments, posts) on the Data Controller’s social pages pursuant to Article 6.1(f) of the GDPR. Regarding the processing of personal data carried out by the managers of the social media platforms used by the Data Controller for its social pages, please refer to the information provided by them through their respective privacy policies.
Consequences of refusal to provide data
The provision of data for the purposes set out in paragraph b) and c) above is mandatory and is functional to the pursuit of the purposes described in paragraph 3 above. Any refusal by the User to provide such data would therefore make it impossible to reply to the User’s request for information or to follow up the User’s evaluation process for the purposes of possible employment.
Data retention period
The User’s Personal Data will be processed by the Data Controller for the time necessary to respond to the User’s request for information and/or to evaluate the User for the purposes of the possible establishment of a working relationship.
The User is guaranteed the rights set out in Articles 15 et seq. of the GDPR, consisting essentially of the right to receive information from the Data Controller regarding the existence of the processing of one’s personal data, as well as to access one’s own data, to have them corrected, supplemented, updated or deleted; each data subject shall also have the right to obtain a copy of his/her data, to obtain a restriction of the processing and/or to object to their processing, as well as the right to data portability and to lodge a complaint with the competent supervisory authorities under the conditions and within the limits indicated in Article 13 GDPR.Exercising the rights
To exercise these rights, the User may send a communication to the Data Controller at the address indicated in the header of the page by registered letter with acknowledgement of receipt or by e-mail to the address: firstname.lastname@example.org or by contacting the Data Protection Officer at email@example.com.