WEB PRIVACY NOTICE – Information document pursuant to and for the purposes of Article 13, EU Reg. 2016/679.
Pursuant to EU Regulation 2016/679 (hereinafter “GDPR”), this page describes how personal data is processed. This information is provided pursuant to Art. 13 of the GDPR. This information does not apply to other third-party websites that may be accessible via links on this website, for which no liability is taken.
Personal data that can be processed
Personal Data:
Any piece of information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is onewho can be identified, directly or indirectly, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30 of the GDPR).
Navigation data
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by the users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
Data communicated on a voluntary basis
The optional, explicit and voluntary sending of messages to the contact addresses indicated on this website and/or the filling in of data collection forms entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data entered.
Information on the processing of personal data through social media platforms
With regard to the processing of personal data carried out by the managers of the social media platforms used by the Data Controller, please refer to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated social media platforms, in order to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
Specific information: Specific information may be present on the pages of the website in relation to particular services or processing of the data provided.
COOKIES: For Cookies and other tracking systems, see the cookies policy in the footer of the website and at the following link.
DATA CONTROLLER: Pursuant to Articles 4 and 24 of EU Reg. 2016/679, the Data Controller is APEN GROUP SPA, with registered office in Via
Isonzo 1, 20060 Pessano con Bornago (MI) Italy, in the person of its pro-tempore Legal Representative
PURPOSE | LEGAL BASIS | RETENTION PERIOD | NATURE OF THE PROVISION
| PURPOSE OF PROCESSING | LEGAL BASIS | DATA RETENTION PERIOD | NATURE OF THE PROVISION |
|---|---|---|---|
|
A) Activities strictly necessary for the operation of the website and the provision of the navigation service on the platform. |
Legitimate interest | rights of the Data SubjectArt.6, letter f) and recital 47 of the GDPR: The processing is necessary for the purposes of pursuing the legitimate interests of the Data Controller or a third party. |
Throughout the duration of the browsing session and up to a maximum of a further 7 days (without prejudice to any need for criminal investigations by the judicial authorities) | Necessary to ensure browsing |
| B) Browsing analysis through the use of cookies and similar technologies. Further information in the cookie policy |
For necessary non-technical cookies and similar technologies, processing is based on consent to the processing of personal data (Art. 6 par. 1 letters a and C42, C43 of the GDPR). Consent is given through the website banner and cookie policy |
Further information in the cookie policy | Further information in the cookie policy |
| C) Request for contact or information by phone, dedicated form, Whatsapp button widget or similar systems. |
Processing is necessary for the performance of a contract to which the Data Subject is a party or for the performance of pre-contractual measures taken at the Data Subject’s request; Art. 6 par. 1, letter b) and(C44) of the GDPR |
1 year | Provision is necessary. Failure to provide the necessary data will result in the impossibility of being contacted and receiving the requested information. |
| E) Management of requests by Data Subjects to exercise their rights under Art. 15 et seq. of the GDPR (Data Subject’s rights) |
The processing is necessary to fulfil a legalobligation to which the Data Controller is subject indispensable to be able to fulfil legal obligations Art. 6 par. 1, letter c) and (C45) of the GDPR | 5 years from the closing of the request, subject to litigation | The provision of personal data is mandatory, as it is indispensable to be able to fulfil legal obligations |
| G) Personnel selection, to apply for personnel selections, carrying out the activity of personnel search and selection with a view to the possible establishment of an employment relationship, also for any positions other from those for which the Data Subject spontaneously applied; storage of personal data also for future selections; management of applications in response to job offers published on our website; interviews and possible video interviews (data processing also relating to image/audio). See the specific information in the dedicated area. |
Processing is necessary for the performance of a contract to which the Data Subject is a party or for the performance of pre-contractual measures taken at the Data Subject’s request; Art. 6 par. 1, letter b) and (C44) of the GDPR |
Maximum24 months In principle, the data collected during the recruitment process will be deleted as soon as it becomes clear that no job offer will be made or that the offer will not be accepted by the applicant | Provision is necessary. Failure to provide the necessary data will result in the inability to apply |
| H) Subscription and access to the reserved area for consultation of technical and installation manuals |
Processing is necessary for the performance of a contract to which the Data Subject is a party or for the performance of pre-contractual measures taken at the Data Subject’s request; Art. 6 par. 1, letter b) and (C44) of the GDPR |
Until the termination of the contract and the technical time needed to disable credentials | Provision is necessary. Failure to provide the necessary data will make it impossible to access the reserved area |
DATA RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS
Personal data will be communicated, also on the basis of the purposes envisaged in specific areas, to subjects who will process the data as autonomous Data Controllers or Data Processors (Art. 28 of the GDPR) and processed by natural persons (Art. 29 of the GDPR) acting under the
authority of the Data Controller and Data Processors on the basis of specific instructions given regarding the purposes and methods of processing, for specific purposes according to the area of reference.
Data will be communicated to recipients belonging to the following categories:
- Parties providing services for the website and communication networks, including e-mail, platform management and hosting;
- Persons providing consultancy and assistance services;
- Persons providing services related to the management of the above-mentioned processing purposes;
- Subjects based in Italy, with which the Data Controller has signed agreements and prior consent, where applicable;
- For the work with us area, to subjects for the management of selection activities;
- Competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request
The list of Data Processors is available by writing to: privacy@apengroup.it.
DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANISATION
Personal data will not be transferred to countries outside the EEA. In particular, it should be noted that the data will be stored in Italy for hosting, management, development and maintenance services of the website. All third parties to whom the data may be disclosed are based in Italy.
AUTOMATED PROCESSES
Personal data will be subject to traditional manual, electronic and automated processing. Please note that no fully automated decision-making processes are carried out. With reference to the profiling activity, which may be carried out with the express consent of the Data Subject as indicated in the purposes, it will be carried out through the intervention of the operator who will process the profile of the Data Subject and analyse his/her habits and consumption choices, in order to improve the commercial offer and services of the Data Controller (non-automated
profiling).
RIGHTS OF THE DATA SUBJECT
You may exercise your rights as expressed in Art. 15 et seq. of the GDPR, or by contacting the Data Controller at the above e-mail address. You have the right, at any time, to request access to your personal data (Art.15), to rectify (Art.16), to delete the same (Art.17), to limit processing (Art.18). The Data Controller shall inform (Art. 19) each of the recipients to whom the personal data have been transmitted of any rectification or deletion or restriction of processing carried out. The Data Controller shall inform the Data Subject about these recipients if the Data Subject so requests.
In the cases provided for, you have the right to portability of your data (Art. 20). In such a case it will be provided to you in a structured, commonly used and machine-readable format. You have the right to oppose (Art.21), at any time, the processing of data based on legitimate interest, and in cases where the legal basis is consent, you have the right to revoke the consent given without prejudice to the lawfulness of the processing based on the consent before revocation.
To stop receiving automated direct marketing communications (e-mail, instant messaging) or to revoke your consent to (non-automated) profiling, please contact the Data Controller at: privacy@apengroup.it
If you consider that the processing of personal data carried out by the Data Controller is in breach of the provisions of EU Regulation 2016/679, as Data Subject you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State where you normally reside or work or where the alleged breach of the Regulation occurred (Privacy Guarantor <a href=”https://www.garanteprivacy.it/” target=”_blank”>https://www.garanteprivacy.it/</a>), or to bring an action before the appropriate courts.
Date of the update: 10 July 2025
The Data Controller reserves the right to amend, update, add or remove parts of this notice