PRIVACY POLICY – WEB GENERAL – Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”)

According to Regulation (EU) 2016/679 (General Data Protection Regulation) we provide you the due information concerning the processing of
collected personal data. This notice is not to be considered valid for other websites attainable trough links and data processor shall not be held
responsible for third parties web pages.

This notice is provided pursuant to art. 13 of the Regulation (EU) 2016/679 (General Data Protection Regulation) and according to the provisions of
the Directive 2002/58/CE, as amended by Directive 2009/136/CE on Cookies, as well as according to the Provision of the Data Protection Authority
dated 08.05.2014 on cookies.

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can
directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online
identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).

DATA CONTROLLER

pursuant to art. 4 and 24 of the Reg. (EU) 2016/679, is APEN GROUP SPA– registered office in Via Isonzo 1, 20060 Pessano con Bornago (MI)
Italy, represented by the legal representative pro tempore.

PURPOSES AND LAWFULNESS OF THE PROCESSING

PURPOSE OF PROCESSING LEGAL BASIS DATA RETENTION DATA CONFERRAL
A)
Website browsing

Activities strictly related to site operations and to
platform browsing service provision

Legitimate interest | Data
subject rights

Art. 6 lett. f) and recital 47
GDPR: the processing is
necessary for pursuing the
legitimate interest of data
controller or third parties’

Single browsing session Necessary for the
legitimate interest of
data controller with
due regard to user’s
rights and
fundamental freedoms
B)
Contact or information request
Legitimate interest | Data
subject rights

Art. 6 lett.f) and recital 47
GDPR: the processing is
necessary for pursuing the
legitimate interest of data
controller or third parties’

1 year Necessary for the
legitimate interest of
data controller with
due regard to user’s
rights and
fundamental freedoms
C)
Participation in personnel selection
processes sending an application aiming at
establishing an employment relationship –
including any position other than those ones
for which the data Subject spontaneously
applied for; retention of personal data for
future selections; management of
applications; interviews and any video-
interviews.
Contractual and pre-
contractual measures
upon data Subject’s
request

Art. 6 par. 1 lett. B) GDPR

2 years Necessary to refine the
application.
It’s lack will entail the
impossibility to apply.
D)
Signing up and login to the reserved area of
the platform

Contract

art. 6 lett. b) GDPR: processing is
necessary for the
performance of a contract to
which the data subject is party
or in order to take steps at the
request of the data subject
prior to entering into a
contract;

10 years starting from last login Necessary to the
execution of
contractual obligations
between parties.

 

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data provided by you may be communicated to recipients who will act as Processors (art. 28 of the Reg. EU 2016/679) and/or persons
acting under the authority of the Controller and the Processor (art.29 of the Reg. UE 2016/679) for the purposes pointed ahead. Precisely, your
data may be communicated to recipients part of the following categories:

  • subjects providing services for the management of the information system used by APEN GROUP SPA and telecommunications
    networks:
  • Freelancers, studies or companies in the context of assistance and consultancy relationships;

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036:it:PDF

  • subjects providing services related to the management of the above mentioned purposes (communication, brochure printing, fliers,
    websites, videos);
  • platform operators for the abovementioned services (websites hosting, etc);
  • Competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request;

DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANISATION

Personal data provided will not be transferred to a third Country outside the European Union.

DATA SUBJECT’S RIGHTS

You may freely exercise your rights at any time under the EU Reg. 2016/679 –GDPR, Sections15, 16, 17, 18, 19, 20, 21 contacting the Data
Controller – APEN GROUP SPA in person of its legal representative by means of E-Mail: privacy@apengroup.it.

You have the right, at any time, to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being
processed, request their rectification or erasure.

Moreover You have the right, at any time, to oppose to personal data processing (also to profiling) without prejudice to lawfulness of
processing.

Without prejudice to any other administrative or judicial remedy, in case you consider your data processing in contrast with Reg. UE 2016/679,
pursuant to article 15 lett. f) of Reg. UE 2016/679, you have the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it)
and, pursuant to article 6 paragraph no. 1, lett. a) and article 9, paragraph no. 2, lett. a), you have the right to revoke your expressed consent at
any time.

Exercising your right to data portability, the Data Controller may provide your personal data in a structured, commonly used and machine-
readable format subject to the provisions set forth in paragraphs 3 and 4 of art. 20 of Regulation EU 2016/679.

Informative amendments: Data processor retains the right to modify, update, add or remove some parts of this informative at any time.

Date of review: 7/20/2020

DATA CONTROLLER

APEN GROUP SPA