Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”)
Information to be provided where personal data are collected from the data subject
According to Regulation (EU) 2016/679 (General Data Protection Regulation) we provide you with the due information concerning the processing of the collected personal data. This information is not valid for other web sites which might be visited through links contained in all the web sites of data controller’s domain name. The data controller shall not be considered responsible for third parties’ web sites.
Personal data that can be treated: “ personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 Reg. UE 679/2016).
Specific Information: specific information may be find on the Site page in relation to particular services or processing of the data provided.
1. DATA CONTROLLER
Pursuant to art. 4 and 24 of the Regulation (EU) 2016/679, is APEN GROUP SPA, with legal headquarter in 20900 Monza (MB) – Italia, Via Zucchi, 1 and operational headquarter in 20060 Pessano con Bornago (MI), Italia – Via Isonzo, 1, Tax number 08767740155, as represented by the pro tempore legal representative Mariagiovanna Rigamonti , email: firstname.lastname@example.org.
2. PURPOSES AND LAWFULNESS OF THE PROCESSING
Your personal data shall be processed in accordance to the requirements for the lawfulness of processing set forth by Art. 6 lett. f) (legitimate interests) of the Regulation (EU) 2016/679 for the following purposes:
– browsing on this website;
– in the areas “Contacts” and “Products – Request informations” to fill in the form with the required personal data to answer to your contact and or information request and to send you the required information;
– in the area “Work with us” to send any spontaneous applications by filling the form to be contacted by APEN GROUP SPA for the purpose of personnel selection;
– for administrative and accounting activities in general. Data processing for administrative and accounting purposes are those related to organizational, administrative, financial and accounting activities regardless of the nature of data processed. In particular, internal organizational activities, those following contractual obligations’ fulfilment and information activities are related to these purposes.
The data processing is based on art. 6, paragraph no. 1, lett. f), Recital no. 47): taking into consideration the reasonable expectations of data subjects based on their relationship with the controller, whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.
3. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data provided by you may be communicated to recipients, appointed pursuant to art. 28 of the Regulation EU 2016/679, which shall process your data as processors and/or persons acting under the authority of the Controller and the Processor, in order to perform agreements or related purposes. Precisely, your data may be communicated to recipients part of the following categories: – management services providers of IT systems and communication networks of Apen Group Spa (including emails); – advisory and consultancy firms and companies; – competent Authorities for the fulfillment of obligations of law, if required; – in case of administrative accounting purposes, the data may be sent to commercial information companies for the assessment of solvency and payment habits and / or subjects for debts collection purposes.
The subjects belonging to the aforesaid categories act as data Processors or act in complete autonomy as separate data Controllers. The list of designated data Processors is constantly updated and available by sending an e-mail to email@example.com and at the offices of the Data Controller, in 20060 Pessano con Bornago (MI), Italia – Via Isonzo, 1.
4. DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANISATION
Personal data may be transferred to a third Country within or outside the European Union, subject to the limits and conditions set forth by art. 44 and subsequent articles of the Regulation EU 2016/679, in order to comply with purposes related to the transfer. The data subject may obtain a copy of such data by writing an email to the address firstname.lastname@example.org.
5. DATA RETENTION PERIOD OR RELEVANT CRITERIA
The processing shall be carried out in automated and / or manual manner, with methods and tools aimed at ensuring the best security and confidentiality, by persons specifically appointed to do so.
According to the provisions set forth in art. 5 par. 1 lett. e) of the Regulation EU 2016/679, collected personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Data retention period depends on the purposes:
– to visit the current internet website (temporary);
– request for contact, information and appointment reservation (1 year maximum);
– personnel recruiting purposes (24 months maximum).
The Data Subject can receive information regarding the criteria of the retention period contacting email@example.com.
6. NATURE OF DATA PROVISION AND REFUSAL
With exception of what above specified concerning navigation data, the User is free to provide personal data.
The provision of personal data is optional or necessary depending on the specific purpose of the data processing. The non submittal of personal data marked by the symbol *may result the impossibility to obtain the required services.
7. DATA SUBJECT’S RIGHTS
You may exercise your rights pursuant to the Regulation EU 2016/679, by contacting the Data Controller by sending an e-mail to firstname.lastname@example.org or writing to the Data Controller’s headquarter.
You have the right, at any time, to request the data Controller to access (art. 15), rectify (art. 16), cancel (art. 17) your personal data or limit their processing (art. 18) or to object to the processing of your data based on the legitimate interest (art. 21).
Withdrawal of the consent. The processing is not based on the consent, but on the legitimate interest. When the processing of the personal data is based on the consent, you have the right to withdraw the consent given at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
To object the processing of your data or to exercise your rights you may sending an e-mail to email@example.com.
you have the right to lodge a complaint with the Data Protection Authority. The provision of the personal data is not mandatory. You may provide your personal data in specific pages of the present website. The non submittal of personal data may result the impossibility to obtain the required services of the Data Controller. There is not decision based solely on automated processing.