Information on the processing of personal data
With this document (“Information”), the data controller provides you with the terms of the data collected and the processing of company services performed on the website www.advepa.it in relation to Regulation (EU) 2016/679 (GDPR) in strict compliance with the general principles established by articles 5 and 6 of the GDPR, i.e. according to correctness, accuracy, completeness and congruity with respect to the purposes indicated.
1. Holder of the treatment
The Data Controller is the company Advepa Srl in accordance with current laws and the administrator of the site (hereinafter the company) with registered office in Palermo Resuttana street, 360, 90146., can be contacted through the CONTACTS section or at the email address info@advepa.
2. Legal basis of the processing
This site processes data mainly on the basis of user consent. The consent is given through the banner located at the bottom of the page, or through the use or consultation of the site, as conclusive behavior. With the use or consultation of the site, visitors and users approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service. Additional consents relating to the specific purpose of the service are collected through the communication or service request forms.
The provision of data and therefore consent to the collection and processing of data is optional, the User can deny consent, and can withdraw at any time a consent already provided (through the banner located at the bottom of the page or the browser settings for cookies, or the Contact link). However, denying consent may make it impossible to provide certain services and the browsing experience on the site would be compromised. The data for site security and for the prevention of abuse and SPAM, as well as data for the analysis of site traffic (statistics) in aggregate form, are processed based on the legitimate interest of the Data Controller to protect the site and the users. In such cases, the user always has the right to object to the processing of data (User rights).
The data provided for professional consultancy or assignments are processed on the basis of the fulfillment of a contract and the fulfillment of a legal obligation. In such cases, specific information is provided.
1. Which personal data we process
2.1 Navigation data
During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
These are information that are not collected with the purpose of being associated with identified subjects , but which by its very nature could allow to identify users through assosiations with data held by third parties. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site, except for this eventuality, the data collected through the Site are kept for 12 months.
2.2 Data provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this Site and the compilation of the “formats” (masks) entails the subsequent acquisition of the e-mail address, necessary to respond to requests, and any other personal data. spontaneously communicated to the Owner.
Unless you communicate further personal data for the management of your request, for the purposes indicated in this Policy, the Data Controller processes the following personal data:
– personal data: name, surname, address, telephone number, e-mail and other contact details;
– data relating to the contract concluded with the Data Controller.
For the management of your request, including the management of your candidacy, the Data Controller may also process particular categories of personal data, such as data capable of revealing the membership of trade unions (taking office, request for withholdings for union association quotas) , membership in political parties, religious beliefs (should you request to join some religious holidays), as well as your state of health if you spontaneously communicate them to the Owner.
For the treatment of these categories of personal data, the Data Controller requires you an explicit consent to the treatment.
Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
3. What are the purposes of the treatment
The purposes for which the data of the interested parties can be processed are attributable to the commercial information activity expressly requested by users interested in the services offered by the Company through the contact form published on this site.
No marketing and / or profiling activities are carried out through this site.
In general, the processing of data takes place for the purposes indicated from time to time, subject to your consent. Your personal data are processed:
– fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you; fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for example in the matter of anti-money laundering); exercise the rights of the owner, for example the right to defense in court;
– only subject to your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes: to send you via e-mail, post and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Owner and detection of the degree of satisfaction with the quality of the services;
send you via e-mail, post and / or sms and / or telephone contacts commercial and / or promotional communications of third parties (for example partners, other Group companies).
The processing of data collected by the site, in addition to the related, instrumental and necessary purposes for providing the service, is aimed at the following purposes:
– Statistics (analysis)
Collection of data and information in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site. None of this information is related to the natural person-user of the site, and does not allow identification in any way. Consent is not required.
Raccolta di dati e informazioni al fine di tutelare la sicurezza del sito (filtri antispam, firewall, rilevamento virus) e degli Utenti e per prevenire o smascherare frodi o abusi a danno del sito web. I dati sono registrati automaticamente e possono eventualmente includere anche dati personali (indirizzo IP) o costituenti reato. Tali dati non sono mai utilizzati per l’analisi della profilazione dell’Utente e vengono cancellati periodicamente. Non necessario il consenso.
– Accessory activities
Communicate data to third parties that perform functions necessary or instrumental to the operation of the service (e.g. comment box), and to allow third parties to carry out technical, logistical and other activities on our behalf. Suppliers have access only to personal data that are necessary to perform their duties, and undertake not to use the data for other purposes, and are required to process personal data in accordance with current regulations.
– Consultations and professional assignments
In case of spontaneous sending of data in order to ask for professional advice or for a professional assignment, the data will be used only for the purpose of evaluating the assignment and for the possible fulfillment of the same. In such cases, specific information will be provided.
– Sending the Curriculum Vitae
Through the “Work with us” section of the Site or by e-mail you can provide your personal data and your CV to the Data Controller to apply for open positions or for any future positions. Your personal data are processed only for the management of your application and related activities. The condition of lawfulness for the processing of your personal data to manage your application is constituted by the need to complete your request, in accordance with Article 6, paragraph 1, letter b), GDPR. Consequently, it is not necessary to obtain a His prior consent to treatment.
For the evaluation of your application, the Data Controller may also process particular categories of personal data entered by you in your CV (for example, your state of health, your philosophical or religious convictions). For the treatment of these particular categories of personal data, the Owner needs your explicit consent.
– Requests made through the Site
Your personal data may be processed by the Data Controller to satisfy your requests made by writing to one of the e-mail addresses available on the Website or by filling in the forms on the Website. Failure to provide the requested data will result in the inability for the Data Controller to complete your request. The condition of lawfulness of the processing is the need to execute your request, in compliance with article 6, paragraph 1, letter b), GDPR. Therefore, the acquisition of your prior consent to the treatment is not necessary.
For the management of your request, the Data Controller may also process particular categories of personal data transmitted by you to the Data Controller. For the processing of these particular categories of personal data, the Data Controller requires your explicit consent on the “Contacts” page.
– Commercial communications and newsletters
If you want to be updated on the latest news of the products and services offered by the Owner, you can join our marketing initiatives by allowing the Owner to
send you the newsletter and further commercial communications concerning the products and services.
The condition of lawfulness for sending commercial communications and the newsletter is your express consent, which the Data Controller requires from you on all the pages of the website where it is possible to join this service, in compliance with article 6, paragraph 1, letter a), GDPR.
Your personal data will be processed until you decide to withdraw your consent or oppose the processing.
Right to object to direct marketing activities we inform you that, at any time, you have the right to object to direct marketing activities, by contacting the Data Controller at one of the contacts indicated in point 1 of this Policy or by clicking on the appropriate link in every communication invites from the Owner.
4. Site Management
Your personal data described in points 2.1 – 2.3 above will also be processed by the Data Controller to manage the Site, complete anonymous statistical analyzes on the use of the site to check its correct functioning and / or to ascertain responsibility in case of hypotheses computer crimes against the Site. In any case, these data are processed anonymously and are deleted immediately after processing. The condition of lawfulness of the processing is the legitimate interest of the Data Controller to ensure the correct use of the Site and to prevent any possible computer crime, in compliance with article 6, paragraph 1, letter f), GDPR. Therefore, the acquisition of your consent will not be necessary. Your personal data will be immediately anonymous and in any case deleted at the end of your browsing session.
However, if information crimes are ascertained, your personal data will be kept for the time necessary to manage the dispute.
5. Recipients of the data
The data provided by the interested party through the contact form will not be transferred to third-party companies for commercial purposes or for other purposes. Instead, they will be sent to those responsible in the commercial and administrative sphere of the Company to fulfill the actions indicated in paragraph 3 (purpose).
Transfer of collected data to third parties
The data collected by the site are generally not provided to third parties, except in specific cases: legitimate request by the judicial authority and only in the cases provided for by law; if it is necessary for the provision of a specific service requested by the User; for performing security checks or site optimization.
Transfer of data to non-EU countries
This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and of the Guarantor for the protection of personal data, in particular decision 1250/2016 (Privacy Shield- information page of the Italian Guarantor www.garanteprivacy.it/web/guest/home / docweb / – / docweb-display / docweb / 5306161), for which further consent is not required. The companies mentioned above guarantee their adhesion to the Privacy Shield.
6. Processing methods
Your data may be processed electronically. The data of which Advepa S.r.l. is the owner, only those necessary for the processing of data connected to the website services, the Owner uses servers located within the European territory. We inform you that the data will be collected, processed and stored in full compliance with the provisions regarding security measures, as well as in compliance with the measures deemed suitable pursuant to the new EU Regulation 2016/679. The data will also be processed in full compliance with the self-regulation rules on the processing of personal data contained in the codes of ethics in the sector in force.
We treat visitor / user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. We are committed to protecting the security of your personal data when sending it, using the Secure Sockets Layer (SSL) software, which encrypts the information in transit. The treatment is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Owner, in some cases, categories of agents involved in the organization of the site or external subjects (such as third party technical service providers, hosting providers) may have access to the data.
Duration of treatment
The data will be processed for the time strictly necessary to achieve the purposes for which they were collected. Furthermore, they will remain available to the owner, manager and agents for any storage required by law (art.22, paragraph 5, of the Code), only for the necessary duration or, until the different date of the user’s request for cancellation. same. The maximum duration, however, is that established by law for contractual liability, or 10 years.
In relation to the treatments described in this Information, you can exercise the rights provided by the articles of the GDPR (from 15 to 21) in particular:
1. right of access – right to obtain confirmation that a processing of personal data concerning you is in progress and, in this case, obtain access to your personal data – including a copy of the same;
2. right of rectification – where applicable, right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and / or the integration of incomplete personal data;
3. right to erasure (right to be forgotten) – where applicable, right to obtain, without undue delay, the erasure of personal data concerning you.
4. right of limitation of treatment – where applicable, right to obtain the limitation of treatment, when the legal conditions exist.
5. right to data portability – where applicable, right to receive, in a structured format of common use and readable by an automatic device, the personal data concerning you provided to the owner and the right to transmit it to another;
6. right of opposition – right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of the legitimate interest;
7. withdraw consent – at any time, with the same ease with which it was provided, without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
8. The interested party also has the right to lodge a complaint with the Guarantor for the protection of personal data (www.garanteprivacy.it).
The exercise of rights is not subject to any form constraint and is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also for their repetitiveness, the Data Controller may charge you a reasonable expense contribution , in light of the administrative costs incurred to manage your request, or to deny the satisfaction of your request. To exercise your rights, you must fill in the data subject’s exercise form on the Guarantor’s website (www.garanteprivacy.it) or download it by clicking the following link (https://www.advepa.it/wp-content/uploads/ 2020/04 / advepa-request-form-relating-to-exercise-of-rights.pdf), click here to download the form, and send it to Advepa Srl, in one of the following ways:
Recommended a / R. addressed to the Advepa S.r.l. Office, Via Resuttana 360, 90146 Palermo
PEC (certified electronic mail): firstname.lastname@example.org;
Any corrections or cancellations or limitations of the processing carried out at your request, unless this proves impossible or involves a disproportionate effort, will be communicated by the Company to each of the recipients to whom the personal data have been transmitted.