PRIVACY POLICY

Information on the processing of personal data (“Privacy Policy”) of www.gmtg7.it in compliance with art. 13 of the EU Regulation 2016/679 and of the Law Decree no. 196/2003 and subsequent modifications.
Updated on 25th May 2018.

In compliance with the provisions of art. 13 of the EU Regulation 2016/679 and of the Law Decree no. 196/2003, GMT G7 S.p.A., in its capacity as Data Controller, invites its users (hereunder referred to simply as “the concerned party”), before starting to browse the website www.gmtg7.it (hereunder only referred as “the Website”) to read this Information on the processing of personal data (“Privacy Policy”).

The Privacy Policy, drawn up exclusively for this Website, and for other websites possibly visited by the user through links or accessed through social media links available on the Website, aims at explaining Website’s users the methods used to treat and process collected personal data.

Any amendment or update of this Privacy Policy will be available to all users in the section called “Privacy” of this Website.
Amendments will become applicable starting from the date of their publication on the Website mentioned above. Should the concerned party not be willing to accept the amendments, he/she will be entitled to stop using the Website.
Thus, we invite the concerned parties to periodically consult the dedicated web page.

1. Data treatment aim.

Data collected through this Website will be processed by the Data Collector, according to principles of need, lawfulness, correctness, proportionality and transparency, with the following aims:
– allow use of the website and of the services connected to it;
– comply with legal requirements and obligations;
– receive cv in the dedicated section.

2. How to release this privacy policy.

The Data Collector specifies that this Privacy Policy is freely and easily accessible on this Website in the dedicated section, i.e. by submitting a request to the contacts shown in the next paragraph entitled “Data Collector”.

3. Treatment of “special categories of personal data” and “data concerning criminal records”.

Pursuant to art. 9 of the EU Regulation no. 2016/679, and by way of example, by “special categories of personal data” we mean: data revealing ethnic and racial origin, data on health status, data on membership to a trade union and/or to a political party, or, however, revealing political and religious beliefs, i.e. concerning the exercise of functions, activities or trade union tasks, as well as biometric data or data on sexual orientation.
Pursuant to art. 10 of the EU Regulation no. 2016/679, and by way of example, by “personal data concerning criminal records” we mean those data pertaining criminal convictions, crimes and security measures.
All data related to the categories called out under articles 9 and 10 of the Regulation, referred to the concerned person, are exclusively treated and processed to meet the obligations stated under paragraph 1), always subject to the possibility for the concerned party to exercise his/her rights pursuant to articles 15,16,17,18, 20 and 21 of the EU Regulation no. 2016/679, specified under paragraph 11, according to the methods described in the next paragraph 12.

4. Methods of data treatment.

Data processing is carried out with the aid of electronic and / or paper instruments, according to a logic strictly related to the purposes indicated above and in any case by adopting organizational and IT procedures and measures suitable to protect its security, confidentiality, relevance and without excess.
Data processing will be carried out by personnel directly reporting to the Data Controller and / or by natural or legal persons specifically identified as responsible or in charge of processing, whose contacts are made available at the express request of the concerned party at the addresses indicated at the following paragraph 7.

5. Legal base.

Personal data processed by the Data Controller are provided voluntarily by users by browsing through the Website, or by sending e-mails, by filling in appropriate forms and by applying the required flags.

6. Mandatory or optional nature of providing data.

We inform you that the provision of requested data is mandatory, as any refusal to do so has the consequence of preventing future visits to the website. The concerned party, by browsing through this website, voluntarily consents to the transmission and processing of his/her personal and navigation data. The forwarding and transmission of communications, voluntary and optional, through the completion of the appropriate forms included in the website or by e-mail, involves the acquisition of personal data provided by the person concerned with the purpose of allowing communications and processing of requests.

7. Data Controller.

The Data Controller is GMT G7 S.p.A. phone +39 0362 638951. In particular, for every communication and/or information concerning personal data processing, the Data Controller provides the following email address gmt@gmtg7.it , as well as a certified email address gmtg7@legalmail.it.
At the registered office of the Data Controller we keep an updated list of external individuals responsible for data processing, which can be provided to the concerned person, prior request submitted through the above mentioned addresses.

8. Communication and dissemination of collected data.

Provided data are in no case subject to disclosure or communication to third parties, unless specifically permitted by the concerned party, and in any case only when necessary for performing the purposes better specified under paragraph 1. Communication to third parties, other than the Data Controller, by managers, employed or consultant for the Office, and by data processing operators, besides other subjects, also external and/or located abroad, the Data Controller uses for carrying out instrumental and/or accessory activities in the management of social activities, including suppliers of software solutions, web applications and storage services delivered also through Cloud Computing systems and used for this purpose, is only envisaged to carry out activities related to the pre-contractual and/or contractual phase, except for subjects who may have access to data in compliance with the provisions of the law and/or following orders issued by authorities and however in compliance with the guarantees present in the EU Regulation no. 2016/679 and pursuant to the guidelines of the Italian Privacy Authority, as well as of the Commission set up in compliance with the previously mentioned EU Regulation.

9. Retention time.

Personal data of the concerned parties are kept only for the time necessary to fulfill the purposes indicated above in paragraph 1, for a minimum period of 12 months and for a maximum period of three years, except for the precautions provided for sensitive data that the Data Controller checks regularly for relevance, without excess and requirement to still be treated or not. The defensive needs of the Data Controller are excluded, which may retain data that are strictly necessary and indispensable for the management of any litigation.

10. Rights of the concerned parties.

The concerned party, at any time, can exercise his/her rights towards the Data Controller pursuant to articles 15, 16, 17, 18, 20 and 21 of the EU Regulation. no. 2016/679, which for simplification purposes, are summarized hereunder.
Art. 15 – Right of access of the concerned party: The concerned party has the right to access his / her data and the relative treatments. This right is substantiated by the possibility of obtaining confirmation whether or not his/her data processing is being performed, or the possibility of requesting and receiving a copy of the personal data which are being processed.
Art. 16 – Right to make amendments: the concerned party has the right to obtain from the Data Controller the amendment of inaccurate personal data without undue delay. Taking into account the purposes of data processing, the concerned party has the right to obtain the addition of incomplete personal data, also by providing an additional declaration.
Art. 17 – Right to cancellation (“right to be forgotten”): the concerned party has the right to request the Data Controller to delete and no longer process personal data concerning him / her and in some cases, where possible, to obtain cancellation without unjustified delay when the purpose of the treatment is exhausted, the consent has been revoked, opposition to the treatment has been made or when processing of personal data is not otherwise compliant with the Regulation.
Art. 18 – Right to limit data processing: the concerned party has the right to limit the processing of his/her data in case of inaccuracies, disputes or as an alternative measure to cancellation.
Art. 20 – Data portability right: the concerned party, except in the assumption that data are filed through unauthorized treatments (i.e. in paper format), has the right to receive in a structured format, of common use and readable from an automatic device, his/her personal data, where reference is made to data directly supplied by the concerned person, with explicit consensus or on the basis of a contract, and to request that such data are sent to the another data controller, if technically feasible.
Art. 21 – Opposition right: the concerned party has the right to oppose at any time, for reasons related to his/her specific situation, to the treatment of his/her personal data. However, the concerned person has the right to lodge complaints to supervisory authorities of the State, as well as to appeal to judicial competent authorities to protect his/her rights.

11. How to exercise rights.

If the concerned party wishes to exercise one of the rights listed above he/she must address his request directly to the Data Controller to the addresses indicated in paragraph 7, except for the right to make a complaint to be sent to the competent Supervisory Authority of the State or to appeal before the competent Judicial Authority.
The concerned party also has the right to withdraw his/her consent at any time by sending a specific request to the Data Controller to the addresses indicated in paragraph 7. The withdrawal of consent, in any case, does not affect the lawfulness of the treatment based on consent granted before revocation.
The deadline to reply to the concerned party is, for all rights (including the right of access), 1 month, extendable up to 3 months in cases of particular complexity; the Data Controller must however give feedback to the concerned person within 1 month of the request submission, even in case of denial.
It is up to the Data Controller to evaluate the complexity of the reply to the concerned person and to establish the amount of the contribution to be requested to the concerned person, but only if requests are manifestly unfounded or excessive.

12. Minors.

The holder does not carry out any processing of personal data of minors without the consent of their parents.

13. Processed data.

The Data Controller collects data voluntarily provided by the User through the voluntary compilation of contact forms and / or by sending e-mails or other communication tools.
By browsing this Website some personal data are acquired relating to the use of internet communication protocols (“Navigation Data”).
By way of example, the following data are included in the Navigation Data:
– IP addresses: the English Internet Protocol address is a numerical label that uniquely identifies a device called a host connected to a computer network that uses the Internet Protocol as a network protocol;
– the domain names of the computers used by users who connect to the site;
– addresses in URI (Uniform Resource Identifier) notation of the requested resources;
– the time of the request, the method used in submitting the request to the server;
– the size of the file obtained in response;
– the numerical code indicating the status of the response given by the server (success, error, etc.);
and other parameters related to the operating system and the user’s computer environment.
These data are acquired with the exclusive purpose of allowing usability of the website and are collected in aggregate form, but could, through processing and association with data held by third parties, allow users to be identified.
Navigation data are used for statistical purposes on the use of the website and to check the correct functioning of the website. In particular, it is specified that cookies are not used for the purpose of profiling, but only technical cookies, with the aim of improving the quality of user navigation within the site in question (Privacy Cookies).
The sending of transmissions and communications, voluntary and optional ones, through the website or by e-mail, involves the acquisition of personal data provided by the concerned person with the purpose of allowing communications and processing of any request and this in compliance with what is specified in this privacy policy.
The user can upload his/her curriculum in the section “WORK WITH US”. These operations allow the Data Controller to acquire personal data, such as address, e-mail or telephone number, required to reply to user’s requests; and of personal data contained in the Curriculum vitae, belonging to particular “categories of data” according to art. 9 paragraph 1 of EU Regulation 679/2016.
These data will be used for the sole purpose of following up on the user’s request; if necessary, they will be processed for purposes related to contractual, tax and accounting obligations; historical billing; litigation and credit protection; fulfillment of obligations under current laws and may be disclosed to third parties only if this is necessary for this purpose.
With regard to personal data contained in the curriculum, which as anticipated may belong to “particular categories of data” (with reference to Article 9 paragraph 1 of EU Regulation 679/2016) it is necessary to provide CONSENT to data treatment, according to art. 9. Par. 2 letter a. The lack of consent prevents the Data Controller to comply with the user’s request, with the subsequent inability to evaluate the profile for a possible work collaboration.