Privacy Policy
INFORMATION EX ART 13 REG. UE 679/16 (“GDPR”) FOR THOSE WHO VISIT THE WEBSITE WWW.GRAFIKONTROL.IT
Grafikontrol S.p.A. (briefly Grafikontrol or Data Controller) processes personal data provided by the users in accordance with both European Union (GDPR) and Italian (Privacy Code) applicable rules. This policy is provided only with reference to the website www.grafikontrol.it (briefly, the Website) and does not refer to other websites eventually accessed by the user via links. We suggest you to read the privacy policies of such websites in order to check the modalities of the data processing and personal data collection used by such third parties websites.
Generally, the user may surf the Grafikontrol website www.grafikontrol.it without providing any personal information.
TYPES OF DATA PROCESSED AND PERIOD OF STORAGE
Navigation data
The computer systems and the software procedures chosen to ensure the correct functioning of this Website, may collect, in their normal use, some personal data. The transmission of such personal data is implicit in the use of communication protocols in the internet.
In this data category are enclosed: IP addresses, the computer or device domain names, the URI/URL address (Uniform Resource Identifier/Locator) of the requested resources, the time of the request, the method chosen for the submission of the request to the server, the size of the answer file, the numerical code stating the state of the answer provided from the server (success, error, etc) or other parameters referring to the system and to the informatics habitat of the user.
Such data are necessary for the use of the web services and are processed with the scope of:
– collecting statistic information on the website use (most visited pages, number of visitors, geographic areas of provenience of the users, etc.);
– controlling the correct functioning of the web services.
The navigation data are not stored for a period longer than seven days; they are deleted immediately after their aggregation (exception is made for eventual detection of criminal offences by the Authorities).
Data voluntary provided by the user
The optional, explicit and voluntary sending of email messages to the address grafikontrol@grafikontrol.it or by filling the Contact and Support Form available on the Website entails the collection of the user email address, with the scope of providing an answer to the question submitted by the user and the collection of other eventual personal data provided in the request. For more details please see the Policy Privacy applicable to the Contact and Support Form.
Data concerning curriculum spontaneously provided by the users
Personal data contained in a resum sent to the email address grafikontrol@grafikontrol.it, also by filling the Contact Form, will be processed by Grafikontrol with the only
purpose of the assessment of the candidate and the candidates’ selection process. If the outcome of the selection is negative, personal data will be deleted within seven days. As regards the data collected through the Contact Form please see the Privacy Policy applicable to the Contact Form.
Technical Data
While surfing the Website, Grafikontrol may automatically collect some technical data through cookies. Generally the Website does not make use of cookies in order to transmit personal information, neither makes use of the so-called persistent cookies of any kind, neither any users tracking system are used by the Website. For more details about the cookie policy, please check the cookie policy, which is an integral part of the present information.
SCOPE OF COMMUNICATION AND PERSONAL DATA DIFFUSION
The data may be made accessible to employees and collaborators of the Data Controller in Italy and to third party companies or other subjects in Italy and abroad (e.g.: system manager, company in charge of administration and maintenance of the Website, etc.) for the carrying out of their respective tasks. The personal data of non-EU users, provided voluntarily through the Contact Form, may be made accessible to the headquarter of Grafikontrol located in the United States (Grafikontrol North America Inc.) to take charge of the request. Grafikontrol North America Inc. will process personal data autonomously.
Moreover, Grafikontrol may communicate user’s personal data, if required to do so by law.
PLACE OF DATA PROCESSING
The personal data are stored on servers located in Italy and thus within the European Union. In any case, the Data Controller, if necessary, has the right to relocate the servers even outside the European Union. In such case, the Data Controller shall ensure that the transfer of data outside the European Union will be in accordance with the provisions of the applicable laws, on the basis of the standard contractual clauses provided by the European Commission. The personal data of non-EU users, provided voluntarily through the Contact Form and addressed to the headquarter of Grafikontrol located in the United States (Grafikontrol North America Inc.), may be stored on servers located in the United States.
OPTIONAL NATURE OF THE PROVISION OF DATA
Exception made for the processing of the navigation data, as specified above, the user is free to provide her/his personal data in order to submit her/his requests to Grafikontrol through the email address grafikontrol@grafikontrol.it , the Contact and Support Form available on the Website.
WAY OF PROCESSING, PURPOSES OF THE DATA PROCESSING AND DURATION OF DATA STORAGE
The personal data will be processed by Grafikontrol either on paper or electronically for the time strictly necessary to fulfil the purposes for which it was collected and the collection will be carried out in conformity with the principles of fairness, lawfulness and necessity. Personal data will be stored on paper and/or electronically, and/or on any other support suitable pursuant to the existing rules, provided that adequate safety measures are taken.
RIGHTS OF THE DATA SUBJECT
Being a data subject, the user is entitled to the rights provided by articles 15- 21 GDPR (in brief, right to access, right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object) and, more in details, the right:
i. to obtain confirmation as to whether or not personal data concerning the user exist, even if not recorded yet, and their disclosure in intelligible form;
ii. to obtain the indication of: a) the source and the categories of the concerned personal data; b) the purposes and methods of the processing; c) the logic applied in case of processing carried out in case of the existence of automated decision-making; d) the identity of the data controller or of the processor, if any; e) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in their capacity as representative designated in the territory of the State, as data processors or persons in charge of the data processing, in particular if recipients are in countries which are not members of the European Union or international organisations; f) when possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine such period; g) where personal data are transferred to a country outside the European Union or to an international organization, the existence of appropriate safeguards pursuant to art. 46 GDPR relating to the transfer;
iii. to obtain: a) the update, the rectification or, when interested to, the addition of data; b) the erasure, transformation into anonymous form or the blocking of the data unlawfully processed, including data the storage of which is not necessary to the purposes for which they were collected or subsequently processed; c) the confirmation that the operations mentioned under a) and b) have been notified, including their contents, to those to whom the data were disclosed or disseminated, except for the case in which such a fulfilment is impossible or involves means manifestly disproportionate to the relevant protected right;
iv. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning the user, though relevant to the purpose of their collection; b) to the processing of personal data concerning the user for the purposes of sending advertising materials or direct selling or market research or commercial communication, through the use of automatic calling systems without the intervention of an operator, by e-mail and/or through traditional marketing by phone and/or mail. In any case, you have the possibility to exercise such rights only partially. Therefore, you may decide to receive communications only through traditional methods or only automatic communications, or none of the two types of communication.
You also have the right to file a complaint with the Privacy Authority (Autorit Garante per la Protezione dei Dati Personali).
MODALITIES FOR THE EXERCISE OF THE RIGHTS
The Data Subject may at any time exercise the rights by sending either:
– a letter by registered post to Grafikontrol S.p.A., Via Ludovico D’Aragona 7, 20132 Milan
– an email to the email address privacy@grafikontrol.it
DATA CONTROLLER, DATA PROCESSOR AND PERSONS IN CHARGE OF PROCESSING
The Data Controller is Grafikontrol S.p.A., having its registered address at Via Ludovico D’Aragona 7, 20132 Milan, in the person of its legal representative, VAT number 00796010155, phone number +39 (0)2 2100951, certified electronic mail grafikontrol@pec.grafikontrol.it. The updated list of the Data Processors or Persons in Charge of the Processing with the personal data processing, if any, is kept at Grafikontrol S.p.A. and is easily accessible by sending an email to the following address: privacy@grafikontrol.it .