POLICY PURSUANT TO ART. 13 OF EU REG. 2016/679
The policy only applies to IFP EUROPE website and not to any other third party websites consulted by the user via links.
The Data Controller of the data collected through this website is IFP EUROPE S.R.L., with registered office in Via Po, 1, 35015, Galliera Veneta (PD), firstname.lastname@example.org.
It decides autonomously on the processing purposes and methods, as well as on the security procedures to be applied to ensure data confidentiality, integrity and availability.
The specific purposes for which the data is processed are the following:
- preparation of quotations;
- erformance of contracts and related commitments;
- fulfilment of obligations provided for by laws connected with the contractual relationship;
- organisational management of the contract, e.g. relationships with employees, external contractors;
- any external professionals for the fulfilment of legal obligations;
- protection of contractual rights;
- sending CVs;
- registration on the website and use of the services provided by IFP EUROPE;
- sending the newsletter, subject to consent;
- subject to consent, sending communications for marketing purposes and commercial communications through various channels, both electronic and telematic (e-mail, text) as well as traditional (post, telephone). Please note that, as provided for by art. 130(4) of Italian Legislative Decree 196/2003, the controller may use the data to send e-mail advertising about its products and services, similar to those already purchased, unless such use (“soft spam”) is refused.
DATA PROCESSING METHODS AND RETENTION
Personal data is processed mainly by electronic and telematic means.
Processing operations are carried out in such a way as to ensure the logical and physical security and confidentiality of your personal data.
The data provided will be retained for the period of time strictly necessary to achieve the purposes for which it was collected, i.e.:
- data collected for the purposes referred to in points 1 to 5: for the entire duration of the contractual relationship and for a period of 10 years following the conclusion of the contract;
- data collected for the purposes referred to in point 6: for the limitation period of rights arising from the contractual relationship;
- data referring to CVs: for 24 months;
- data of registered users referred to in point 8: until the request for deletion of the same;
- data relating to the management of requests of the data subject referred to in point 8: for the time necessary to satisfy the request of the data subject;
- data collected for sending the newsletter and for marketing purposes referred to points 9 and 10: until exercise of the right to object and in any case for 2 years from the last interaction of the data subject.
MANDATORY OR OPTIONAL NATURE OF DATA PROVISION AND LEGAL BASIS (CONDITION OF LAWFULNESS)
The provision of personal data to IFP EUROPE, requested in the various moments of collection, may be mandatory or optional.
In the case of the purposes indicated in points 1 to 6, provision of data is mandatory and failure to do so will make it impossible to execute the request.
For the purpose indicated in point 7, provision is mandatory, otherwise, in its absence, the application cannot be taken into consideration;
On the other hand, for the purposes indicated in points 9 and 10, provision is optional. It must be noted that in certain cases (not concerning the ordinary management of this website), the Authority may request information pursuant to article 157 of Italian Legislative Decree 196/2003, for the purpose of monitoring the processing of personal data. In these cases, a reply is mandatory under penalty of a fine.
The legal basis and/or condition of lawfulness of processing is the following:
- the contract for the purposes indicated in points 1, 2 and 4;
- fulfilment of a legal obligation for the purposes indicated in points 3 and 5;
- legitimate interest for the purpose indicated in point 6;
- consent for the purposes indicated in points 7, 8, 9 and 10.
SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA
The data may be communicated to:
- all those to whom the right of access to such data is recognised by virtue of regulatory provisions;
- our collaborators and employees, within the scope of their duties, as persons in charge of processing the data provided by you;
- adequately selected third parties with experience, capability and reliability, which provide suitable guarantees of full compliance with current provisions regarding processing, including the data security profile. These third parties have been appointed as “data processors” and carry out their activities according to the instructions provided by IFP EUROPE.
- banks for the management of payments and receipts;
- tax authorities and other public companies or bodies in fulfillment of regulatory obligations;
- companies and professionals to which the controller makes recourse;
- companies and professionals to which the Customer makes recourse, for particular services and always at the Customer’s request;
- contractors and self-employed workers working on behalf of IFP EUROPE S.R.L.
TYPES OF DATA PROCESSED
Common data required to enter into contracts or use the services provided by IFP EUROPE.
The optional, voluntary and explicit sending of electronic mail to the addresses indicated in the various access channels of the Website and the compilation of any forms specifically made available entails the subsequent acquisition of the address and data of the sender/user, necessary to respond to requests made and/or provide the requested service.
The IT systems and the software procedures for the functioning of this website acquire, during normal exercise, various personal data, of which transmission is implicit when using Internet communication protocols.
This information is not collected to be associated with identified data subjects, but given its nature it could allow for identifying users when processed and associated with data kept by others.
This category of data includes IP addresses or domain names of computers used by users who connect to the website and other parameters relating to the user’s operating system and computer environment.
This data is only used to obtain statistical information on the use of the website and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website: except for this possibility, data on web contacts currently do not persist for more than months.
IFP EUROPE has adopted adequate security measures in order to minimise the risks of destruction or loss – even accidental – of data, unauthorised access or processing that is not allowed or is not in accordance with the collection purposes indicated.
RIGHTS OF DATA SUBJECTS pursuant to arts. 15, 16, 17 18, 20, 21 and 22 of EU REG. 2016/679
We hereby inform you that in your capacity as data subject, in addition to the right to lodge a complaint with a supervisory authority, you have the rights listed below, which you may assert by making a specific request to the Data Controller.
- Art. 15 – Right of access
The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her is being processed and, if so, obtain access the personal data and the information being processed
- Art. 16 – Right of rectification
The data subject has the right to obtain from the Data Controller the rectification of any incorrect personal data concerning him/her without undue delay. With regard to the processing purposes, the data subject has the right to obtain the integration of any incomplete personal data, also by providing a supplementary declaration.
- Art. 17 – Right to erasure (right to be forgotten)
The data subject has the right to obtain from the Data Controller the erasure of personal data concerning him/her without undue delay and it is mandatory for the Data Controller to erase the personal data without undue delay.
- Art. 18 – Right to restriction of processing
The data subject has the right to obtain from the Data Controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for the period necessary for the Data Controller to verify the accuracy of such personal data;
- the processing is unlawful and the data subject objects to erasure of the personal data and instead requests restriction of its use;
- the Data Controller no longer needs the personal data for the processing purposes, but it is required by the data subject to establish, exercise or defend a right in court;
- the data subject has objected to processing pursuant to article 21(1), pending verification of whether the legitimate grounds of the Data Controller override those of the data subject.
- Art. 20 the right to Data portability
The data subject has the right to receive the personal data concerning him/her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit such data to another Data Controller without hindrance from the Data Controller to which it was provided.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible.
- Art. 21 – Right of objection
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to article 6(1)(e) or (f), including profiling on the basis of such provisions.
- Art. 22 – Right not to be subjected to automated decision-making, including profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.
Withdrawal of consent to processing
You also have the right to withdraw your consent to the processing of your personal data.
At the end of this operation, your personal data will be removed from the archives as soon as possible.
If you wish to have further information on the processing of your personal data, or to exercise the rights referred to above, you can write to email@example.com.
Before we can provide you with or change any information, it may be necessary to verify your identity and for you to answer a few questions. A reply will be provided as soon as possible and in any case within 30 days of the request.
Requests may also be addressed to the Data Controller by writing to:
IFP EUROPE S.R.L.
Via Po, 1
35015 – Galliera Veneta (PD) – Italy