Notice to data subjects on the processing of personal data (art. 13 GDPR 2016/679)
1. REASON FOR THIS NOTICE
This page describes the processing carried out by our company on personal data relating to any type of data subject. The purpose is to illustrate the corporate policy implemented to guarantee compliance with the provisions of GDPR 2016/679 L.D. 196/2003, relevant national measures, guidelines issued by the European Data Protection Board as well as EC directives on the protection of the data of natural persons.
It is intended to provide information pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) to those who enter into any form of relationship with our company, which is represented by the following overmach.it:
The Privacy Policy of this website does not refer to other processing carried out or described as a result of browsing internet sites through links that may be present in the above mentioned website.
2. DATA CONTROLLER
The Data Controller is OVERMACH S.p.A., headquartered at Via Giuseppe Righi, 12 – 43122 Parma.
3. TYPES OF DATA PROCESSED
3.1. DATA FOR REQUESTING CONTACT, INFORMATION AND RECEIPT OF THE CATOLOGUE
The optional, explicit and voluntary provision of the personal data necessary to request contact through the forms on this website, or through any email addresses indicated on this website, results in the subsequent acquisition exclusively of the data necessary to respond to the requests sent.
| Purpose and legal basis for processing (GDPR – Art.13, par. 1, c) | These data are used exclusively for the purpose of responding to the information requests sent by filling out the forms. |
| Scope of communication (GDPR – Art.13, par. 1, e, f) | Your data will be processed only by internal staff who have been duly authorized and trained for processing (GDPR, Art.29) and they will not be disclosed to external persons, disseminated or transferred to non-EU countries. They may be disclosed to competent authorities only in the event of an investigation. |
| Processing methods (GDPR C. 39) | Personal data are processed using automated instruments, for the time strictly necessary to attain the purposes for which the data were collected. Specific security measures have been deployed in order to prevent the loss of, unlawful or unfair use of, or unauthorised access to the data. |
| Retention period (GDPR – Art.13, par. 2, a) | The data are usually stored for short periods of time, exclusively to fulfil the requests received. |
| Transfer (GDPR, Art.13, par, 2, f) | The data is provided by the data subjects on an optional basis. |
| Legal basis (GDPR – Art.6, par. 1) | The processing is necessary to fulfil the requests received, and therefore consent is expressed by filling out the forms. |
3.2.DATA FOR SUBMISSION OF APPLICATIONS
The personal data provided by data subjects voluntarily using the dedicated online form are subject to processing for purposes related to the submission of spontaneous applications for job offers.
| Purpose and legal basis for processing (GDPR – Art.13, par. 1, c) | These data are used exclusively for the purpose of assessing the application. |
| Scope of communication (GDPR – Art.13, par. 1, e, f) | Your data will be processed only by internal staff who have been duly authorized and trained for processing (GDPR, Art.29) and they will not be disclosed to external persons, disseminated or transferred to non-EU countries. |
| Processing methods (GDPR C. 39) | Your personal data will be processed by automated systems. Specific security measures have been deployed in order to prevent the loss of, unlawful or unfair use of, or unauthorised access to the data, |
| Retention period (GDPR – Art.13, par. 2, a) | Data are normally stored for the periods of time strictly necessary for fulfilling contractual or regulatory obligations. |
| Transfer (GDPR – Art.13, par. 2, f) | The data is provided by the data subjects on an optional basis. |
| Legal basis (GDPR – Art.6, par. 1) | The data are provided on an optional basis by the data subjects, and therefore consent is not required. |
3.3. DATA FOR DIRECT CLIENTS, REPRESENTATIVES OF CLIENT COMPANIES, REPRESENTATIVES OF SUPPLIER COMPANIES
The personal data provided by the above data subjects or collected during the performance of contract-related activities, derive from the need to carry out the activities organized by the parties.
| Purpose and legal basis for processing (GDPR – Art.13, par. 1, c) | Data is collected and used in order to:
|
| Scope of communication (GDPR – Art.13, par. 1, e, f) | Your data will be processed only by internal staff who have been duly authorized and trained for processing (GDPR, Art.29) and they will not be disclosed to external persons, disseminated or transferred to non-EU countries. |
| Processing methods (GDPR C. 39) | Your personal data will be processed by automated systems and on paper. Specific security measures have been deployed in order to prevent the loss of, unlawful or unfair use of, or unauthorised access to the data, |
| Retention period (GDPR – Art.13, par. 2, a) | Data are normally stored for short periods of time, as strictly needed for fulfilling contractual or regulatory obligations. |
| Transfer (GDPR – Art.13, par. 2, f) | They are requested by our company for the purposes indicated. |
| Legal basis (GDPR – Art.6, par. 1) | Processing is necessary for entering into contractual relationships and therefore consent is not required. |
3.4. DATA FOR NEWSLETTER SUBSCRIPTION
The personal data provided by the interested data subjects by voluntarily entering email addresses in the online form, will be processed for purposes connected with the sending of the newsletter.
| Purpose and legal basis for processing (GDPR – Art.13, par. 1, c) | These data are used only for the purpose of sending the newsletter. |
| Scope of communication (GDPR – Art.13, par. 1, e, f) | Your data will be processed only by internal staff who have been duly authorized and trained for processing (GDPR, Art.29) and they will not be disclosed to external persons, disseminated or transferred to non-EU countries. |
| Processing methods (GDPR C. 39) | Your personal data will be processed by automated systems. Specific security measures have been deployed in order to prevent the loss of, unlawful or unfair use of, or unauthorised access to the data, |
| Retention period (GDPR – Art.13, par. 2, a) | The data is normally stored until consent is withdrawn. |
| Transfer (GDPR – Art.13, par. 2, f) | The data is provided by the data subjects on an optional basis. |
| Legal basis (GDPR – Art.6, par. 1) | Processing is necessary for sending information, therefore consent is expressed by entering the email address to which the periodic newsletters are sent. |
3.5. BROWSING DATA
The information systems and software procedures required for the proper functioning of this site acquire, during normal operation, some personal data the transmission of which is implicit in the use of internet communication protocols. These data are not collected in order to be associated with identified data subjects, but, by their very nature, could, by being processed and associated with data held by third parties, make it possible to identify users. This category of data includes IP addresses or domain names of the computers used by the users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, request time, method used to submit the request to the server, size of the response file, numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.
| Purpose and legal basis for processing (GDPR – Art.13, par. 1, c) | These data are used only to obtain anonymous statistical information on website use and to check that is functioning properly. They are erased immediately after being processed. The data may be used to ascertain liability in the event that any cybercrime against the website. |
| Scope of communication (GDPR – Art.13, par. 1, e, f) | Your data will be processed only by internal staff who have been duly authorized and trained for processing and will not be disclosed to external persons, disseminated or transferred to non-EU countries. They may be disclosed to competent authorities only in the event of an investigation. |
| Processing methods (GDPR C. 39) | Your personal data will be processed by automated systems. Specific security measures have been deployed in order to prevent the loss of, unlawful or unfair use of, or unauthorised access to the data, |
| Retention period (GDPR – Art.13, par. 2, a) | Data are normally retained for brief periods of time, except for possible extensions connected with investigation activities. |
| Transfer (GDPR – Art.13, par. 2, f) | Data are collected automatically from data subjects and for the above-mentioned purposes |
| Legal basis (GDPR – Art.6, par. 1). | Processing is necessary for fulfilling a legal obligation and therefore consent is not required. |
3.6. COOKIES
The description of the type of cookies used, their management and purpose are contained in the paragraph “Cookie Policy” in the document published on this website.
4. RIGHTS OF THE DATA SUBJECT (GDPR Articles 15–22)
At any time, the data subject may exercise the right to:
- ask for confirmation of the existence or otherwise of their personal data;
- obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and, where possible, the period of time for which the data will be stored;
- obtain the rectification or erasure of the data;
- obtain the restriction of the processing;
- obtain data portability, i.e. receive them from one data controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance;
- object to the processing at any time, including in the case of processing for direct marketing purposes;
- object to an automated decision-making process relating to individuals, including profiling;
- file a claim with the Italian Data Protection Supervisor.
Requests must be sent to the Data Controller by writing toinfo@overmach.it
Every effort will be made to make the functions of this site as interoperable as possible with automatic privacy control mechanisms available in some of the products utilised by users.
5. DATA PROTECTION OFFICER:
A Data Protection Officer (DPO) has not been identified as the author does not carry out processing of the data of natural persons falling within the definition of Article 37 of European Regulation GDPR 2016/679.
In view of the fact that the current level of perfection of automatic control mechanisms does not make them free from errors and malfunctions, we wish to point out that this document, published on [https://overmach .it/privacy-policy /] is the “Privacy Policy” for this website and will be subject to updates.