Privacy Policy pursuant to Article 13 of Regulation (EU) 2016/679

As required by General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation"), this page describes how the personal browsing data of users consulting the following website and using the following iOS and Android apps are processed:

• https://www.gieffe.it/
• GIEFFE READY APP (iOS – APPLE STORE)
• GIEFFE READY APP (ANDROID – GOOGLE PLAY)

The Company Martek S.r.l. - P. IVA 06006020017 (hereinafter, for brevity, "The Company") in its capacity as the Data Controller of Personal Data (or "the Controller") pursuant to Article 13 of EU Regulation 679/2016 - General Data Protection Regulation ("Regulation" or "GDPR") and the Italian Privacy law amended by D.Lgs. 101/2018, in compliance with the obligations dictated by the legislator to protect privacy, wishes to inform you in advance, both of the use of your Personal Data, and of your rights, by communicating you the following specifications.

1. Identity and contact details of the Data Controller

The Data Controller is the company Martek S.r.l. with registered office in via della Masolina n. 22, 10040 Piobesi Torinese (TO) - Italy. The following contact details are provided for interested parties: contact e-mail privacy@gieffe.it, telephone: (+39) 011 7606861.

2. Personal data processed

The Controller may process the following personal data of users:

• a) navigation data collected automatically by the platform: the computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data is used solely for the purpose of obtaining anonymous statistical information on the use of the website and to check that it is functioning correctly, and is not, nor will it under any circumstances, be used by the Data Controller to carry out profiling activities;
• b) user login data where the e-mail serves as 'user ID' and the password is defined by the user;
• c) personal and contact data for registration in the restricted user area (name, surname, e-mail address, telephone number);
• d) the user's personal and contact data to request a business contact (first name, surname, e-mail, postal address, landline and mobile telephone number);
• e) personal and contact data, including personal data included in the personal and professional CVs of users wishing to self-apply.

3. Purpose of processing, legal basis

The Personal Data provided by the Data Subject via the website are collected and processed for the following purposes:

• a) To verify the proper functioning of the website, to ensure the security of the pages, to optimise the user experience and to collect anonymous statistical information on the use and interaction of users with the website; the legal basis is the legitimate interest of the data controller (Article 6(1)(f) GDPR);
• b) to enable the user to register in the reserved area of the website and access specific content such as, for example, product catalogues: the legal basis is the execution of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) GDPR);
• c) Handling of requests via contact forms: the legal basis is the execution of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) GDPR);
• d) Selection and evaluation of self-applied candidates: the legal basis is the legitimate interest of the holder as well as the execution of pre-contractual measures (Article 6(1)(b) and (f) GDPR).

4. Nature of data provision

The provision of personal data through our website takes place in different ways, each with specific purposes and legal bases that justify the processing of the data provided by users. Below, we outline the different situations in which personal data may be collected, highlighting the compulsory or optional nature of their provision and the consequences of not providing them.

a) Operation and Security of the Website

The provision of personal data collected automatically to verify the proper functioning of the website, ensure its security, optimise the user experience and collect anonymous statistical information on the use of the website is based on the legitimate interest of the data controller (Article 6(1)(f) GDPR). This collection takes place automatically and its nature is implicit in the use of Internet communication protocols; therefore, explicit consent of the user is not required.

b) Registration to the Reserved Area

With regard to the User registration in the reserved area of the website and access to specific content, such as product catalogues, the provision of data is necessary for the execution of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) GDPR). Failure to provide this data will make it impossible for the user to register in the reserved area and access the services offered through this registration.

c) Management of Requests via Contact Forms

The sending of personal data via the contact form, for the handling of user requests, is based on the execution of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) GDPR). The provision of this data is optional, but necessary to obtain a response to the requests sent. Without this data, it would not be possible to provide the support or information requested by the user.

d) Self-applications

For self-applications, the processing of data is based on both the legitimate interest of the data controller and the execution of pre-contractual measures (Articles 6(1)(b) and (f) GDPR). The provision of data is optional, but it is essential in order to be able to assess the application of the data subject. Failure to provide the data requested in the CV or application forms will make it impossible to assess the data subject for possible job opportunities.

In any event, the Data Controller undertakes to process the personal data provided by users in compliance with the regulations in force on the protection of personal data, ensuring maximum confidentiality and security.

5. Recipients of personal data

Personal data collected and processed exclusively for the purposes specified above may be communicated and processed, in compliance with applicable law, to:

• a) Internal personnel such as employees or contractors of the company operating the app or website, who need access to the data to perform tasks related to the operation, maintenance, and support of the app or website. This includes, for example, IT staff and customer support staff.
• b) Providers of Hosting Services for the application / website.
• c) External service providers that support the company in various business functions, such as software development, data analysis, marketing, customer communication management, legal and accounting services. These providers process data according to company instructions and are bound by confidentiality and data protection agreements.
• d) Regulatory Authorities and Supervisory Bodies.

6. Data transfer to third countries

Should it be necessary, for technical and/or operational reasons, to make use of subjects located outside the European Union, we hereby inform you that such subjects will be appointed as Data Processors pursuant to art. 28 of the Regulation or as Joint Data Processors pursuant to art. 26 of the Regulation and the transfer of Personal Data to such subjects, limited to the performance of specific Processing activities, will be regulated in compliance with Title V of the Regulation. Therefore, all necessary precautions will be taken in order to guarantee the most complete protection of the Personal Data of the Data Subject, basing such processing: a) on adequacy decisions expressed by the European Commission; b) on adequate safeguards expressed by the third-party recipient pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules. In any case, you may request further details from the Data Controller if your data is processed outside the European Union by requesting evidence of the specific guarantees adopted.

7. Processing methods and data retention period

The data collected will be processed by means of electronic, computerised and telematic instruments, or by manual processing with logic strictly related to the purposes for which the Personal Data were collected and, in any case, in such a way as to guarantee their security.

The retention period for personal data depends on the category of data and the purpose of processing:

• a) Browsing Data: This data is generally kept for a short period, typically no longer than six months, except in the case of the investigation of computer crimes against the website, which may require it to be kept for a longer period as ordered by the judicial authorities.
• b) User login data: This data is retained as long as the account remains active. The user may request deletion of their account at any time, after which the data will be removed within a reasonable period of 30 days, unless it needs to be retained for further periods imposed by legal obligations.
• c) Personal and contact data for registration in the reserved area and for business contact requests: This data is generally retained for the duration of the relationship with the data subject. The user may request the deletion of his or her data and account at any time, after which the data will be removed within a reasonable period of 30 days, unless it needs to be retained for further periods imposed by legal obligations.
• d) Data entered in CV for self-applications: These data are kept for a period of six months, after which, if there are no compatible employment opportunities, the data can be deleted or renewal of consent for further storage required.

8. Profiling

The data controller does not use automated processes for profiling purposes.

9. Cookies and similar technologies

When browsing the website, technical information is collected concerning the hardware and software used by visitors. This information does not provide the personal data of the interested party, but only technical/informational data that is used in an aggregate and anonymous manner for the sole purpose of improving the quality of the service and providing statistics regarding the use of the Website. For further information, please consult the cookie policy.

10. Links to other websites and social media

Our Platform may, from time to time, contain external links from our advertisers and affiliate partners. If you follow a link to any of these websites, you should remember that these websites have their own privacy practices and that we do not accept any responsibility or liability for these policies. We request that you consult the privacy statements of these websites before giving your consent to the processing of your Personal Data.

11. Data subject's rights concerning data processing

The data subject may exercise his or her rights under the applicable legislation on the protection of Personal Data, including the right to:

• a) receive confirmation of the existence of their Personal Data and access to their content (access rights);
• b) update, amend and/or correct their Personal Data (right of rectification);
• c) request the deletion or restriction of Data processed in breach of the law, including Data whose retention is not necessary for the purposes for which the Data were collected or otherwise processed (right to be forgotten and right to limitation);
• d) object to processing based on legitimate interest (right to object);
• e) file a complaint with the Supervisory Authority in the event of a breach of the rules on the protection of Personal Data;
• f) receive a copy of the Data in electronic format concerning him/her and request that such Data could be transmitted to another data controller (right to Data portability).

To exercise these rights, you may at any time make a specific request to the Controller by sending an e-mail to privacy@gieffe.it. Before responding to the request, we may ask the Data Subject for details to verify personal identity. The request will be answered by the Controller within fifteen (15) days.

12. Changes to the Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on this page. If appropriate, we will notify users or ask them to provide consent. Please check this page often for updates or changes to our Privacy Policy.

Last updated 10 April 2024