Information notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 – WEB

With this document (‘Information Notice’), the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data and your rights under Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘GDPR’). This Policy may be supplemented by the Data Controller if any additional services requested by you require further processing.

1. Data Controller and Data Processor, DPO

The Data Controller is

DEX S.T.P. SRL

Health Director: Dr. Mintrone Francesco

Viale della Pace 16/D, 41049 SASSUOLO (MO)

VAT number: 04093080366

The Data Controller and the DPO, including through the designated structures, will take charge of your request and provide you, without undue delay and in any case no later than one month after receipt of the request, with information on the action taken in relation to your request.

We inform you that if the Data Controller has doubts about the identity of the natural person making the request, it may request further information necessary to confirm the identity of the data subject.

Categories of Data Subjects: Natural persons, legal persons, public and private organisations.

2. Processing

2.1. WEB processing

PROCESSING: WEB – BROWSING DATA

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning and is deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website.

Nature of provision: Mandatory

Consequences of refusal to provide data: Failure to provide data will make it impossible for the company to provide the web service.

Minimum data protection measures: to be specified

Personal data retention period: Your personal data will be actively processed for the duration of the first-party and third-party analytical systems.

Reference standards for processing: The legal basis for registering on the Website and providing the related services is the need to fulfil your request, in accordance with Article 6, paragraph 1, letter b) of the GDPR. Therefore, it is not necessary to obtain your prior consent to processing.

2.2. WEB processing

PROCESSING: WEB – SUBMISSION OF CURRICULUM VITAE

Through the ‘Work with us’ section of the Website, you may provide your personal data and your CV to the Data Controller in order to apply for open positions or for any future positions. Your personal data will be processed exclusively for the management of your application and related activities.

Nature of provision: Mandatory

Consequences of refusal to provide data: Failure to provide consent will make it impossible for the Data Controller to receive your CV and to carry out the activities necessary to manage your application.

Minimum data protection measures: password, firewall, antivirus, reCAPTCHA

Personal data retention period: Your personal data processed for the management of your CV will be retained for N months from receipt or from the negative outcome of a selection process, in order to be considered for any future positions.

Reference standards for processing: The legal basis for registering on the Website and providing the related services is the need to fulfil your request, in accordance with Article 6, paragraph 1, letter b) of the GDPR. Therefore, it is not necessary to obtain your prior consent to the processing.

Types of data processed:

Category

 

Type

common data

 

Professional Curriculum Vitae

common data

personal data

2.3. WEB processing

PROCESSING: WEB – COMMERCIAL NEWSLETTERS

If you wish to be updated on the latest news about the products and services offered by the Data Controller or by third-party companies, you can subscribe to our marketing initiatives by allowing the Data Controller to send you newsletters and further commercial communications.

Nature of provision: Optional

Consequences of refusal to provide data: Failure to provide data will not affect the satisfaction of your requests and the use of web services but will make it impossible for the Data Controller to send you commercial communications.

Minimum data protection measures: password, firewall, antivirus, reCAPTCHA

Personal data retention period: Your personal data will be actively processed for the time necessary to manage the existing relationship and/or execute the contract. The information collected for the evaluation of the conclusion of the contract, in case of non-completion, will be deleted within N months.

2.4. WEB processing

PROCESSING: WEB – NEWSLETTER USE OF THE SERVICE

If you wish to be updated on the latest news about the products and services offered by the Data Controller, you can subscribe to our marketing initiatives by allowing the Data Controller to send you the newsletter and further commercial communications.

Nature of provision: Optional

Consequences of refusal to provide data: Failure to provide data will not affect the satisfaction of your requests and the use of web services but will make it impossible for the Data Controller to send you commercial communications.

Minimum data protection measures: password, firewall, antivirus, reCAPTCHA

Personal data retention period: Your personal data will be processed until you decide to withdraw your consent or object to the processing.

Reference rules for processing: The legal basis for registering on the Website and providing the related services is the need to fulfil your request, in accordance with Article 6, paragraph 1, letter b) of the GDPR. Therefore, it is not necessary to obtain your prior consent to the processing.

2.5. WEB processing

PROCESSING: WEB – REQUESTS MADE THROUGH THE WEBSITE

Your personal data may be processed by the Data Controller to fulfil your requests made by writing to one of the email addresses available on the Website or by filling in the registration and/or contact forms on the Website.

Nature of provision: Mandatory

Consequences of refusal to provide data: Failure to provide the requested data will make it impossible for the Data Controller to fulfil your request.

Minimum data protection measures: password, firewall, antivirus, reCAPTCHA

Personal data retention period: The data collected for this purpose will be processed for the time strictly necessary to fulfil your request and subsequently stored for 10 years after the request has been fulfilled.

Reference rules for processing: The legal basis for the processing is the need to fulfil your request, in accordance with Article 6, paragraph 1, letter b) of the GDPR. Therefore, it is not necessary to obtain your prior consent to the processing.

3. Cookie Policy:

3.1. Extended Cookie Policy:

On this website, we use technologies to collect information that is useful for improving your online experience.

This policy refers to the use of cookies and how they can be managed.

We reserve the right to change this policy at any time. Any changes to this policy will take effect from the date of publication on the Website.

Cookies are small text files that the websites visited by the user send to their terminal (usually to the browser), where they are stored before being re-transmitted to the same websites on the next visit by the same user.

While browsing a website, the user may also receive cookies on their terminal that are sent from different websites or web servers (so-called ‘third parties’), on which certain elements (such as images, maps, sounds, specific links to pages of other domains) present on the website being visited may reside.

Cookies, which are usually present in large numbers in users’ browsers and sometimes with long-lasting characteristics, are used for different purposes: performing computer authentication, monitoring sessions, storing information on specific configurations relating to users accessing the server, etc.

In order to achieve proper regulation of these devices, it is necessary to distinguish between them, given that there are no technical characteristics that differentiate them from each other based on the purposes pursued by those who use them.

  • FIRST-PARTY cookies, technical (session) persistent
  • Technical cookies are those used for the sole purpose of ‘carrying out the transmission of a communication on an electronic communications network, or as strictly necessary for the provider of a web service explicitly requested by the user to provide that service’. They are not used for other purposes and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies, which guarantee normal navigation and use of the website (allowing, for example, a purchase to be made or authentication to access restricted areas). This website uses persistent first-party technical cookies.
  • FIRST-PARTY cookies, analytical
  • Analytical cookies, also known as ‘analytics’, allow detailed statistics to be compiled about visitors to a website, such as the pages viewed, the number of visitors, the time spent on the site and how they arrived there. Analytics cookies are similar to technical cookies when used directly by the site operator to collect information in aggregate form about the number of users and how they visit the site. This website uses first-party analytical cookies.
  • FIRST-PARTY COOKIES, PROFILING
  • Profiling cookies are designed to create user profiles and are used to send advertising messages in line with the preferences expressed by the user when browsing the web. Due to the particular invasiveness that these devices may have in the private sphere of users, this site may share this information with other parties, such as advertisers. European and Italian legislation provides that you may refuse consent to the use of these cookies. This site uses FIRST-PART profiling cookies.
  • THIRD-PARTY cookies, analytical
  • Analytical cookies, also known as “analytics”, allow detailed statistics to be compiled about visitors to a website, such as the pages viewed, the number of visitors, the time spent on the site and how they arrived there. This site uses a web analytics service provided by Google.
  • THIRD-PARTY cookies, profiling
  • In order to provide you with additional features and services on this website, we work with third parties who, independently and not directly controlled by us, may use their own cookies to collect information about your activities while browsing the pages of this website. This information may be used to provide you with advertising tailored to your interests, based on the content you have visited, or to measure the effectiveness of advertising campaigns. These cookies may be contained in various elements within the web page, such as advertising banners, images, videos, etc. A sensitive example is the presence of so-called ‘social plugins’ or ‘social sharing buttons’ of the main social networks (Facebook, Twitter, Google+ and LinkedIn), which are used to share the content of the web page on the social networks themselves. The use of data collected through third-party cookies, over which we have no control, is governed by the relevant policies, which we ask you to refer to. This website uses THIRD-PARTY profiling cookies.

Cookie management

Below is a list of the most common browsers with links to cookie management settings:

  • Internet Explorer 8 and above
  • Safari 2 or above;
  • Opera 10.5 and above;
  • FireFox 3.5 and above;
  • Google Chrome 10 and above;

Browsers provide a ‘private’ browsing mode, which, when activated, always deletes cookies after each browsing session.

Secondly, you can disable third-party profiling cookies by visiting http://www.youronlinechoices.com.

You can also disable Google Analytics analysis cookies by downloading the appropriate browser add-on to disable Google Analytics at the following web address: https://tools.google.com/dlpage/gaoptout.

Third-party cookie policy

Facebook cookie policy https://it-it.facebook.com/policies/cookies/

Google Cookie Policy https://www.google.it/intl/it/policies/technologies/cookies/

Google Cookie Policy https://www.linkedin.com/legal/cookie-policy

Twitter Cookie Policy https://twitter.com/it/privacy

Granting consent to the use of cookies

By continuing to browse from the banner containing the so-called short notice, scrolling this page or clicking on any of its elements, you consent to the use of cookies on this website and accept the cookie policy described above.

You can always withdraw your consent at any time by following the instructions in the section entitled ‘COOKIE MANAGEMENT’.

3.2. List of Web Services:

Type of Service

Description

Comment management

Application comment system

Landing Page

Instapage

Social Media Buttons and Widgets

+1 button and Google+ widget

Social Media Buttons and Widgets

LinkedIn button and widget

Social Media Buttons and Widgets

 

YouTube button and widget

Social media buttons and widgets

Facebook Like button and widget

Social media buttons and widgets

Twitter Tweet button and widget

Data collection, contact with users

Mailing list or newsletter

Data collection, contact with users

General contact form

Registration and authentication

Registration with form

Remarketing, behavioural advertising (Behavioural Marketing)

Facebook Remarketing

Remarketing, behavioural advertising (Behavioural Marketing)

Google Analytics Remarketing

Anti-spam services

Google reCAPTCHA

Hosting services and backup management

WordPress.com

Email marketing software

MailChimp

Email marketing software

MailUp

Statistics, performance

 

Google Analytics with anonymised IP

Statistics, Performance

Google Tag Manager

Statistics, Performance

Hotjar Heat Maps & Recordings

Statistics, Performance

Facebook Ads conversion tracking

Statistics, Performance

Google AdWords conversion tracking

Support, Chat, Ticket

Olark widget

WidGet

MailChimp widget

4. What rights you have as a data subject:

In relation to the processing described in this Policy, as a data subject, you may, as provided for by European Regulation 679/2016, exercise the rights set forth in Articles 15 to 21 and, in particular:

  • right of access – Article 15 of the GDPR: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where they are, to obtain access to your personal data, including a copy thereof.
  • right to rectification – Article 16 of the GDPR: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;
  • Right to erasure (right to be forgotten) – Article 17 of the GDPR: the right to obtain, without undue delay, the erasure of personal data concerning you.
  • Right to restriction of processing – Article 18 of the GDPR: the right to obtain restriction of processing where:

1. the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of the data;

2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that its use be restricted;

3. the personal data is necessary for the data subject to establish, exercise or defend a right in court;

4. the data subject has objected to the processing pursuant to Article 21 of the GDPR, pending verification of whether the legitimate grounds of the data controller override those of the data subject.

  • Right to data portability – Article 20 of the GDPR: the right to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller and the right to transmit those data to another controller without hindrance, where the processing is based on consent and is carried out by automated means. Furthermore, you have the right to have your personal data transmitted directly from the Bank to another data controller where this is technically feasible;
  • right to object – Article 21 of the GDPR: the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on the condition of lawfulness of legitimate interest or the performance of a task carried out in the public interest or in the exercise of official authority, including profiling, unless there are legitimate grounds for the Data Controller to continue the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims; you may object at any time to the processing if the personal data are processed for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing;

The above rights may be exercised by contacting the Data Controller at the above addresses.

The exercise of your rights as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the event of manifestly unfounded or excessive requests, including due to their repetitive nature, the Data Controller may charge you a reasonable fee, taking into account the administrative costs incurred in handling your request, or refuse to comply with your request.

· RIGHT OF WITHDRAWAL:

The data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

· RIGHT TO LODGE A COMPLAINT:

The data subject has the right to lodge a complaint with the Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM).

I hereby declare that I have received from the Data Controller the information on the use of my personal data and that I consent, in accordance with the privacy legislation, to the processing by the same of the special categories of personal data provided by me for the performance of the activities necessary for the activation and management of the relationships, operations and services requested by me.

Date: 04/09/2023

[cookies_revoke]