Information notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 – WEB
With this document (‘Information Notice’), the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data and your rights under Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘GDPR’). This Policy may be supplemented by the Data Controller if any additional services requested by you require further processing.
1. Data Controller and Data Processor, DPO
The Data Controller is
DEX S.T.P. SRL
Health Director: Dr. Mintrone Francesco
Viale della Pace 16/D, 41049 SASSUOLO (MO)
VAT number: 04093080366
The Data Controller and the DPO, including through the designated structures, will take charge of your request and provide you, without undue delay and in any case no later than one month after receipt of the request, with information on the action taken in relation to your request.
We inform you that if the Data Controller has doubts about the identity of the natural person making the request, it may request further information necessary to confirm the identity of the data subject.
Categories of Data Subjects: Natural persons, legal persons, public and private organisations.
2. Processing
2.1. WEB processing
PROCESSING: WEB – BROWSING DATA
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning and is deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website.
Nature of provision: Mandatory
Consequences of refusal to provide data: Failure to provide data will make it impossible for the company to provide the web service.
Minimum data protection measures: to be specified
Personal data retention period: Your personal data will be actively processed for the duration of the first-party and third-party analytical systems.
Reference standards for processing: The legal basis for registering on the Website and providing the related services is the need to fulfil your request, in accordance with Article 6, paragraph 1, letter b) of the GDPR. Therefore, it is not necessary to obtain your prior consent to processing.
2.2. WEB processing
PROCESSING: WEB – SUBMISSION OF CURRICULUM VITAE
Through the ‘Work with us’ section of the Website, you may provide your personal data and your CV to the Data Controller in order to apply for open positions or for any future positions. Your personal data will be processed exclusively for the management of your application and related activities.
Nature of provision: Mandatory
Consequences of refusal to provide data: Failure to provide consent will make it impossible for the Data Controller to receive your CV and to carry out the activities necessary to manage your application.
Minimum data protection measures: password, firewall, antivirus, reCAPTCHA
Personal data retention period: Your personal data processed for the management of your CV will be retained for N months from receipt or from the negative outcome of a selection process, in order to be considered for any future positions.
Reference standards for processing: The legal basis for registering on the Website and providing the related services is the need to fulfil your request, in accordance with Article 6, paragraph 1, letter b) of the GDPR. Therefore, it is not necessary to obtain your prior consent to the processing.
Types of data processed:
Category
Type
common data
Professional Curriculum Vitae
common data
personal data
2.3. WEB processing
PROCESSING: WEB – COMMERCIAL NEWSLETTERS
If you wish to be updated on the latest news about the products and services offered by the Data Controller or by third-party companies, you can subscribe to our marketing initiatives by allowing the Data Controller to send you newsletters and further commercial communications.
Nature of provision: Optional
Consequences of refusal to provide data: Failure to provide data will not affect the satisfaction of your requests and the use of web services but will make it impossible for the Data Controller to send you commercial communications.
Minimum data protection measures: password, firewall, antivirus, reCAPTCHA
Personal data retention period: Your personal data will be actively processed for the time necessary to manage the existing relationship and/or execute the contract. The information collected for the evaluation of the conclusion of the contract, in case of non-completion, will be deleted within N months.
2.4. WEB processing
PROCESSING: WEB – NEWSLETTER USE OF THE SERVICE
If you wish to be updated on the latest news about the products and services offered by the Data Controller, you can subscribe to our marketing initiatives by allowing the Data Controller to send you the newsletter and further commercial communications.
Nature of provision: Optional
Consequences of refusal to provide data: Failure to provide data will not affect the satisfaction of your requests and the use of web services but will make it impossible for the Data Controller to send you commercial communications.
Minimum data protection measures: password, firewall, antivirus, reCAPTCHA
Personal data retention period: Your personal data will be processed until you decide to withdraw your consent or object to the processing.
Reference rules for processing: The legal basis for registering on the Website and providing the related services is the need to fulfil your request, in accordance with Article 6, paragraph 1, letter b) of the GDPR. Therefore, it is not necessary to obtain your prior consent to the processing.
2.5. WEB processing
PROCESSING: WEB – REQUESTS MADE THROUGH THE WEBSITE
Your personal data may be processed by the Data Controller to fulfil your requests made by writing to one of the email addresses available on the Website or by filling in the registration and/or contact forms on the Website.
Nature of provision: Mandatory
Consequences of refusal to provide data: Failure to provide the requested data will make it impossible for the Data Controller to fulfil your request.
Minimum data protection measures: password, firewall, antivirus, reCAPTCHA
Personal data retention period: The data collected for this purpose will be processed for the time strictly necessary to fulfil your request and subsequently stored for 10 years after the request has been fulfilled.
Reference rules for processing: The legal basis for the processing is the need to fulfil your request, in accordance with Article 6, paragraph 1, letter b) of the GDPR. Therefore, it is not necessary to obtain your prior consent to the processing.
3. Cookie Policy:
3.1. Extended Cookie Policy:
On this website, we use technologies to collect information that is useful for improving your online experience.
This policy refers to the use of cookies and how they can be managed.
We reserve the right to change this policy at any time. Any changes to this policy will take effect from the date of publication on the Website.
Cookies are small text files that the websites visited by the user send to their terminal (usually to the browser), where they are stored before being re-transmitted to the same websites on the next visit by the same user.
While browsing a website, the user may also receive cookies on their terminal that are sent from different websites or web servers (so-called ‘third parties’), on which certain elements (such as images, maps, sounds, specific links to pages of other domains) present on the website being visited may reside.
Cookies, which are usually present in large numbers in users’ browsers and sometimes with long-lasting characteristics, are used for different purposes: performing computer authentication, monitoring sessions, storing information on specific configurations relating to users accessing the server, etc.
In order to achieve proper regulation of these devices, it is necessary to distinguish between them, given that there are no technical characteristics that differentiate them from each other based on the purposes pursued by those who use them.
- FIRST-PARTY cookies, technical (session) persistent
- Technical cookies are those used for the sole purpose of ‘carrying out the transmission of a communication on an electronic communications network, or as strictly necessary for the provider of a web service explicitly requested by the user to provide that service’. They are not used for other purposes and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies, which guarantee normal navigation and use of the website (allowing, for example, a purchase to be made or authentication to access restricted areas). This website uses persistent first-party technical cookies.
- FIRST-PARTY cookies, analytical
- Analytical cookies, also known as ‘analytics’, allow detailed statistics to be compiled about visitors to a website, such as the pages viewed, the number of visitors, the time spent on the site and how they arrived there. Analytics cookies are similar to technical cookies when used directly by the site operator to collect information in aggregate form about the number of users and how they visit the site. This website uses first-party analytical cookies.
- FIRST-PARTY COOKIES, PROFILING
- Profiling cookies are designed to create user profiles and are used to send advertising messages in line with the preferences expressed by the user when browsing the web. Due to the particular invasiveness that these devices may have in the private sphere of users, this site may share this information with other parties, such as advertisers. European and Italian legislation provides that you may refuse consent to the use of these cookies. This site uses FIRST-PART profiling cookies.
- THIRD-PARTY cookies, analytical
- Analytical cookies, also known as “analytics”, allow detailed statistics to be compiled about visitors to a website, such as the pages viewed, the number of visitors, the time spent on the site and how they arrived there. This site uses a web analytics service provided by Google.
- THIRD-PARTY cookies, profiling
- In order to provide you with additional features and services on this website, we work with third parties who, independently and not directly controlled by us, may use their own cookies to collect information about your activities while browsing the pages of this website. This information may be used to provide you with advertising tailored to your interests, based on the content you have visited, or to measure the effectiveness of advertising campaigns. These cookies may be contained in various elements within the web page, such as advertising banners, images, videos, etc. A sensitive example is the presence of so-called ‘social plugins’ or ‘social sharing buttons’ of the main social networks (Facebook, Twitter, Google+ and LinkedIn), which are used to share the content of the web page on the social networks themselves. The use of data collected through third-party cookies, over which we have no control, is governed by the relevant policies, which we ask you to refer to. This website uses THIRD-PARTY profiling cookies.
Cookie management
Below is a list of the most common browsers with links to cookie management settings:
- Internet Explorer 8 and above
- Safari 2 or above;
- Opera 10.5 and above;
- FireFox 3.5 and above;
- Google Chrome 10 and above;
Browsers provide a ‘private’ browsing mode, which, when activated, always deletes cookies after each browsing session.
Secondly, you can disable third-party profiling cookies by visiting http://www.youronlinechoices.com.
You can also disable Google Analytics analysis cookies by downloading the appropriate browser add-on to disable Google Analytics at the following web address: https://tools.google.com/dlpage/gaoptout.
Third-party cookie policy
Facebook cookie policy https://it-it.facebook.com/policies/cookies/
Google Cookie Policy https://www.google.it/intl/it/policies/technologies/cookies/
Google Cookie Policy https://www.linkedin.com/legal/cookie-policy
Twitter Cookie Policy https://twitter.com/it/privacy
Granting consent to the use of cookies
By continuing to browse from the banner containing the so-called short notice, scrolling this page or clicking on any of its elements, you consent to the use of cookies on this website and accept the cookie policy described above.
You can always withdraw your consent at any time by following the instructions in the section entitled ‘COOKIE MANAGEMENT’.
3.2. List of Web Services:
Type of Service
Description
Comment management
Application comment system
Landing Page
Instapage
Social Media Buttons and Widgets
+1 button and Google+ widget
Social Media Buttons and Widgets
LinkedIn button and widget
Social Media Buttons and Widgets
YouTube button and widget
Social media buttons and widgets
Facebook Like button and widget
Social media buttons and widgets
Twitter Tweet button and widget
Data collection, contact with users
Mailing list or newsletter
Data collection, contact with users
General contact form
Registration and authentication
Registration with form
Remarketing, behavioural advertising (Behavioural Marketing)
Facebook Remarketing
Remarketing, behavioural advertising (Behavioural Marketing)
Google Analytics Remarketing
Anti-spam services
Google reCAPTCHA
Hosting services and backup management
WordPress.com
Email marketing software
MailChimp
Email marketing software
MailUp
Statistics, performance
Google Analytics with anonymised IP
Statistics, Performance
Google Tag Manager
Statistics, Performance
Hotjar Heat Maps & Recordings
Statistics, Performance
Facebook Ads conversion tracking
Statistics, Performance
Google AdWords conversion tracking
Support, Chat, Ticket
Olark widget
WidGet
MailChimp widget
4. What rights you have as a data subject:
In relation to the processing described in this Policy, as a data subject, you may, as provided for by European Regulation 679/2016, exercise the rights set forth in Articles 15 to 21 and, in particular:
- right of access – Article 15 of the GDPR: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where they are, to obtain access to your personal data, including a copy thereof.
- right to rectification – Article 16 of the GDPR: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;
- Right to erasure (right to be forgotten) – Article 17 of the GDPR: the right to obtain, without undue delay, the erasure of personal data concerning you.
- Right to restriction of processing – Article 18 of the GDPR: the right to obtain restriction of processing where:
1. the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of the data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that its use be restricted;
3. the personal data is necessary for the data subject to establish, exercise or defend a right in court;
4. the data subject has objected to the processing pursuant to Article 21 of the GDPR, pending verification of whether the legitimate grounds of the data controller override those of the data subject.
- Right to data portability – Article 20 of the GDPR: the right to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller and the right to transmit those data to another controller without hindrance, where the processing is based on consent and is carried out by automated means. Furthermore, you have the right to have your personal data transmitted directly from the Bank to another data controller where this is technically feasible;
- right to object – Article 21 of the GDPR: the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on the condition of lawfulness of legitimate interest or the performance of a task carried out in the public interest or in the exercise of official authority, including profiling, unless there are legitimate grounds for the Data Controller to continue the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims; you may object at any time to the processing if the personal data are processed for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing;
The above rights may be exercised by contacting the Data Controller at the above addresses.
The exercise of your rights as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the event of manifestly unfounded or excessive requests, including due to their repetitive nature, the Data Controller may charge you a reasonable fee, taking into account the administrative costs incurred in handling your request, or refuse to comply with your request.
· RIGHT OF WITHDRAWAL:
The data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
· RIGHT TO LODGE A COMPLAINT:
The data subject has the right to lodge a complaint with the Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM).
I hereby declare that I have received from the Data Controller the information on the use of my personal data and that I consent, in accordance with the privacy legislation, to the processing by the same of the special categories of personal data provided by me for the performance of the activities necessary for the activation and management of the relationships, operations and services requested by me.
Date: 04/09/2023
[cookies_revoke]