Information on the processing of personal data pursuant to art. 13 and 14 of EU Regulation 679/2016
We hereby inform you that, pursuant to art. 13 and 14 of EU Regulation 679/2016 (hereinafter 'GDPR'), your data given to us through the use of the website www.morseletto.com (hereinafter, also just "Site") will be treated as follows, in compliance with the principles of correctness, lawfulness, transparency and the protection of your privacy and your rights. This information provides the user (Data subject) with any further information necessary to ensure correct and transparent processing, in relation to the specific context in which the personal data are collected and subsequently processed.
This information is provided only for the Site and the subdomains related to it and not for third-party websites accessible through hyperlinks (links) contained on the Site, for which the Data Controller is in no way responsible. For these treatments, independent information must be provided by the respective owners.
The Data Controller is Laboratorio Morseletto srl
Via Dell’Economia, 97 - Vicenza
VAT number 00151160249
Telephone: 0444 563155
Data Protection Officer (DPO)
Name and surname, e-mail: Mirco Giorgi, firstname.lastname@example.org
Purpose of the treatment
monitor the technical operation and performance of the site, allow technical assistance and maintenance and, in general, the activities instrumental to ensure the proper functioning of the Site
obtain statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc ...)
respond to requests sent by email or by filling out the online form
Evaluate the application by filling in the form work with us and sending the curriculum vitae for the establishment of an employment relationship
Legal basis of the processing
For the purposes indicated in points 1) and 2) the LEGAL BASIS is Legitimate interest art. 6 lett. f) and recital 47: the processing is necessary for the pursuit of the legitimate interest of the data controller or of third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, taking into account the reasonable expectations nurtured by the data subject based on his relationship with the data controller. Activities strictly necessary for the operation of the site and the provision of the navigation service on the platform.
For the purpose 3) the LEGAL BASIS is the execution of pre-contractual measures also adopted at the request of the interested party: the optional, explicit and voluntary sending of messages to the contact addresses, as well as the compilation and forwarding of the present Contact Form on the Site, involve the acquisition of the sender's contact data, necessary to respond / manage requests, as well as all personal data included in communications.
For purpose 4) the LEGAL BASIS is consent: the evaluation of the candidacy requires specific free and informed consent, if it is denied we will be unable to take it into consideration.
In addition to the Data Controller, other subjects involved in the organization (appointed personnel) or external subjects (third party technical service providers, hosting providers) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data. The updated list of Managers can always be requested from the Data Controller.
In no case will personal data be communicated, disseminated, sold or otherwise transferred to third parties for illegal purposes and, in any case, without providing suitable information to the interested parties and obtaining their consent, where required by law. Any communication of data at the request of the judicial or public security authority remains unaffected, in the manner and in the cases provided for by law.
The treatment will be carried out using paper and / or IT tools, also by means of authorized subjects, who operate under the direct authority and according to the instructions given by the Data Controller, with logic strictly related to the purposes indicated and, in any case, in order to guarantee the security and confidentiality of the data processed.
The processing operations are carried out in such a way as to guarantee the security of data and systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data, of unauthorized access, of treatment that is not permitted or does not comply with the purposes indicated in this information. In particular, the Site uses the HTTPS protocol for server authentication and encryption of the communication channel. The security measures adopted, however, do not allow for the absolute exclusion of the risks of interception or compromise of personal data transmitted with telematic tools. It is therefore recommended to verify that the device used by the user is equipped with adequate software systems for the protection of the telematic transmission of data, both inbound and outbound (such as, for example, updated antivirus systems, firewalls and filters antispam).
Data transfer abroad
Personal data will not be transferred abroad, to countries or international organizations not belonging to the European Union that do not guarantee an adequate level of protection, recognized, pursuant to art. 45 GDPR, based on an adequacy decision of the EU Commission. In the event that it is necessary for the provision of the Site's services, the transfer of personal data to countries or international organizations outside the EU, for which the Commission has not adopted any adequacy decision pursuant to art. 45 GDPR, will take place only in the presence of adequate guarantees provided by the recipient country or organization, pursuant to art. 46 GDPR and provided that the data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision by the Commission, pursuant to art. 45 GDPR, or adequate guarantees, pursuant to art. 46 of the GDPR, including the binding corporate rules, the cross-border transfer will take place only if one of the conditions indicated in art. 49 GDPR.
Data categories and retention period
The data processed can be:
a) Navigation data
Browsing data, collected automatically, exclusively for the purpose of obtaining aggregate statistical information relating to the use of the Site (including, by way of example, IP addresses, browsing times, geographic data and other parameters relating to the operating system and computer environment of the user); such information could also through processing and / or associations with other data, held by the provider or by third parties, allow to trace the user's identity; the navigation data are not, nor will in any case be used by the Data Controller to perform user profiling activities, nor will they be disclosed or communicated to third parties;
c) Data provided voluntarily by users / visitors
If by connecting to this site you decide to send your personal data (for example: name, surname, email address, telephone) to access certain services, or, to make requests via e-mail, the Data Controller will process such data to respond to your request. , in accordance with this information. The data provided by the user may be acquired and stored by the Data Controller, in electronic form, for the purposes related to their collection through the Site and will not be used for profiling or direct marketing activities. The optional and voluntary sending of e-mail messages to the addresses indicated on the Site, in particular, involves the acquisition and consequent processing of the sender's address and any other personal data present in the message, to the extent necessary to provide reply to the requests of the interested party.
DATA RETENTION PERIOD: 1 year for contacts
d) data relating to the application (contact details, identification and residence data, academic curriculum and work experience)
DATA STORAGE PERIOD: for a maximum of 1 year from their receipt, after which they will be deleted
The data could be processed for further times than those indicated to manage any disputes.
Interested parties may exercise certain rights with reference to the Data processed by the Data Controller. In particular, you have the right to:
access your data: you have the right to obtain information on the data processed by the owner, on certain aspects of the processing and to receive a copy of the data processed.
verify and request rectification: you can verify the correctness of your data and request its updating or correction.
obtain the cancellation or removal of your Personal Data: when certain conditions are met, you can request the cancellation of their data by the Data Controller.
revoke the consent at any time: you can revoke the consent to the processing of your Personal Data previously expressed.
object to the processing of your data: you can object to the processing of your data when it occurs on a legal basis other than consent.
obtain the limitation of processing: when certain conditions are met, you can request the limitation of the processing of your data.
obtain data portability: you have the right to receive your data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to obtain its transfer without obstacles to another owner. This provision is applicable when the Data is processed with automated tools and the processing is based on consent, on a contract to which you are a party or on contractual measures connected to it.
propose a complaint: you can lodge a complaint with the competent personal data protection supervisory authority or act in court.
Details on the right to object
When Personal Data is processed in the public interest, in the exercise of public authority vested in the Data Controller or to pursue a legitimate interest of the Data Controller, you have the right to object to the processing for reasons related to your particular situation.
Please note that, if your data are processed for direct marketing purposes, you can object to the processing without providing any reasons.
How to exercise your rights
To exercise your rights, you can direct a request to the contact details of the Data Controller indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.
The interested party may use, for the exercise of his rights, non-profit bodies, organizations or associations, whose statutory objectives are of public interest and which are active in the field of protection of the rights and freedoms of the interested parties with regard to to the protection of personal data, giving, for this purpose, a suitable mandate. The interested party may also be assisted by a trusted person.
To find out about their rights, propose a complaint / report / appeal and always be updated on the legislation on the protection of individuals with regard to the processing of personal data, the interested party can contact the Guarantor Authority for the protection of personal data, by consulting the website at http://www.garanteprivacy.it/.