This informative note is addressed to all those who interact with Extrasys s.r.l and with the other companies controlled by it and/or connected to it - Extra s.r.l., Extra Cube s.r.l., Extra Magnet s.r.l., Extra Red s.r.l., Extra Smart s.r.l., Extra Vision s.r.l. , Tagmate s.r.l. (hereinafter referred to as "Gruppo Extra" or "Extra Group") - through the pages of the different websites managed from the Companies belonging to the Extra Group, such as https://www.extrasys.it, corresponding to the initial page of the official website of the Extra Group and of all the other pages linked to it (identifiable by the suffix "extrasys.it", such as, by way of non-exhaustive example, https://blog.extrasys.it) and the other websites corresponding to the commercial proposal of the Companies belonging to the Extra Group, such as, by way of non-exhaustive example, https://www.red-cloud.it.
In this page we describe the modalities of personal data processing for all the users who consult and adhere to the services on our previously described websites, and interact with our organization via web, email or any other telematic device.
1) Identity of the Data Controller.
Data Controller: the company Extrasys s.r.l., having its registered office in Pontedera (PI), Via Salvo D'Acquisto 40/P; pec: firstname.lastname@example.org hereinafter also referred to as "The Company".
Data Protection Officer: the lawyer Paolo Mascitelli, based for his role in the registered office of the Data Controller, email: email@example.com.
The company that develops and manages the portal referred to on our site, qualified and designated as responsible for data processing, is Extra Magnet s.r.l., located in Pontedera (PI), Via Salvo D'Acquisto 40/P.
The list of all data controllers is available at the company headquarters.
Extrasys s.r.l. acts on its behalf and on behalf of all the other companies controlled by Extrasys s.r.l. and/or connected to it, identified as Extra Group.
The treatment is always based on principles of lawfulness and fairness in compliance with all current regulations and appropriate security measures are adopted for data protection.
2) Purposes of data treatments.
A) Personal data that we collect via telematic/ telephone services
Such data, given prior express consent, may be employed for the purpose of sending newsletters, commercial information or advertising material or for direct sales purposes or for market research or interactive commercial communication.
All the data collected refer exclusively to the ones collected through the forms in the relevant sections of the website.
B) Personal data collected for the provision of our services
Such data, given prior express consent, may be employed for the purpose of sending newsletters, commercial information or advertising material or for direct sales purposes, i.e. for market research or interactive commercial communication.
The provision of data is necessary to achieve the aforementioned purposes and the failure to provide data would not allow the establishment of the contractual relationship. Moreover, for the treatment related to these purposes, the law does not require your consent.
C) Personal data collected through the management of CURRICULA.
The Company reserves the right to evaluate all the CVs received on spontaneous initiative or following the publication of announcements looking for potential candidates.
However, the candidates are invited to respect the following rules concerning the transmission of curricula in electronic format:
The Company will be responsible for providing appropriate information to candidates during potential interviews.
The purpose of the treatment connected to the management of the curricula will involve activities that are strictly related to the evaluation, recruitment or selection of personnel, with objectives of collaboration, temporary or permanent employment, internships or thesis.
D) Data provided voluntarily via EMAIL.
The optional, explicit and voluntary sending of e-mails to the various addresses with domain @extrasys.it (such as, by way of non-exhaustive example: firstname.lastname@example.org, email@example.com, etc.), or to the PEC addresses corresponding to the various companies of the Extra Group, involves the subsequent acquisition of the sender's address, necessary to reply to requests, as well as any other personal data included in the message.
E) Event profiles:
On occasion of our conferences, meetings, private parties, or events organized by third parties to which we could participate as sponsors or guests, we will record the specifications of the event or meeting, the date, the number of guests, the personal and contact data (email and telephone) of speakers, participants, escorts, sponsor referents, journalists.
F) Information collected from third parties
On the occasion of the organization of events or in special cases in which we intend to present the participants with entry packages or subscriptions to our services, we collect from third parties personal data and email contact details of the beneficiaries, which are guaranteed the right to cancellation.
Likewise, we may also collect personal data from social media services, in line with your settings on these services. We may add such information to those we already have in the archive and share it with others on the basis of the content of this Policy.
G) Navigation data
During their normal course of operation, the computer systems and software procedures used to operate this website will acquire some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified persons, however it could allow users to be identified, by its very nature, through processing and association with data held by third parties.
This data category includes IP addresses, or domain names of the computers used by users to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the server response status (successful, error, etc.), and other parameters pertaining to the user's operating system, and IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing (see our Cookies Policy). The data could be used to ascertain responsibility in the event of hypothetical computer crimes detrimental to the site.
3) Processing methods
The processing of your personal data is carried out through the operations indicated in art. 4 of the Privacy Code and Article 4 (2) of the GDPR, and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and erasure of data. Personal data are subjected to both paper and electronic and/or automated processing. The processing operations are carried out in such a way as to guarantee the logical, physical security and confidentiality of your personal data.
4) Nature of personal data
Your common personal data, concerning the carrying out of the above activities, is specified as the object of treatment. As for any particular data, sensitive and health, it is guaranteed the minimization, or collection, use, protection and storage only in cases of absolute necessity and relevance to the purpose and subject to the release of free informed consent.
5) Mandatory or optional nature of the data provision.
The interested party can refuse to provide navigation data to the Owner; in order to do this, the party must disable cookies by following the instructions provided by the browser in use as per separate Cookies Policy. Disabling of cookies may compromise website navigation and functionality.
6) Scope of communication and data dissemination
The data transmitted to any of the companies of the Extra Group are processed by all the companies of the Extra Group. The Extra Group processes the data exclusively through personnel officially appointed and instructed in matters of confidentiality and personal data security.
We disclose your data to third parties only in the following circumstances:
Dissemination of information by us to third parties will be made only on condition that we maintain a confidential status, so that this information is used only for the purposes for which it was disclosed.
7) Place of data processing and transfer of personal data to a third country.
The management and storage of personal data will take place on servers within the European Union and data will not be transferred outside the European Union.
In some situations, when the user is redirected to external sites for the execution of particular services (such as, by way of non-exhaustive example: registration to an event, or to the social channels of companies of the Extra Group to which they are directed from the site, etc.), registration takes place on external servers and each of these services exposes its policies, which could also derogate from what is written and transfer data outside the European Union.
8) Modalities and duration of personal data retention.
The Data Controller will process personal data:
9) Right of access of the interested party (art. 15 of the GDPR EU 679/2016)
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
10) Withdrawing consent
With reference to the art. 6 of the GDPR 679/16, the interested party can withdraw the consent at any time.
11) Other rights of the interested parties.
With reference to the following standards: art. 16 "right of rectification", art. 17 "right to erasure", art. 18 "right to limitation of treatment", art. 20 "right to portability", art.21 "right to object the automated decision-making process" of GDPR 679/2016, the interested party exercises his/her rights:
Data and information about the treatments can then be requested to the DPO above, to its email firstname.lastname@example.org, as foreseen by the GDPR.
12) Complaint lodgement
The interested party has the right to lodge a complaint to a supervisory authority of the residence state.
13) Automated decision-making processes
The Data Controller does not carry out treatments consisting of automated decision-making processes involving profiling, namely an action that can have a significant effect on the rights and prerogatives of the data subjects; on the other hand, the only process that is carried out is related to a filtering of the information we offer, to make it more suitable to the interests of the subject who comes to our site.
14) Information not contained in this policy
Further information from the Data Controller may be requested at any time in relation to the processing of Personal Data using the contact information.
16) The privacy of minors
Our website is aimed at a general public and does not offer services for children. If we discover that a minor has provided us with personal data without the permission from parents or guardian, we will immediately delete this information.
17) External links
18) Legal defence
User's Personal Data may be used by the Data Controller for defence in court or during the stages leading to possible legal action, against improper use by the User of the same or of related services.
Following a court subpoena, court order or other legal initiative; in order to establish or exercise the rights granted to us by law; to defend ourselves in the eventuality of legal action against us or for other purposes dictated by law. The User declares to be aware that the Data Controller may be required to disclose information if requested by the public authorities.
19) Legal references
Last update on 24/05/2018