Privacy Policy

In Extra we value your privacy. Here's everything you need to know about how we use your data.

Information for website users and customers of Extra Group

This informative note is addressed to all those who interact with Extrasys s.r.l and with the other companies controlled by it and/or connected to it - Extra s.r.l., Extra Cube s.r.l., Extra Magnet s.r.l., Extra Red s.r.l., Extra Smart s.r.l., Extra Vision s.r.l. , Tagmate s.r.l. (hereinafter referred to as "Gruppo Extra" or "Extra Group") - through the pages of the different websites managed from the Companies belonging to the Extra Group, such as https://www.extrasys.it, corresponding to the initial page of the official website of the Extra Group and of all the other pages linked to it (identifiable by the suffix "extrasys.it", such as, by way of non-exhaustive example, https://blog.extrasys.it) and the other websites corresponding to the commercial proposal of the Companies belonging to the Extra Group, such as, by way of non-exhaustive example, https://www.red-cloud.it.

In this page we describe the modalities of personal data processing for all the users who consult and adhere to the services on our previously described websites, and interact with our organization via web, email or any other telematic device.

1)         Identity of the Data Controller.

Data Controller: the company Extrasys s.r.l., having its registered office in Pontedera (PI), Via Salvo D'Acquisto 40/P; pec: extrasys@legalmail.it hereinafter also referred to as "The Company".

Data Protection Officer: the lawyer Paolo Mascitelli, based for his role in the registered office of the Data Controller, email: dpo@extrasys.it.

The company that develops and manages the portal referred to on our site, qualified and designated as responsible for data processing, is Extra Magnet s.r.l., located in Pontedera (PI), Via Salvo D'Acquisto 40/P.

The list of all data controllers is available at the company headquarters.

Extrasys s.r.l. acts on its behalf and on behalf of all the other companies controlled by Extrasys s.r.l. and/or connected to it, identified as Extra Group.

The treatment is always based on principles of lawfulness and fairness in compliance with all current regulations and appropriate security measures are adopted for data protection.

2)        Purposes of data treatments.

A) Personal data that we collect via telematic/ telephone services

1. Personal data for subscriptions to our newsletter, in which, with prior consent, we request the simple contact details through the forms on the various pages of our website (name, surname and email);
2. Personal and contact data for registration to events organized by Extra Group, acquired through the forms on the various pages of our website or on other external sites specialized in this type of activity, to which the site automatically refers to for the compilation of forms;
3. Personal contact data for information about our activities and services through the various contact forms on the website, or through the integrated chat within the website itself;
4. Personal data collected through requests for information sent via email to the various addresses with domain @extrasys.it (such as, by way of non-exhaustive example: info@extrasys.it, jobs@extrasys.it, etc.) or to the PEC addresses corresponding to the various companies of the Extra Group.
5. Personal data collected through telephone calls made by potential customers to request for information or details about products/services offered by the companies of the Extra Group.

Such data, given prior express consent, may be employed for the purpose of sending newsletters, commercial information or advertising material or for direct sales purposes or for market research or interactive commercial communication.

All the data collected refer exclusively to the ones collected through the forms in the relevant sections of the website.

B) Personal data collected for the provision of our services

1. Personal data for the establishment and execution of the contractual relationship and for the fulfillment of the related regulatory obligations (Article 6 letter b GDPR), obtained during the commercial negotiation with the customer.

Such data, given prior express consent, may be employed for the purpose of sending newsletters, commercial information or advertising material or for direct sales purposes, i.e. for market research or interactive commercial communication.

The provision of data is necessary to achieve the aforementioned purposes and the failure to provide data would not allow the establishment of the contractual relationship. Moreover, for the treatment related to these purposes, the law does not require your consent.

C) Personal data collected through the management of CURRICULA.

The Company reserves the right to evaluate all the CVs received on spontaneous initiative or following the publication of announcements looking for potential candidates.

However, the candidates are invited to respect the following rules concerning the transmission of curricula in electronic format:

1. follow the European format when compiling the curriculum;
2. transmit the curriculum in PDF format;
3. avoid including in your curriculum sensitive data (related, in particular, to your health condition, religious, philosophical or political) not relevant in relation to the job offer;
4. give consent to the processing of sensitive data relevant to the establishment of a work relationship (for example belonging to protected categories).

The Company will be responsible for providing appropriate information to candidates during potential interviews.

The purpose of the treatment connected to the management of the curricula will involve activities that are strictly related to the evaluation, recruitment or selection of personnel, with objectives of collaboration, temporary or permanent employment, internships or thesis.

D) Data provided voluntarily via EMAIL.

The optional, explicit and voluntary sending of e-mails to the various addresses with domain @extrasys.it (such as, by way of non-exhaustive example: info@extrasys.it, jobs@extrasys.it, etc.), or to the PEC addresses corresponding to the various companies of the Extra Group, involves the subsequent acquisition of the sender's address, necessary to reply to requests, as well as any other personal data included in the message.

E) Event profiles:

On occasion of our conferences, meetings, private parties, or events organized by third parties to which we could participate as sponsors or guests, we will record the specifications of the event or meeting, the date, the number of guests, the personal and contact data (email and telephone) of speakers, participants, escorts, sponsor referents, journalists.

F) Information collected from third parties

On the occasion of the organization of events or in special cases in which we intend to present the participants with entry packages or subscriptions to our services, we collect from third parties personal data and email contact details of the beneficiaries, which are guaranteed the right to cancellation.

Likewise, we may also collect personal data from social media services, in line with your settings on these services. We may add such information to those we already have in the archive and share it with others on the basis of the content of this Policy.

G) Navigation data

During their normal course of operation, the computer systems and software procedures used to operate this website will acquire some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified persons, however it could allow users to be identified, by its very nature, through processing and association with data held by third parties.

This data category includes IP addresses, or domain names of the computers used by users to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the server response status (successful, error, etc.), and other parameters pertaining to the user's operating system, and IT environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing (see our Cookies Policy). The data could be used to ascertain responsibility in the event of hypothetical computer crimes detrimental to the site.

3)        Processing methods

The processing of your personal data is carried out through the operations indicated in art. 4 of the Privacy Code and Article 4 (2) of the GDPR, and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and erasure of data. Personal data are subjected to both paper and electronic and/or automated processing. The processing operations are carried out in such a way as to guarantee the logical, physical security and confidentiality of your personal data.

4)        Nature of personal data

Your common personal data, concerning the carrying out of the above activities, is specified as the object of treatment. As for any particular data, sensitive and health, it is guaranteed the minimization, or collection, use, protection and storage only in cases of absolute necessity and relevance to the purpose and subject to the release of free informed consent.

5)        Mandatory or optional nature of the data provision.

Apart from what has been specified for navigation data, the user is free to provide personal data. Failure to release of data prevents access to certain services, such as, but not limited to, the receipt of the newsletter, access to reserved areas of the site or to reserved "premium" contents, or the establishment of contractual relationships and consequent provision of services. The voluntary subscription to the newsletter, through the submission of personal data, implies in itself an explicit and unequivocal consent of the interested party to the processing of personal data on the basis of the privacy policy of the site from which it is registered, or on the basis of signature of appropriate documentation (however, it will be requested to accept this policy).

The interested party can refuse to provide navigation data to the Owner; in order to do this, the party must disable cookies by following the instructions provided by the browser in use as per separate Cookies Policy. Disabling of cookies may compromise website navigation and functionality.

6)        Scope of communication and data dissemination

The data transmitted to any of the companies of the Extra Group are processed by all the companies of the Extra Group. The Extra Group processes the data exclusively through personnel officially appointed and instructed in matters of confidentiality and personal data security.

We disclose your data to third parties only in the following circumstances:

1. on the occasion of events, the participants list, with the sole indication of the surname and company name (without any other contact data such as e-mails or telephone numbers), is communicated to the main sponsor for our legitimate interest in the correct and profitable financing of the activities and their commercial success and for the benefit of the interested parties; the same information can be communicated through our website and other tools and means of communication (such as, by way of non-exhaustive example: magazines, paper and online, press releases, press agencies, etc.).
2. with the order of the Public Authority.

Dissemination of information by us to third parties will be made only on condition that we maintain a confidential status, so that this information is used only for the purposes for which it was disclosed.

7)        Place of data processing and transfer of personal data to a third country.

The management and storage of personal data will take place on servers within the European Union and data will not be transferred outside the European Union.

In some situations, when the user is redirected to external sites for the execution of particular services (such as, by way of non-exhaustive example: registration to an event, or to the social channels of companies of the Extra Group to which they are directed from the site, etc.), registration takes place on external servers and each of these services exposes its policies, which could also derogate from what is written and transfer data outside the European Union.

8)        Modalities and duration of personal data retention.

The Data Controller will process personal data:

1. for the duration of subscription services and subscription to the newsletter
2. 10 years for accounting documentation conservation purposes, pursuant to art. 2220 cc
3. 10 years for marketing purposes, unless the interested party withdraws consent and cancells from the newsletters.

9)        Right of access of the interested party (art. 15 of the GDPR EU 679/2016)

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

1. the purposes of the processing;
2. The categories of personal data concerned;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
4. storage period of personal data provided, or if that is not possible, the criteria used to determine that period;
5. the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
6. the right to lodge a complaint with a supervisory authority;
7. the existence of an automated decision-making procedure, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

10)        Withdrawing consent

With reference to the art. 6 of the GDPR 679/16, the interested party can withdraw the consent at any time.

11)        Other rights of the interested parties.

With reference to the following standards: art. 16 "right of rectification", art. 17 "right to erasure", art. 18 "right to limitation of treatment", art. 20 "right to portability", art.21 "right to object the automated decision-making process" of GDPR 679/2016, the interested party exercises his/her rights:

1. writing to the Data Controller a registered letter to the following address: Extrasys s.r.l., Via Salvo D'Acquisto 40/P - 56025 Pontedera - PI
2. or by sending a pec to: extrasys@legalmail.it.

You can notify any Data Breach, with reference to the art. 33 "", writing to the following email address: privacy@extrasys.it.

Data and information about the treatments can then be requested to the DPO above, to its email dpo@extrasys.it, as foreseen by the GDPR.

12)     Complaint lodgement

The interested party has the right to lodge a complaint to a supervisory authority of the residence state.

13)     Automated decision-making processes

The Data Controller does not carry out treatments consisting of automated decision-making processes involving profiling, namely an action that can have a significant effect on the rights and prerogatives of the data subjects; on the other hand, the only process that is carried out is related to a filtering of the information we offer, to make it more suitable to the interests of the subject who comes to our site.

14)     Information not contained in this policy

Further information from the Data Controller may be requested at any time in relation to the processing of Personal Data using the contact information.

15)     Changes to this privacy policy

The Data Controller reserves the right to modify this privacy policy at any time and publish them on this page to inform Users. Therefore, please check this page frequently, taking as reference the "last updated" date shown at the bottom. In case of non acceptance of any changes to this Privacy Policy, Users are required to stop using this Application and may request that the Data Controller deletes their Personal Data. Unless otherwise specified.

16)     The privacy of minors

Our website is aimed at a general public and does not offer services for children. If we discover that a minor has provided us with personal data without the permission from parents or guardian, we will immediately delete this information.

17)     External links

If pages of this website or sections of our applications contain links to other sites, they are not bound by this Privacy Policy. We advise you to read carefully the privacy policy available on these external sites and to examine the procedures for the collection, use and disclosure of personal information used by them.

18)     Legal defence

User's Personal Data may be used by the Data Controller for defence in court or during the stages leading to possible legal action, against improper use by the User of the same or of related services.

Following a court subpoena, court order or other legal initiative; in order to establish or exercise the rights granted to us by law; to defend ourselves in the eventuality of legal action against us or for other purposes dictated by law. The User declares to be aware that the Data Controller may be required to disclose information if requested by the public authorities.

19)     Legal references

This privacy policy has been prepared in accordance with the obligations under the GDPR 679/16 by art. 10, of the Directive n. 95/46/EC, as well as the provisions of Directive 2009/136/EC concerning Cookies.

Last update on 24/05/2018