PRIVACY POLICY (PRIVACY POLICY)

The purpose of this Notice is to provide the utmost transparency with regard to the manner in which the personal data of visitors/users acquired by La Sia S.r.l. a socio unico (hereinafter also simply La Sia) through the website www.lasia.it (hereinafter also simply the Site) is processed.

Sia is aware of the importance of personal data protection and therefore handles all information acquired with extreme care, guaranteeing its security and confidentiality during its processing.

“Processing” of personal data means any kind of operation of collection, recording, storage, consultation, modification, extraction, printing, use, dissemination, communication, deletion or destruction of personal datai.

Your data will be processed by LA SIA S.p.A. as the Data Controller. The company is headquartered at (00173) Rome, Via Luigi Schiavonetti 286, and can be contacted by e-mail at privacy@lasia.it.

This Notice is prepared pursuant to Legislative Decree. June 30, 2003, no. 196, Personal Data Protection Code (so-called “Privacy Code”) as amended and supplemented by European Regulation no. 2016/679 and the subsequent implementing measure Legislative Decree. 101/2018.

The European Regulation no. 2016/679, better known by the acronym GDPR, is a European Union regulation on the processing of personal data by which the European Commission sought to strengthen and make more homogeneous the protection of personal data of citizens and residents of the European Union (EU), both within and outside European borders.

The Sia, wishing to implement the fundamental principles enshrined in the aforementioned legislation, informs users of its website (hereinafter also “data subjects,” as defined in the GDPR and the Privacy Code) of the following general profiles, which apply to all areas of processing:

  • the data collected is processed lawfully, fairly and transparently to the data subject;

  • data are collected and processed only for the purposes stated in this Notice and with the consent of the data subject if required by current legislation;

  • the data collected are adequate and relevant to the intended purpose and are not collected to a greater extent than necessary according to the so-called principle of minimization;

  • data are collected and processed for the time strictly necessary to achieve the described purposes and for a predetermined time, after which they will be deleted, destroyed or anonymized;

  • specific security measures are observed to prevent unauthorized access, prevent loss of data, or unlawful or incorrect use of data;

  • personal data collected will not be shared, sold, made available, or disclosed to parties other than those specified in this Notice.

  1. Browsing data and correct operation of the Website

The computer systems and software procedures used to operate this Site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Consequently, mere access to the site implies the acquisition by La Sia of information and data about the user.

This category of data includes.

  1. System logs such as User IP address, Browser type, and internet service provider (ISP) name,

  2. Usage data, such as the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.

  3. Cookies.

We speak of personal data when cookies are able to identify an individual. The use of Cookies by this Website or third party service holders used by the Website is for the purpose of providing the Service requested by the User, in addition to the additional purposes described herein and in our Cookie Policy, which we invite the User to consult for more information

  1. Data voluntarily provided by the user

  1. The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site, in the Contact Section, involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

  2. The optional and voluntary completion of the Form inserted in the Careers section and aimed at collecting CVs, implies the acquisition of the name and e-mail address of the interested party as well as additional personal data included within the CV.

The processing of Data may have the following purposes:

  1. The performance by the Owner of the activities put in place for purposes strictly related and/or necessary to the satisfaction of the requests formulated, from time to time, by the user through this website and/or by e-mail;

  2. Performance of personnel evaluation, selection and recruitment activities;

  3. purposes related to obligations under applicable laws or regulations, as well as provisions issued by competent supervisory and control authorities/bodies, as well as purposes related to the Holder’s right to exercise its right of defense.

  4. purposes related, instrumental, and necessary to the provision of the Web Site (operation and maintenance), statistical analysis purposes, and site security to identify anomalies and/or abuse. In this regard, we inform users that data on navigation and proper functioning of the web pages of our Site will be used for the investigation of liability in case of computer crimes.

  1. With reference to the purposes set forth in paragraph 5 above, letters (a) and (b), the legal basis for processing is the legitimate interest of the Data Controller to respond to spontaneous requests for contact/information sent by users or to carry out the activity of evaluating resumes, selection and professional recruitment. Therefore, there is no obligation to provide the data, but failure to do so may result in the inability to receive the service.

  2. With reference to the purposes referred to in point 5, letter c) above, consent to the processing of data is not required since the provision of the data is necessary to fulfill a legal obligation to which the Data Controller is subject, or for the performance of a task of public interest or the exercise of public powers vested in the same.

  3. With reference to point 5(d) above, since the Site only collects data for the purposes of statistical analysis, operation, maintenance and security, no user consent is required since, the processing, is necessary for the pursuit of a legitimate interest of the Data Controller. The user will still have the option, at any time, to change the browsing settings directly in the browser used with the understanding that denying consent to certain features may result in the inability to deliver certain services or not guarantee an optimal browsing experience. For more information you can see our Cookie Policy.

The processing of Personal Data will be carried out:

  1. With organizational methods and logic strictly related to the stated purposes;

  2. through the use of paper and electronic means, including through the use of electronic mail or other remote communication techniques. The Data Controller will use the same methods in the case of communication of data to third parties, as better specified in section 9 below.

  3. By categories of individuals authorized to perform these tasks;

  4. with the use of appropriate security measures to ensure the confidentiality and protection of data and prevent unauthorized parties from accessing, disclosing, modifying or destroying them;

  5. There will be no automated decision-making processes;

  6. no data will be processed for scientific or historical research purposes and will not be subject to profiling.

It is worth noting that La Sia does not use automated decision-making, including profiling. This means that no data will be used to analyze or predict aspects of an individual’s job performance, economic status, health, personal preferences, interests, reliability, behavior, location, or movements

The data will be stored in paper archives located at the Owner’s office and in electronic archives located both at the same office and at the Data Center of the web hosting Aruba Spa. Web hosting is the Data Processor and processes the data on behalf of the Data Controller. Both the Owner and Web Hosting are located in the European Economic Area and act in accordance with European standards(https://www.aruba.it/gdpr-regolamento-europeo-privacy.aspx);

  • With regard to the purpose of point 5(a) above, the data will be kept for the time strictly necessary to fulfill the requests made;

  • Regarding the purpose of point 5(b) above, data aimed at personnel selection and recruitment will be kept for 24 months after the CV is sent;

  • With regard to the purpose of point 5(c) above, the data will be kept for the period of time necessary to fulfill all possible legal requirements and related protection needs;

  • With regard to the purpose of point 5(d) above, the data collected from the Web site will be kept for the time strictly necessary for its operation and related activities.

At the end of the retention period, Personal Data will be deleted or anonymized. Therefore, upon the expiration of this period, the right of access, deletion, rectification and the right to data portability, as better described in Section 10) below, can no longer be exercised.

The data collected and processed may be disclosed:

  1. For the purposes set forth in paragraph 5, subparagraphs. a), (b) and c), or by virtue of specific legal obligations – to other parties and in particular employees and collaborators of the Controller, within the scope of their respective duties, or to consultants who assist the Controller in fulfilling requests (e.g., legal, tax and/or labor consulting firms);

  2. For the purposes of Section 5(d), regarding browsing data, please see our Cookie Policy.

Sia does not disseminate users’ personal data or transfer them to countries outside the EU.

Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the interested party may, in the manner and within the limits provided by the current legislation, exercise the following rights:

Data subject’s right of access (Art. 15, GDPR)

The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and to certain information specifically mentioned in Art. 15 of the GDPR.

Right of Rectification (Art. 16, GDPR)

The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary statement.

Right to Cancellation (Art. 17, GDPR)

The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller is obliged to erase the personal data without undue delay, unless there are grounds for preventing the exercise of this right.

Right to restriction of processing (Art. 18, GDPR)

The data subject has the right to obtain, where possible, the restriction of the processing of his or her personal data.

Right to data portability (Art. 20, GDPR)

The data subject, if the processing is based on consent or on a contract and is carried out by automated means, has the right to receive in a structured, commonly used and machine-readable format the personal data he or she has provided to the data controller and, where technically feasible, to have them transferred without hindrance to another data controller.

Right to Oppose (Art. 21, GDPR)

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data based on the legitimate interest of the Data Controller or on the data subject’s consent, including profiling, unless he or she demonstrates the existence of compelling legitimate grounds for processing that override the data subject’s rights.

Automated decision-making related to natural persons including profiling (Art. 22, GDPR)

The data subject has the right not to be subjected to a decision based solely on automated processing that produces legal effects concerning him or her or that significantly affects him or her in a similar way.

Right to lodge a complaint with the supervisory authority (Art. 77, GDPR)

Without prejudice to any other administrative or jurisdictional recourse, a data subject who believes that processing concerning him or her violates data protection regulations has the right to lodge a complaint with the Data Protection Authority.

In order to exercise these rights, Users must fill out an appropriate application and send it, signed and accompanied by an identification document, to the following e-mail address: privacy@lasia.it or by registered mail to the Holder’s office indicated in Article 2 above. Requests will be processed according to the timelines and procedures outlined in Art. 12 of the current European Regulations.

This Privacy Policy, was updated on 12/22/2019.

The Data Controller reserves the right to revise the privacy policies at any time, including due to changes and updates to relevant legislation and case law. In case of significant changes, appropriate evidence will be given on the homepage of the site for a suitable time. However, the interested party is encouraged to consult this document periodically.