PRIVACY POLICY
INFORMATION PURSUANT TO AND FOR THE PURPOSES OF ARTICLE 13 OF EU REGULATION 2016/679 (GDPR)
DATA CONTROLLER
Pursuant to Articles 4 and 24 of Regulation 2016/679, the Data Controller is Cellografica Gerosa S.p.A., based in Inverigo (Como Province) at Via Al Gigante 23, postal code 22044, in the person of the legal representative.
You can contact the Data Controller using the following details:
email: privacy.cellograficagerosa@gerosagroup.com;
telephone number: +39 031 603111
DATA PROCESSED
PERSONAL DATA
Any information concerning an identified or identifiable natural person («data subject»). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (such as name, surname, date of birth, address, email, telephone number, etc.).
BROWSING DATA
The computer systems and software procedures needed for the functioning of the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Such information is not collected to be associated with identified data subjects, but that, by its nature, could be used to identify users when processed and associated with data held by third parties. Such data includes the IP addresses or computer domain names used by a user to connect to the website, the URI (Uniform Resource Identifier) addresses for the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the data response from the server (successful, error, etc.) and other parameters related to the user's operating system and computer platform.
DATA PROVIDED VOLUNTARILY BY THE USER
The optional and voluntary submission of personal data (e.g. by sending emails to the addresses indicated in this site or by filling in the data collection forms in this site) entails the acquisition and processing by the Data Controller of the data voluntarily provided by users (e.g. the sender's email address, necessary to respond to requests), as well as any other personal data included in the communication (such as name, surname, address, telephone number, email address, CV, etc.).
COOKIE
For more information about the cookies used by this website, see the Cookie Policy.
Purpose of the Processing |
Legal Basis |
Data retention period |
|---|---|---|
Browsing this website / collecting statistical information on the use of services / monitoring the proper functioning of the services offered |
Legitimate interest of the data controller: to ensure the website can be browsed properly |
Duration of the browsing session (without prejudice to any need for the investigation of crimes by the prosecuting authorities) |
Contact or information request |
Legitimate interest of the data controller: to respond to user requests |
1 year |
Staff recruitment and assessment of any job applications received via email |
Legitimate interest of the data controller: personnel selection |
2 years |
Subscribing to the newsletter, which is done by filling in the relevant form |
User Consent |
Duration of subscription | Until opt-out | removal from mailing list |
Organisational, administrative, financial and accounting activities and management of customer/user data, including using the Gerosa Lab platform. |
Fulfilment of contractual and legal obligations |
10 years or as otherwise required by law |
RECIPIENTS
Any data of a personal nature that is provided will be communicated to employees or other contract staff acting under the authority of the Data Controller (Article 29 of EU Regulation 2016/679) for the purposes listed above. The personal data provided may be transferred to countries outside the EU in order to fulfil the above-mentioned purposes, within the limits and conditions set out in Article 44 et seq. of EU Regulation 2016/679. A data subject may obtain details of the guarantees provided by the Data Controller for the transfer of data by writing to the Data Controller.
In order to fulfil existing contracts or for related purposes, your data will be processed by companies contractually linked to the Data Controller, in particular: - parties that provide services for the management of the Data Controller's ICT system and networks (including email, websites, the sending of newsletters); firms or companies with which the Data Controller has assistance or consultancy relationships; the competent authorities, so as to fulfil obligations under laws and/or regulations issued by public bodies, when requested. Individuals in the above categories either act as Data Processors or operate completely autonomously as separate Data Controllers. The list of Data Processors is constantly updated and available at the Data Controller's offices.
NATURE OF THE PERSONAL DATA PROVIDED
Except for the browsing data required to browse the website, users are free to provide their personal data; failure to do so may only result in the inability to obtain the information or services requested and provided through this website.
DATA SUBJECT'S RIGHTS | COMPLAINTS SUBMITTED TO THE SUPERVISORY AUTHORITY
You may exercise your rights under Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679 by contacting the Data Controller using the contact details provided above. In particular, you have the right, at any time, to obtain from the Data Controller access to your personal data and request information about the processing, as well as the right to rectify, erase or restrict the processing of your personal data.
Moreover, you have the right to object at any time to the processing of your data (including automated processing, e.g. profiling) in the cases provided for, as well as to revoke the consent you have given, without prejudice to the lawfulness of the processing based on the consent prior to any such revocation. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling to the extent that it relates to such direct marketing.
You have the right to the portability of your personal data and if you request this, the Data Controller will provide you with your personal data in a structured, commonly used, machine-readable format. If you feel that the processing of your personal data by the Data Controller is in breach of EU Regulation 2016/679, you have the right to lodge a complaint with the Italian data protection authority (Garante Privacy) or to take appropriate legal action.
CHANGES TO THE PRIVACY NOTICE
The Data Controller reserves the right to change, update, append or delete portions of this privacy notice at its discretion and without prior notice. Data subjects are required to check periodically for any changes. To facilitate such checking, the privacy notice will include an indication of the date it was updated.
Most recent update: 25 May 2018