PRIVACY POLICY
GDPR STATEMENT PURSUANT TO ARTICLES 13-14 OF REGULATION (EU) 2016/679 (GENERAL DATA PROTECTION REGULATION)
1) Introduction and privacy policy
This information is provided in accordance with article 13 of Regulation (EU) 2016/679 – General Data Protection Regulation.
The undersigned company recognises the importance of personal data protection, and has consequently adopted policies that comply in full with the relevant domestic and international legislation.
Pursuant to the provisions of Regulation (EU) 2016/679, this statement provides information regarding the processing of data provided by you, and describes personal data processing activities carried out by the company through the website www.noosit.com.
This policy does not apply to other websites that may be accessed through links on websites of the domain holder , who is not to be held liable in any way for the websites of third parties.
Our company may process your personal data when you visit the website and use its services and features.
Personal data are collected and processed when necessary for the sections of the website being visited in connection with the provision of services requested by the user (e.g. contact request, etc.) or when the user decides to communicate his or her personal data to the company in various ways (e.g. verbally, filling in the appropriate fields where required, email, etc).
In these circumstances, this privacy policy explains the methods used to collect and process your personal information.
Where required by Regulation (EU) 2016/679 and/or by Italian law, the user’s consent will be requested before their personal data can be processed.
If you provide personal data pertaining to third parties, you must ensure that the disclosure of data to the company and subsequent processing for the purposes specified in the applicable privacy policy complies with Regulation (EU) 2016/679 and applicable legislation.
2) Details of the Data Controller
Data Controller: Nóos S.r.l. in the person of its acting legal representative, with headquarters in Via Campello sul Clitunno, 00181 – Rome – Italy – Tel: (+39) 0678359730 – Fax: (+39) 0678345480 – email: info@noosit.com.
Data Protection Officer: Maurizio Prosseda, domiciled for the purposes at the above address
3) Place of data processing
Data relating to web/digital/hard copy services are processed at the aforementioned location, solely by personnel formally authorised to do so. Data related to the web service will be processed at the web farm of the internet service provider. No data from the web service are disclosed or disseminated.
As a rule, user data will not be transferred outside the European Union.
Should this be necessary, we will ensure that the recipient, acting as data processor, complies with the provisions set forth in the GDPR, including the rules in place for the transfer of personal data to third countries, ensuring that such transfers are based on an adequacy decision or the signing by the data processor of standard contractual data protection clauses approved by the European Commission.
All information regarding the transfer of personal data to third countries may be requested through the contact details given in paragraph 2 above.
4) Type of data processed
– Browsing data and user-supplied data:
IT systems and software procedures used for the operation of this website may acquire, in the course of normal operations, some personal data whose transmission is implicit in the use of internet communication protocols.
Visiting and browsing the website generally does not involve the collection and processing of your personal data, except for browsing data and cookies as specified in the appropriate section. This category of data includes IP addresses or domain names of the devices used by users connecting to the site, and addresses in URI (Uniform Resource Identifier) notation. Personal data voluntarily provided by the user when he or she interacts with the website or requests services offered on the site (e.g. by email, compiling the appropriate fields etc) may also be processed.
In compliance with relevant legislation, the company may also collect your personal data from third parties necessary for the operation of its business and the fulfilment of its contractual and legal obligations.
Specifically:
1. with regard to commercial contact, we refer to your company’s data and the names, addresses, telephone numbers and email addresses of your employees who will contact us or with whom we subsequently come into contact;
2. with regard to contact related to recruitment, we refer to the personal data, addresses, telephone numbers and email addresses of individuals who contact us, as well as their curriculum vitae.
Such data are and will be processed – using automated electronic means and/or manually, where appropriate – in accordance with the law and the principles of lawfulness and fairness, in such a way as to protect your confidentiality and rights.
All data are processed for the time strictly necessary and for the sole purpose of obtaining anonymous statistical information on use of the website and to check its correct functioning. The data may be used to ascertain liability in the event of possible cybercrime damaging the website investigated by the competent authorities, and/or in any case if requested and/or acquired by the latter.
As a rule, we do not request or collect specific data, as outlined by the GDPR, which may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data geared to identify a natural person, or any data relating to a person’s health, sex life or sexual orientation.
5) Cookie
See our Cookie Policy on this website
More information on the handling and transfer of Facebook data at the following link.
6) Nature of data provision
In addition to browsing data as mentioned above, the provision of certain personal data by the user is mandatory, to allow the company to manage communications and requests from users, and in any case is requested in each section, e.g. to meet contractual obligations etc.
This type of data is marked with an asterisk [*] and its provision is mandatory to enable the company to fulfil its obligations or the user’s request, which cannot otherwise be met. Meanwhile, the collection of other data not marked by an asterisk is optional: failure to provide such data has no consequences for the user. The user’s provision of personal data for marketing purposes is optional; refusal to provide it will have no consequences. Consent given for marketing purposes shall be deemed to include the sending of communications in automated and non-automated form and/or means of contact, as detailed below.
7) Purpose, method and lawfulness of data processing (article 6 of GDPR)
- use of services and features found in the various sections of the website (e.g. contact etc)
- to make contact, at your request, of an informative and commercial nature, which may result – again at your request – in a pre-contractual contact;
- contact, again at your request and based on our needs, and possible subsequent contact for the selection of potential employees;
- storage of the above data.
- handling of requests and reports from users
- handling of job applications received through the website etc.
- prospecting activities, with the user’s further and specific optional consent: the company may process personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications pertaining to the company’s services, using the contact details provided, through traditional means (mail, operator phone calls, etc) and automated means (email, social media, SMS, etc).
8) Storage of personal data
In accordance with Regulation (EU) 2016/679, personal data are stored for the time strictly necessary for the specific purposes for which they are collected, and in any case for the time needed to meet contractual and legal obligations. Once the processing needs are met, these data are deleted and/or destroyed or returned to the data subject in those cases provided for by law (e.g. medical records for occupational medicine).
9) Scope of communication and/or circulation of data
Personal data are generally not disseminated, and will be disclosed to:
all authorised parties whose right of access is subject to the fulfilment of contractual and legal obligations;
natural and/or legal persons, both public and/or private, when disclosure is necessary or useful for the performance of the activities to which processing refers and in the manner and for the purposes illustrated above, and in any case in compliance with legal and contractual regulations;
data processors, including outsourcers, and persons authorised to process the data within the scope of their duties;
external
providers such as couriers, shipping services etc;
counterparts,
authorities etc, as part of legal and/or administrative proceedings
10) Rights of data subjects
In accordance with the provisions of Chapter 3, Section I of the GDPR, the data subject may exercise the rights stipulated therein, namely:
– Right of access (article 15 of GDPR), to obtain confirmation as to whether or not personal data concerning the data subject are being processed and, where that is the case, to receive information regarding:
the purposes of processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
the existence of the right to request from the data controller the rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject. – Right of rectification (article 16 of GDPR) – to obtain, without undue delay, the rectification of inaccurate personal data concerning him or her and to have incompleted personal data completed, including by means of providing a supplementary statement.
– Right to erasure (article 17 of GDPR) (“right to be forgotten”) – to obtain, without undue delay, the erasure of personal data concerning him or her, where one of the following grounds applies:
personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based in accordance to point (a) of Article 6(1), or point (a) of Article 9(2) and where there is no other legal ground for the processing;
the data subject objects to processing pursuant to Article 21(1) and there is no overriding legitimate ground for the processing, or the data subject objects to processing pursuant to Article 21(2);
personal data have been unlawfully processed;
personal data need to be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of Regulation (EU) 2016/679
– Right to restriction (article 18 of GDPR) – to obtain the restriction of processing, where one of the following applies:
the accuracy of the personal data is contested by the data subject, for a period necessary enabling the data controller to verify the accuracy of such personal data;
processing is unlawful, and the data subject opposes the erasure of personal data and requests the restriction of their use instead;
although the data controller no longer needs the personal data for the purposes of processing, they are required by the data subject to establish, exercise or defend a legal claim;
the data subject has objected to processing pursuant to article 21(1) of Regulation (EU) 2016/679 pending verification as to whether the data controller’s legitimate grounds override those of the data subject. – Right to data portability (article 20 of GDPR) – The data subject shall have the right to receive personal data concerning him or her provided to a data controller, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller without hindrance from the data controller.
– Right to object (article 21 of GDPR) – The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her under article 6(1)(e) or (f), including profiling on the basis of these provisions. The data controller shall no longer process the personal data unless it demonstrates the compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of a legal claim.
– Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such direct marketing.
– Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
– Automated individual decision-making, including profiling (article 22 of GDPR)
– The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or similarly significantly affects him or her.
– Right to lodge a complaint with supervisory authority – Filing a complaint with the Authority for the Protection of Personal Data, Piazza di Montecitorio no. 121, 00186, Rome (RM).
11) Exercise of the rights of the data subject
The data subject may exercise his or her rights through a written communication to be sent by email, PEC, registered letter with advice of receipt or fax to the addresses indicated in paragraph 2 – Data Controller.
The exercise of the rights as a data subject is free of charge under article 12 of GDPR.
12) Withdrawal of consent to processing
The data subject may withdraw consent to the processing of his or her personal data at any time by sending a communication, in the manner indicated in section 11 above – Exercise of the rights of the Data Subject.
1) Introduction and privacy policy
This information is provided in accordance with article 13 of Regulation (EU) 2016/679 – General Data Protection Regulation.
The undersigned company recognises the importance of personal data protection, and has consequently adopted policies that comply in full with the relevant domestic and international legislation.
Pursuant to the provisions of Regulation (EU) 2016/679, this statement provides information regarding the processing of data provided by you, and describes personal data processing activities carried out by the company through the website www.noosit.com.
This policy does not apply to other websites that may be accessed through links on websites of the domain holder , who is not to be held liable in any way for the websites of third parties.
Our company may process your personal data when you visit the website and use its services and features.
Personal data are collected and processed when necessary for the sections of the website being visited in connection with the provision of services requested by the user (e.g. contact request, etc.) or when the user decides to communicate his or her personal data to the company in various ways (e.g. verbally, filling in the appropriate fields where required, email, etc).
In these circumstances, this privacy policy explains the methods used to collect and process your personal information.
Where required by Regulation (EU) 2016/679 and/or by Italian law, the user’s consent will be requested before their personal data can be processed.
If you provide personal data pertaining to third parties, you must ensure that the disclosure of data to the company and subsequent processing for the purposes specified in the applicable privacy policy complies with Regulation (EU) 2016/679 and applicable legislation.
2) Details of the Data Controller
Data Controller: Nóos S.r.l. in the person of its acting legal representative, with headquarters in Via Campello sul Clitunno, 00181 – Rome – Italy – Tel: (+39) 0678359730 – Fax: (+39) 0678345480 – email: info@noosit.com.
Data Protection Officer: Maurizio Prosseda, domiciled for the purposes at the above address
3) Place of data processing
Data relating to web/digital/hard copy services are processed at the aforementioned location, solely by personnel formally authorised to do so. Data related to the web service will be processed at the web farm of the internet service provider. No data from the web service are disclosed or disseminated.
As a rule, user data will not be transferred outside the European Union.
Should this be necessary, we will ensure that the recipient, acting as data processor, complies with the provisions set forth in the GDPR, including the rules in place for the transfer of personal data to third countries, ensuring that such transfers are based on an adequacy decision or the signing by the data processor of standard contractual data protection clauses approved by the European Commission.
All information regarding the transfer of personal data to third countries may be requested through the contact details given in paragraph 2 above.
4) Type of data processed
– Browsing data and user-supplied data:
IT systems and software procedures used for the operation of this website may acquire, in the course of normal operations, some personal data whose transmission is implicit in the use of internet communication protocols.
Visiting and browsing the website generally does not involve the collection and processing of your personal data, except for browsing data and cookies as specified in the appropriate section. This category of data includes IP addresses or domain names of the devices used by users connecting to the site, and addresses in URI (Uniform Resource Identifier) notation. Personal data voluntarily provided by the user when he or she interacts with the website or requests services offered on the site (e.g. by email, compiling the appropriate fields etc) may also be processed.
In compliance with relevant legislation, the company may also collect your personal data from third parties necessary for the operation of its business and the fulfilment of its contractual and legal obligations.
Specifically:
1. with regard to commercial contact, we refer to your company’s data and the names, addresses, telephone numbers and email addresses of your employees who will contact us or with whom we subsequently come into contact;
2. with regard to contact related to recruitment, we refer to the personal data, addresses, telephone numbers and email addresses of individuals who contact us, as well as their curriculum vitae.
Such data are and will be processed – using automated electronic means and/or manually, where appropriate – in accordance with the law and the principles of lawfulness and fairness, in such a way as to protect your confidentiality and rights.
All data are processed for the time strictly necessary and for the sole purpose of obtaining anonymous statistical information on use of the website and to check its correct functioning. The data may be used to ascertain liability in the event of possible cybercrime damaging the website investigated by the competent authorities, and/or in any case if requested and/or acquired by the latter.
As a rule, we do not request or collect specific data, as outlined by the GDPR, which may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data geared to identify a natural person, or any data relating to a person’s health, sex life or sexual orientation.
5) Cookies
See our Cookie Policy on this website
More information on the handling and transfer of Facebook data at the following link.
6) Nature of data provision
In addition to browsing data as mentioned above, the provision of certain personal data by the user is mandatory, to allow the company to manage communications and requests from users, and in any case is requested in each section, e.g. to meet contractual obligations etc.
This type of data is marked with an asterisk [*] and its provision is mandatory to enable the company to fulfil its obligations or the user’s request, which cannot otherwise be met. Meanwhile, the collection of other data not marked by an asterisk is optional: failure to provide such data has no consequences for the user. The user’s provision of personal data for marketing purposes is optional; refusal to provide it will have no consequences. Consent given for marketing purposes shall be deemed to include the sending of communications in automated and non-automated form and/or means of contact, as detailed below.
7) Finalità, Modalità e condizioni di liceità del trattamento (art. 6 – GDPR)
In accordance with article 6 of the GDPR, the user’s data will be processed on the basis of legitimate interest of the Data Controller or consent expressly given by the user, or to fulfil legal obligations incumbent on the Data Controller or for the correct execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject.
The COMPANY may process your personal data, for example, for the following purposes:
- use of services and features found in the various sections of the website (e.g. contact etc)
- to make contact, at your request, of an informative and commercial nature, which may result – again at your request – in a pre-contractual contact;
- contact, again at your request and based on our needs, and possible subsequent contact for the selection of potential employees;
- storage of the above data.
- handling of requests and reports from users
- handling of job applications received through the website etc.
- prospecting activities, with the user’s further and specific optional consent: the company may process personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications pertaining to the company’s services, using the contact details provided, through traditional means (mail, operator phone calls, etc) and automated means (email, social media, SMS, etc).
We would also like to inform you that provision of the data needed for the above purposes is requested from you, and is a prerequisite for subsequent contact that you yourself have requested from us. Your data will not be disclosed to third parties.
8) Storage of personal data
In accordance with Regulation (EU) 2016/679, personal data are stored for the time strictly necessary for the specific purposes for which they are collected, and in any case for the time needed to meet contractual and legal obligations. Once the processing needs are met, these data are deleted and/or destroyed or returned to the data subject in those cases provided for by law (e.g. medical records for occupational medicine).
9) Scope of communication and/or circulation of data
Personal data are generally not disseminated, and will be disclosed to:
all authorised parties whose right of access is subject to the fulfilment of contractual and legal obligations;
natural and/or legal persons, both public and/or private, when disclosure is necessary or useful for the performance of the activities to which processing refers and in the manner and for the purposes illustrated above, and in any case in compliance with legal and contractual regulations;
data processors, including outsourcers, and persons authorised to process the data within the scope of their duties;
external
providers such as couriers, shipping services etc;
counterparts,
authorities etc, as part of legal and/or administrative proceedings
All data
relating to the website’s services are processed solely by authorised staff and
individuals formally appointed to carry out data processing.
10) Rights of data subjects
In accordance with the provisions of Chapter 3, Section I of the GDPR, the data subject may exercise the rights stipulated therein, namely:
– Right of access (article 15 of GDPR), to obtain confirmation as to whether or not personal data concerning the data subject are being processed and, where that is the case, to receive information regarding:
the purposes of processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
the existence of the right to request from the data controller the rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject. – Right of rectification (article 16 of GDPR) – to obtain, without undue delay, the rectification of inaccurate personal data concerning him or her and to have incompleted personal data completed, including by means of providing a supplementary statement.
– Right to erasure (article 17 of GDPR) (“right to be forgotten”) – to obtain, without undue delay, the erasure of personal data concerning him or her, where one of the following grounds applies:
personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based in accordance to point (a) of Article 6(1), or point (a) of Article 9(2) and where there is no other legal ground for the processing;
the data subject objects to processing pursuant to Article 21(1) and there is no overriding legitimate ground for the processing, or the data subject objects to processing pursuant to Article 21(2);
personal data have been unlawfully processed;
personal data need to be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of Regulation (EU) 2016/679
– Right to restriction (article 18 of GDPR) – to obtain the restriction of processing, where one of the following applies:
the accuracy of the personal data is contested by the data subject, for a period necessary enabling the data controller to verify the accuracy of such personal data;
processing is unlawful, and the data subject opposes the erasure of personal data and requests the restriction of their use instead;
although the data controller no longer needs the personal data for the purposes of processing, they are required by the data subject to establish, exercise or defend a legal claim;
the data subject has objected to processing pursuant to article 21(1) of Regulation (EU) 2016/679 pending verification as to whether the data controller’s legitimate grounds override those of the data subject. – Right to data portability (article 20 of GDPR) – The data subject shall have the right to receive personal data concerning him or her provided to a data controller, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller without hindrance from the data controller.
– Right to object (article 21 of GDPR) – The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her under article 6(1)(e) or (f), including profiling on the basis of these provisions. The data controller shall no longer process the personal data unless it demonstrates the compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of a legal claim.
– Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such direct marketing.
– Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
– Automated individual decision-making, including profiling (article 22 of GDPR)
– The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or similarly significantly affects him or her.
– Right to lodge a complaint with supervisory authority – Filing a complaint with the Authority for the Protection of Personal Data, Piazza di Montecitorio no. 121, 00186, Rome (RM).
11) Exercise of the rights of the data subject
The data subject may exercise his or her rights through a written communication to be sent by email, PEC, registered letter with advice of receipt or fax to the addresses indicated in paragraph 2 – Data Controller.
The exercise of the rights as a data subject is free of charge under article 12 of GDPR.
12) Withdrawal of consent to processing
The data subject may withdraw consent to the processing of his or her personal data at any time by sending a communication, in the manner indicated in section 11 above – Exercise of the rights of the Data Subject.