Dear User, we welcome you to www.sercanto.com. Sercanto S.r.l., in its capacity as Data Controller, wish to inform you, pursuant to and for the purposes of art. 13 of General Data Protection Regulation (“GDPR”), that your personal data will be processed in compliance with the national and European legislation and in accordance with the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.
Pursuant to Articles 4 and 24 of the GDPR, the Data Controller is:
Sercanto S.r.l. – Via Calzabigi 4 – 57125 Livorno
E-mail address: firstname.lastname@example.org
ICO Registration Number: ZA488038
Type of data processed
The Data Controller can collect and process the following data:
- Common and contact data (name, telephone number, email address), as well as any other personal data contained in the “message” area, sent by you by filling out the “Contact” form. These data are used exclusively for the purpose of processing your requests;
- contact data (email address) collected for the creation of a new user profile within the “Login” section of the job search portal and for sending job alerts. The registration process can be bypassed by means of social logins. This is an alternative registration procedure that allows you to use your Facebook, Google or LinkedIn credentials to log in. With the Facebook, Google or LinkedIn API, in fact, you can transfer your profile information and wait for the page to load: the profile will then be created automatically;
- navigation data. The computer systems and software procedures used for this web site operation acquire, during their normal operation, personal data, whose transmission is implicit in the use of Internet communication protocols. However, this information is not collected in order to be associated with identified data subjects but are information which could – through processing and associations with data held by third parties – allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the website, requested resources addressed in URI (Uniform Resource Identifier) notation, the browser, the time of the request and other parameters relating to the operating system and computer environment of the User. These data are used only to receive anonymous statistical information on the use of the website and to check its proper functioning. They are deleted immediately after processing.
Legal ground and purpose of the processing
The data provided will be processed in accordance with the principles of lawfulness ex art. 6 of the GDPR for the following purposes:
- to carry out your requests and answer the questions you have asked by filling in the “Contact” form, as well as to execute your request to create a new user profile. The data processing has as its legal basis the legitimate interest of the Data Controller (art. 6 (f), of the GDPR) to be more efficient in the management and execution of your specific request;
- to comply with the legal obligations to which the Data Controller is subject. In this case, the legal basis is the need to comply with legal obligations requiring the Controller to collect and/or process certain types of personal data (art. 6 (c), of the GDPR).
Processing that require your express consent
Subject to your express consent, your personal data may also be processed by the Data Controller for commercial and promotional purposes (newsletter service), as well as sending you advertising and promotional messages based on personalized marketing campaigns, so you can receive commercial communications through automated contact tools (e.g. e-mail).
Your personal data will be processed at the Data Controller headquarters by internal staff specifically designated for this purpose as authorized subjects, using computer and telematic as well as paper supports.
In any case, the Data Controller adopts adequate security and confidentiality measures in order to reduce the risk of destruction, loss, modification, disclosure or unauthorized access to data or processing not allowed or not in accordance with the purpose of collection.
Mandatory or optional nature of the provision of the data
The provision of the requested data both for the compilation of the “Contact” form and for the creation of a user profile, is mandatory, and any refusal to provide them would make it impossible for the Data Controller to execute all or part of the requests. The provision of further data is purely optional.
Data retention period
In compliance with the provisions of art. 5, comma 1, letter e) of the GDPR, the information acquired, in compliance with the principles of necessity and proportionality, is processed for the time needed to achieve the purposes of collection, after which the data will be deleted or made anonymous permanently.
The data collected for marketing and profiling purposes will be processed for a maximum of 24 and 12 months respectively from the date of last contact.
In any case, you can always ask for the interruption of the processing or the deletion of the data.
Your personal data are in no case disclosed, but may be communicated to professionals, employees, legal entities and third party companies, which may be outside of the EEA, that perform outsourced services on behalf of the Data Controller. These subjects act as Data Controllers or Data Processors specifically appointed for this purpose. We inform you that the updated list of data processors is available, upon request, at the headquarters of the Data Controller.
The data may also be disclosed to third parties to comply with legal obligations, to comply with orders from public authorities or to comply with requests from the judicial authority.
Your personal data may be transferred abroad within the limits strictly related to the services offered and the pursuit of the activities described above; we assure you that the data transfer is carried out only to countries that ensure adequate levels of protection and on the basis only of standard contractual clauses and decisions of adequacy, in accordance with the provisions of Articles 44 et seq. of the GDPR.
You have specific legal rights in relation to the personal information we hold about you which are recognized by Articles 15-22 EU of the GDPR. These rights include:
- accessing your data (in full and by obtaining a copy) and knowing if the Data Controller holds and/or processes personal data relating to you. On this occasion you also have the right to obtain access to your personal data and information regarding the processing purposes, the categories of personal data in question, the receivers or categories of receivers to whom the personal data have been or will be communicated;
- verifying, updating and obtaining the rectification of inaccurate data or the integration of incomplete personal data with no unjustified delay;
- obtaining the deletion or removal of your personal data;
- obtaining the restriction of the processing;
- when applicable, receiving the personal data concerning you which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller (right to portability);
- objecting to the processing;
- lodging a complaint with the competent data protection supervisory authority (Italian Privacy Authority http://www.garanteprivacy.it/) or take legal action.
If you wish, ask the Data Controller any of the rights above, or have any other queries, please do not hesitate to contact the Controller at email@example.com
Data Protection Officer (DPO)
If you believe that your personal data has not been processed correctly, you may contact the Data Protection Officer (DPO) by sending an email to firstname.lastname@example.org