This document will provide information on how Kosmas, owner of the Website, manages users’ personal data through the Website, protects the privacy and controls the use made of users’ data while navigating the Website, either they access on the home page or internal pages.
1. CONTROLLER AND DATA PROTECTION OFFICER
The Controller of personal data is Kosmas, with registered office in Seregno, via San Vitale, 61.
Data Protection: Giulia Di Renzo
Email address: firstname.lastname@example.org
2. TYPE OF PROCESSED DATA
The processing of Personal Data of users visiting and consulting the Website is limited to the so-called navigation data which transmission is necessary for the functioning of computer systems and of programs essentials for the operation of the Website but which, by their very nature and in conjunction with other data, may permit the identification of users.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters related to the operating system and the users. Such data may be used to ascertain liability in the event of computer offenses committed against the Site and/or third parties.
Personal Data or “Data“
Means any information referring to an identified or identifiable natural person that can be identified, directly or indirectly, through a reference identification, such as, for example, a name, an identification number, localization data, an online identification, and to one or more specific factors to his/her physical, physiological, mental, economic, cultural or social identity. Therefore, data collected by Kosmas could include strictly personal data of users that can identify them as specific persons. Differently, other data don’t allow to identify users directly, such as users’ profession or navigation data (source page; type of browser and operating system used by the navigator, etc) but are considered personal data as well as they relate and/or can be related to the firsts.
We inform you that the personal data you will provide us will be processed both with automated tools, and in any case not in compliance with the provisions, also in terms of data security, of the EU Regulation 679/2016 for the purpose of carrying out the tasks entrusted to them that can be summarized with the management of your explicit request to be included in our staff and for the purpose of providing you with the information requested by you and / or to fulfill specific legal obligations of the Data Controller. The provision of data is optional but your refusal will prevent us from continuing to execute the current contract or to fulfill your specific requests.
The retention of data (which in any case and in no case may be longer than 3 years) is linked to your request for insertion of personnel selection, to legal obligations or to the needs of specific treatments of which you are a part, it is your right to request cancellation of the data when the same right is not in conflict with legal obligations.
Your data will be communicated to the persons in charge of the writer necessary to carry out the tasks entrusted to them and to regulations / legal obligations, to control and public safety bodies if required, to any third parties only as a result of using them for the performance of the tasks entrusted to them
Data voluntarily provided by individual users
The optional, explicit and voluntary sending of data as requested by different sections of the Website are used for requesting services offered by the Site (such as, by way of example and not limited to: when users request information or clarification using the e-mail address given on the Home Page or internal Pages of the Website or when the users voluntarily send their CV to propose as potential candidates or when direct calls are made or faxes are sent to numbers indicated in the “contacts” section.). Especially data given by Companies and professionals in the registration or application sections.
3. PURPOSES OF PROCESSING PERSONAL DATA
Common personal data provided by users while browsing the Website or registering to the newsletter shall be processed strictly for the purposes indicated by Kosmas.
4. MEANS OF PROCESSING PERSONAL DATA
All users’ data collected will be processed exclusively by those authorized and specifically trained.
Personal data are both stored on computerized and telematic tools as well as on paper and any other tool considered to be appropriate and respectful of the security measures defined by the regulation in force. The system used for sending the Newsletter is called Sendinblue.
Data are stored in order to make it possible to identify the User in the shortest possible time and to perform the services for which they were collected and then processed and, in any case, always in respect of what provided by the regulation.
Any damage caused by causes not directly attributable to Kosmas., such as inaccessibility of the Website, virus, corrupted files, interruption of telephone or computer services, or other causes like the ones listed above cannot be attributed to Kosmas. In addition, users are responsible for stock and storage all personal information connected to the Website.
Any potential subtraction or improper use of these data, and the consequences deriving from these events are responsibility of the user
5. NATURE OF DATA PROVISION
Lack of users’ consent to provide compulsory data will make it impossible for Kosmas to perform services they were collected for.
Users’ personal data may be used for prize and award contests, for sending advertising material and promotions related to the Website and Kosmas only with explicit informed and voluntary approval given by the User.
6. DATA DISCLOSURE
Users’ personal data disclosure to third parties is subject to limits given by law and the purposes described at point 3.
Third parties fall into the following categories:
- people in charge of the managerial, contractual, accounting and legal administration of the Website;
- people in charge of the management and maintenance of the Website;
- other subjects to whom Kosmas has given the possibility to access data, always in respect of law and regulation;
- associated and related companies and associated offices.
7. DATA STORAGE
User’s personal data are stored for at least three years from the his/her last activity on the Website or an electronical system (particularly an e-mail message). After this period, user’s profile is considered “inactive” and will be automatically disactivated. It is user’s responsibility to create a new profile for new activities on the Website.
User’s personal data related to an order are stored for a period of three years from the order. They remain accessible from the user and the Company after the creation of the user’s account in order to give both the user and the Company his/her order history. The Company can cancel all the order history if requested by the user.
However, after the storage period and, if it is the case, after a cancelation request by the user, personal data may be stored to satisfy legal, accounting and fiscal obligations.
8. CONSENT TO DATA PROCESSING
Where data processing requires explicit and voluntary consent by the user, said data shall be processed exclusively following the issuance of appropriate consent by the applicant user, giving the description of the specific purposes.
It is hereby disclosed that art. 6 of the GDPR provides some cases where data processing does not require the explicit authorization by the user, such as for legal and contractual obligations undertaken with the user.
9. USER’S RIGHTS
User may exercise at any time the right to obtain confirmation of the existence of Personal Data relating to him/her, pursuant art. 15 and following of the GDPR:
- Access right (art. 15 of the GDPR);
- Change/modification right (art. 16 of the GDPR);
- Deletion right (art. 17 of the GDPR);
- Restriction of the processing of data right (art 18 of the GDPR);
- Portability right (art. 20 of the GDPR);
- Objection right (art. 21 and 22 of the GDPR);
- Post-mortem directive (law No 78-17 of January 1978 on data processing, files and liberties);
For exercising the rights granted by the GDPR listed above, the User may contact the Controller of Personal Data of Kosmas at the email address indicated above
The User also has, if there are conditions, the right to submit a complaint to the Italian Personal Data Protection Supervisor (the “Privacy Protection Authority”) pursuant art. 77 of the GDPR if his/her rights were infringed. To lodge a complaint with the Italian Data Protection Supervisor please visit the Privacy Protection Authority Website at the following address: www.garanteprivacy.it.
user has the right to obtain confirmation by Kosmas of the processing of Personal Data relating to him/her and, if they are processed, the user has the right to access those data and the following information:
- purposes of the processing;
- data categories;
- recipients or categories of recipients to whom data will be communicated;
- when possible, duration of data storage or, when not possible, criterion used to determine such duration;
- the right to ask Kosmas the modification or cancellation of data, the limitation of data processing and the right to object to those data processing;
- when data are not collected directly from the User, the right to obtain information on the sources;
When personal data are transferred or made available to a third country or an international organization, the User has the right to be informed of the appropriate guarantees related to the transfer.
user has the possibility to obtain by Kosmas, as soon as possible, the change and/or modification of data relating to him/her that are incorrect and can also request that incomplete data may be completed, after giving a complementary declaration for this purpose.
user has the possibility to obtain by Kosmas the deletion, as soon as possible, of data relating to him/her for one of the following reasons:
- data are not anymore necessary for the purposes they have been collected or processed by Kosmas;
- the consent to data process has been withdrawn and no other legal basis for data processing exists;
- the User has exercised the opposition right to the conditions explained below and no other legitimate ground to allow processing personal data exists;
- data were subjected to unlawful forms of processing;
- data need to be delated to comply with a legal requirement;
- data were provided by a child.
user has the right to obtain by Kosmas the limitation to the processing of personal data for one of the following reasons:
- verification of data accuracy after an objection to data accuracy;
- processing is unlawful and the user requires limitation to the processing;
- Kosmas does not need data for processing purposes anymore but those data are still necessary for determine, exercise and/or protect its rights;
- user opposed to data processing and Kosmas verifies that legitimate grounds prevail on reasons given by the user.
user has the possibility to receive from Kosmas data relating to him/her in a specific and structured format currently used and readable on a device when:
- Consent to data processing is given;
- Data are processed through automated procedures;
When the user exercises its portability right, he/she is entitled to obtain data transfer directly from Kosmas to an appointed responsible.
user has the right to object, in any time and given motivations regarding his/her situation, to data processing by Kosmas In this case, Kosmas will then no longer process those data unless it demonstrates that there are legitimate and compelling reasons for data processing prevailing on User’s interests and its rights and liberties. Kosmas will then be allowed to store data for the determination, exercise and/or protection of its rights.
Lastly, the User has the right to object, totally or partially, for legitimate reasons to personal data processing relating to him/her, pertaining collection or processing of personal data for the purposes of sending marketing material or direct selling or for market researches or advertising communication.
10. PROTECTION OF MINORS
Unless specifically expressed, the Website services are intended for a general public. We recognize a special obligation to protect personal information obtained by young people. For this reason, in order for children under 16 years to register in any of the services provided, we require the e-mail address, or other contact information of a parent or guardian that will be contacted by Kosmas to be informed and asked to confirm, change or refuse the registration of his/her child.
Kosmas has the right to request a written authorization from the parent or guardian in any moment. Until the parent or guardian has not responded to Kosmas the Website services offered to the child could be limited.
By using the so-called session cookies in this Website, other computer techniques that are potentially detrimental to Users’ privacy when browsing and do not allow the acquisition of personal identification data of users can be avoided.
11. THIRD PARTY COOKIES
The use of third-party cookies (temporary or permanent) by the Website is anonymous and aimed solely at allowing the owner to use Web analytics services provided by third parties. These cookies allow to collect and register, anonymously, information on Website pages visited but cannot allow the identification of the user and are not combined with other information. This information is used exclusively to track and examine the Website use by the User and create statistics based on the information collected anonymously through the use of aggregated data.
We inform the User that the Web analytics service used by the Data Owner is “Google Analytics”, described below.