Information on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 679/2016

We hereby inform you that, pursuant to Articles 13 and 14 of EU Regulation 679/2016 (hereinafter referred to as 'GDPR'), your data provided to us through the use of the website www.veneziastucco.com (hereinafter, also just "Site") will be processed as follows, in accordance with the principles of fairness, lawfulness, transparency and protection of your confidentiality and your rights. This information provides the user (Data Subject) with any further information necessary to ensure correct and transparent processing, in relation to the specific context in which personal data are collected and subsequently processed.

This information is provided only for the Site and its related sub-domains and not for third party websites accessible through links contained in the Site, for which the Data Controller is not responsible in any way. For these treatments will be provided by the respective owners, independent information. 

Data Controller

The Data Controller is Arstucco Srl

Via Dell'Economia, 117 - Vicenza

VAT NO. 04168690248

Telephone: 0444 563155

e-mail: info@veneziastucco.com

Purposes of data processing

1. to monitor the technical operation and performance of the site, to provide technical assistance and maintenance and, in general, the activities instrumental to ensuring the proper functioning of the Site

2. to obtain statistical information on the use of services (most visited pages, number of visitors per hour or per day, geographical areas of origin, etc.)

3. respond to requests sent by email or by filling in the online form

4. Evaluate the application by filling out the form work with us and sending the curriculum vitae for the establishment of a working relationship

Legal basis of the treatment

For the purposes indicated in points 1) and 2) the LEGAL BASIS is Legitimate interest art. 6 lett. f) and recital 47: the processing is necessary for the pursuit of the legitimate interest of the data controller or of third parties, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail, taking into account the reasonable expectations of the data subject based on his/her relationship with the data controller. Activities strictly necessary for the operation of the site and the provision of the navigation service on the platform. 

For the purpose 3) the LEGAL BASIS is the execution of pre-contractual measures also adopted at the request of the interested party: the optional, explicit and voluntary sending of messages to contact addresses, as well as the completion and submission of the Contact Form on the Site, involve the acquisition of contact data of the sender, necessary to respond / manage requests, and all personal data included in the communications. 

For the purpose 4) the LEGAL BASIS is the consent: the evaluation of the application requires the specific free and informed consent, if it is denied we will be unable to consider the same. 

Recipients

In addition to the Data Controller, the Data may be accessed by other subjects involved in the organization (staff in charge) or external subjects (third party technical service providers, hosting providers) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Broadcasting

In no case will personal data be communicated, disseminated, transferred or otherwise transferred to third parties for unlawful purposes and, in any case, without providing adequate information to interested parties and obtaining their consent, where required by law. This is without prejudice to the possible communication of data at the request of the judicial or public security authorities, in the manner and in the cases provided for by law. 

Processing modalities

The processing will be carried out by means of paper and/or electronic instruments, also by authorized persons, who operate under the direct authority and according to the instructions given by the Data Controller, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the processed data.

The processing operations are carried out in such a way as to guarantee the security of the data and of the systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data, unauthorized access, unauthorized processing or processing that does not comply with the purposes specified in this policy. In particular, the Website uses the HTTPS protocol for server authentication and communication channel encryption. The security measures adopted, however, do not allow to exclude absolutely the risk of interception or compromise of personal data transmitted by electronic means. It is therefore recommended to verify that the device in use by the user is equipped with adequate software systems for the protection of the telematic transmission of data, both incoming and outgoing (such as, for example, updated antivirus systems, firewalls and spam filters).

Transfer of data abroad

Personal data will not be transferred abroad, to countries or international organizations not belonging to the European Union that do not guarantee an adequate level of protection, recognized, pursuant to art. 45 GDPR, on the basis of an adequacy decision of the EU Commission. In the event that it is necessary for the provision of the Website services, the transfer of personal data to non-EU countries or International Organizations, for which the Commission has not adopted any adequacy decision pursuant to Art. 45 GDPR, will only take place in the presence of adequate safeguards provided by the recipient country or Organization, pursuant to Art. 46 GDPR and provided that the data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision by the Commission, pursuant to Article 45 GDPR, or adequate safeguards, pursuant to Article 46 GDPR, including binding corporate rules, the cross-border transfer will only take place if one of the conditions set out in Article 49 GDPR is met.

Data Categories and Retention Period

The data processed may be: 

(a) Navigation data

Browsing data, collected using automatic methods, exclusively for the purpose of obtaining aggregate statistical information relating to the use of the Website (including, by way of example, IP addresses, browsing times, geographical data and other parameters relating to the user's operating system and computer environment); this information could also be processed and/or associated with other data held by the provider or third parties, allowing the user's identity to be traced; navigation data is not, nor will it under any circumstances be used by the Data Controller to carry out user profiling activities, nor will it be disclosed or communicated to third parties;

DATA STORAGE PERIOD: Until the duration of the browsing session. For navigation see cookie policy.

b) Cookies

This site uses cookies, which are technically packets of information sent by a web server (in this case, this site) to the user's browser and stored on the user's device (personal computer, tablet, cell phone, etc.) and automatically sent back to the server each time the site is accessed. To find out the type and purpose of the cookies used, please refer to the Cookie Policy on the site.

c) Data provided voluntarily by users/visitors 

If, by connecting to this site, you decide to send your personal data (for example: name, surname, email address, telephone number) in order to access certain services, or to make requests via e-mail, the Data Controller will process such data in order to respond to your request, in accordance with this policy. The data provided by the user may be acquired and stored by the Data Controller, in electronic form, for purposes related to their collection through the Site and will not be used for profiling or direct marketing activities. The optional and voluntary sending of e-mail messages to the addresses indicated on the Site, in particular, entails the acquisition and consequent processing of the sender's address and any other personal data contained in the message, to the extent necessary to respond to the requests of the interested party.

DATA STORAGE PERIOD: 1 year for contacts.

d) data related to the application (contact data, identification and residence data, academic curriculum and work experience) 

DATA STORAGE PERIOD: for a maximum of 1 year from receipt, after which they will be deleted.

The data may be processed for additional time to those indicated to handle any complaints. 

Rights

Interested parties may exercise certain rights with reference to the Data processed by the Data Controller. In particular, You have the right to:

access your Data: you have the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.

verify and ask for rectification: you can verify the correctness of your Data and ask for updating or correction.

obtain the cancellation or removal of your Personal Data: when certain conditions are met, you may request the cancellation of your Data by the Data Controller.

revoke consent at any time: you may revoke the consent to the processing of your Personal Data previously expressed.

oppose the processing of your Data: you may oppose the processing of your Data when it is done on a legal basis other than consent. 

obtain the limitation of processing: when certain conditions are met, you may request the limitation of the processing of your Data. 

Obtain data portability: You have the right to receive your Data in a structured, commonly used and machine-readable format and, where technically feasible, to obtain its unimpeded transfer to another data controller. This provision is applicable when the Data is processed by automated means and the processing is based on consent, a contract to which you are a party or contractual measures related thereto.

Propose a complaint: you may lodge a complaint with the competent data protection supervisory authority or take legal action.

Details of the right to object

Where Personal Data is processed in the public interest, in the exercise of official authority vested in the Controller or in pursuit of a legitimate interest of the Controller, you have the right to object to the processing on grounds relating to your particular situation.

Please note that if your Data were processed for direct marketing purposes, you may object to the processing without providing any reasons. 

How to exercise your rights

In order to exercise your rights, you may address a request to the contact details of the Data Controller indicated in this document. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.

In order to exercise his/her rights, the interested party may avail him/herself of the services of non-profit bodies, organizations or associations whose statutory objectives are of public interest and which are active in the field of the protection of the rights and freedoms of the interested parties with regard to the protection of personal data, conferring, for this purpose, a suitable mandate. The interested party may also be assisted by a trusted person.

In order to know his own rights, to propose a complaint/signal/appeal and to be always up-to-date on the regulations regarding the protection of people with regard to the processing of personal data, the interested party can apply to the Guarantor Authority for the protection of personal data, by consulting the website at https://www.garanteprivacy.it/.