Why this warning
Risorsa s.r.l. (hereafter “Company” or “Owner”) is committed to respecting and protecting your privacy and wants you to feel safe both when simply browsing the website and also in the event that you decide to register with us, thus providing us with your personal data in order to take advantage of the services made available to its Users and/or Customers. On this page the Company intends to provide some information regarding the processing of personal data of users that visit or consult the website, accessible at the address www.risorsa.com (the “Website”). The information is provided solely for the Company’s website and not for other websites that may be accessed by the user through links (for which, reference is made to the respective information/policies on privacy). Reproduction or uses of pages, material and information contained within the Website, by any means or medium, is not permitted without prior written consent from the Company. Copying and/or printing is permitted solely for personal and non-commercial use (for requests and clarifications please contact the Company using the contact details here indicated below). Other uses of the content, services and information contained on this website are not permitted.
With regards to the content offered and the information provided, the Company will ensure that the contents of the Website are reasonably updated and revised, without offering any guarantee as to the adequacy, accuracy or completeness of the information provided, explicitly disclaiming any responsibility for any errors of omission in the information provided on the Website.
Identity and contact details of Data Controller
Data Controller, – i.e. the legal entity that determines the the purpose and means of the processing of personal data – pursuant to art. 4 of the GDPR, is Risorsa s.r.l. with registered office in Via Po, 48 – 10123 Torino (TO), email: firstname.lastname@example.org
Contact details of Data Protection Manager
As required by art. 37 of the Regulation (EU) 2016/679, the Data Controller has identified the figure of Data Protection Officer (DPO) as Dr Roberto Formigoni, who is available for contact at the headquarters of Risorsa s.r.l. or at the following email address: email@example.com
Categories of personal data processed
The Company informs that the personal data provided by you and at the same time acquired while Users browse the website will be treated in compliance with the applicable legislation. During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of the Internet. This information is not collected in order to be associated with identified interested parties, but by its very nature could, trough processing and association with data held by third parties, allow users to be identified as navigators. This data category includes “IP addresses” or domain names of the computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the way in which the request was submitted to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the operating system and IT environment of the user. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check the correct functioning of the Company’s website. It should be noted that the aforementioned data could be used to ascertain responsibility in the case of computer-related crimes against the Company’s website or to other connected websites. With exception to this circumstance, the data on web contacts are not stored for more than a few days.
Data provided by the user
The Company collects, stores and processes your personal data for the purpose of providing the information and services offered on the Website, or for Legal purposes. As regards to some specific Services, the Company may also process your data for commercial purposes. In such cases, specific, separate, optional consent will be required, and is always revocable in the following ways and at the addresses hereafter indicated.
The optional, explicit and voluntary sending of your personal data (Name, Surname, telephone number, email address, CV) in the relevant sections of the Website “Contact us”, “Comment” and “Join our Team”, as well as filling in the questionnaires (e.g. form), involves the subsequent acquisition of some of your personal data which is necessary to respond to requests.
Intended purpose and legal basis for processing
The data are processed for the following purposes:
- strictly connected and necessary to the management of contact or information requests and to the examination of any CVs received;
- for ancillary activities related to the management of User/Customer requests and the sending of feedback that may include the transmission of promotional material;
- direct marketing, i.e. sending of advertised material, commercial communication of products and/or services offered by the Company. This activity may also concern products and services of the other companies in the Company’s Group and be carried out by sending advertising/information/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding users/customers carried out through “traditional” methods (by way of an example, via post and/or operator calls), or through “automated” contact systems (by way of an example, SMS and/or MMS, non-operator telephone calls, email, fax, interactive apps), pursuant to art.130 paragraphs. 1 and 2 of the Legislative Decree 196/03 and as per subsequent amendments;
The provision of data for the purposes referred to in points 1) and 2), connected to a pre-contractual and/or contractual phase, or functional to a user request, or foreseen by a specific regulatory provision, is mandatory, and in their absence, it will not be possible to receive information and access any service requested. In relation to point 3) of this Policy, the consent of the processing of data by the user/customer is free and optional and always revocable without consequences on the usability of the products and services, except for the impossibility for the Company to keep them updated on the new initiatives or on particular promotions or benefits that may be available to users/customers.
The Company may send commercial communications relating to products and/or services similar to those already provided, pursuant to Directive 2002/58/EU, using the email or paper contact details indicated by you on such occasions, to which you can object, with the methods and contact details hereafter.
Personal data are stored on the servers located in the offices of the Data Controller.
Means and logic of processing, retention period and safety measures
The processing is also carried out with the aid of electronic, or in any case, automated means, and is carried out by the Company and/or third parties that the Company can use to store, manage and transmit the data. The data processing will be carried out with organisational logic and processing of your personal data, also relating to the logs originating from the access and use of the services made available via the web, of the products and services used related to the purposes indicated above and, in any case, to guarantee the security and confidentiality of the data. The personal data voluntarily provided by the user and sent to the Company via the Website will be retained for 24 months, while the CVs received from candidates will be kept in the Company archives for a maximum of 12 months, after which they will be deleted. Navigation information will be retained for a maximum of six months after collection, except in the event that they must be used to ascertain responsibility in the event of computer-related crimes against the Website.
Again, with regards to data security, in the sections of the website set up for particular services, where personal data is requested from the user, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated as SSL. SSL technology encrypts information before it is exchanged via the Internet between the user’s computer and the Company’s central systems, making it incomprehensible to unauthorised people, thus ensuring the confidentiality of the information transmitted. Precisely with reference to the aspects of the protection of personal data, the user/customer is invited, pursuant to art.33 of the GDPR to report to the company any circumstances or events from which a potential “data breach” may arise, in order to allow immediate assessment and adoption of any necessary actions aimed at countering this event by sending a message to < firstname.lastname@example.org > or contacting Customer Service.
The cookies stored on your device cannot be used to retrieve any data from your hard disk, transmit computer viruses or identify and use your email address. Each cookie is unique in relation to the browser and device you use to access the Website or use the Company’s App. Generally, the purpose of cookies is to improve the functioning of the website and the user’s experience of using it, even if cookies can be used to send advertising messages (as here below specified). For more information on what cookies are and how they work, please consult the website “All about cookies” http://www.allaboutcookies.org .
Areas of communication and data transfer.
For the pursuit of the aforementioned purposes, the Company may communicate and have the personal data of users/customers processed by third parties with whom we have relationships, both in Italy and abroad, in the case of these third parties providing services upon our request. We will provide said third parties with only the information necessary to perform the requested services whilst taking all measures to protect your personal data. The data may be transferred out of the European Economic Area if this is necessary for the management of your contractual relationship. In this case, the recipients of the data will have protection and security obligations imposed upon them, equivalent to those guaranteed by the Data Controller. In the case of using services offered directly by Partners, we will only provide the data which is strictly necessary for the carrying out of said services. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and, where required, the guarantees applicable to data transfers to third countries will be applied. We may also disclose data to our commercial service providers, for marketing purposes, who for this purpose are appointed external data processors. Furthermore, personal data may be communicated to competent public entities and authorities for compliance with regulatory obligations or for ascertaining responsibility in the event of computer-related crimes against the website. It may also be communicated to, or allocated to, third parties (in the capacity of data processors, or in the case of suppliers of electronic communication services, independent holders) who provide IT and telematic services (e.g. hosting services, management and development of websites) and which the Company uses for the performance of tasks and activities of a technical and organisational nature, instrumental to the functioning of the website. The entities belonging to the above categories operate as separate Data Controllers or as Processors appointed for this purpose by the Company.
The personal data may also be known by the Company’s employees/consultants who are specifically trained and appointed as Data Processors.
The categories of recipients to whom the data can be communicated are available by contacting the Company at the addresses here below indicated.
Rights of Data Subjects
You can exercise the rights that are recognised by the law at any time, including:
- to access your personal data, obtaining evidence of the purposes pursues by the Owner, the categories of data involved, the recipients to whom they can be communicated, the applicable retention period, the existence of automated decision-making process;
- to obtain the correction of inaccurate personal data concerning you without delay;
- to obtain, if required, the cancellation of your data;
- to obtain the limitation of treatment or oppose it, when possible;
- to request the portability of the data you have provided to the Company, i.e. to receive them in a structured format, commonly used and readable by automatic device, also to transmit such data to another holder, within the limits and with constraints
pursuant to art. 20 of the GDPR;
In addition, you can lodge a complaint with the Italian Data Protection Authority, pursuant to art.77 of the GDPR
For the processing referred to in point 4) of the purposes, the Customer can at any time withdraw consent and exercise the right to object to direct marketing (in both “traditional” and “automated” form). In the absence of indication to the contrary, the objection will refer to both traditional and automated communication.
The above-mentioned rights can be exercised upon the request of the interested party in the ways disclosed by Customer Service or on the Company’s website, or by using the following references: Privacy Office < email@example.com >.
Risorsa s.r.l. reserves the right to update this information at any time. It is the user’s responsibility to periodically visit this area in order to view any changes that have been made.
The Data Controller