Information on the Processing of Personal Data
pursuant to art. 13 of the General Data Protection Regulation – EU Reg. 2016/679
This report is delivered pursuant to art. 13 of the European Regulation 2016/679 (“Regulation“), which establishes rules concerning the protection of individuals with regard to the processing of personal data, as well as rules concerning the free movement of such data.
This report only concerns the website https://www.athonet.com/ (the “Website“) and does not cover other websites, which might be available via any links on the Website.
1 – Data processed
Personal and identification data
Personal data means any information concerning a natural person, identified or identifiable also indirectly by reference to any other information. In particular, the personal data, which may be collected through the Website, are the following: name, surname, date of birth, address, e-mail address, telephone number. Sensitive data (i.e. those concerning religious beliefs, union membership, sexual preferences and other information listed in Article 9 of the Regulation) are not processed through the Website, hence, we kindly ask all users to not include them while sending a contact via the Website, or in other forms of interaction provided by the Website. Should it be necessary to process data of this kind, we will request prior consent from the data subject /user.
The computer systems and software procedures used to operate the Website, acquire some kind of personal data whose transmission is implicit in the use of Internet communication protocols during their normal operation. This kind of information is not collected to be associated with identified interested parties, however due to its very nature, it might allow users to be identified by means of processing and association of data held by third parties.
This category of data includes, for instance, the IP addresses or domain names of the computers used by the users connecting to the Website, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the IT environment of the data subject/user.
Data provided voluntarily by the data subject / user
Transmission (always optional and at the discretion of the data subject/user) of e-mails to the e-mail addresses indicated on the Website and/or through other interactions with the Website, entails the acquisition of the sender’s address, necessary to respond to requests, as well as of any other personal data entered by the data subject/user. Specific information may be displayed on the pages of the Website with regard to particular services provided by the controller.
2 – Purposes of the Processing and its Lawfulness
|I.||Management and execution of pre-contractual and contractual obligations, in particular the access to the reserved areas of the Website, the management of messages sent through the Website (e.g. requests for information or quotation, job applications) and any other service provided via the Website.||Processing permitted as necessary for the implementation of a contract of which the data subject is a party, or for the execution of pre-contractual measures adopted at the request of the same – art. 6.1. (b) of the Regulation.|
|II.||Compliance by the controller with the obligations established by applicable Italian and European legislation, including for instance, the management of tax and accounting obligations.||Processing permitted as necessary to fulfil a legal obligation to which the controller is subject – art. 6.1 (c) of the Regulation.|
|III.||Direct marketing activities through the transmission of communications or material (e.g. through e-mail) regarding products/services similar to those already provided by the controller to the data subject/user.||Processing permitted as necessary for the pursuit of a legitimate interest of the controller – art. 6.1. (f) of the Regulation. The legitimate interest of the controller corresponds to the promotion of its activity through direct marketing – see Recital no. 47 of the Regulation.|
Each data subject/user is free to provide personal data in e-mails sent to the e-mail addresses indicated on the Website, or through other interactions with the Website. In the event in which the data required to answer the message has not been provided, we will be unable to follow up on the request.
Finally, for the sake of transparency we point out that the data collected through the Website might be used, in a strictly anonymous and/or aggregated form, to understand the behaviour or the preferences of the users and interest in the Website coming from specific geographic areas.
3 – Processing methods
The processing of personal data is carried out using paper and IT tools in compliance with the provisions on the protection of personal data and, in particular, the appropriate technical and organizational measures pursuant to art. 32.1 of the Regulation, and with the observance of every precautionary measure that guarantees their integrity, confidentiality and availability.
4 – Categories of Addressees
Personal data may be communicated, in strict relation to the purposes indicated above, to the following subjects or categories of subjects:
- a) addressees in relation to which the current legislation imposes the duty of communication, in compliance with the provisions of the tax and accounting legislation;
- b) professionals and third-party companies with which the controller cooperates, should it be necessary for the functioning of the Website or for the management of the data subject/user request through the website.
With regard to paragraph b), we undertake to rely exclusively on subjects who provide adequate guarantees regarding data protection and to appoint such professionals and third parties as Data Processors pursuant to art. 28 of the Regulation. Upon request, the complete list of the Data Processors will be made available by the controller.
Personal data will not be transferred outside the European Union or to international organisations.
5 – Retention Period
Personal data are kept in the archives of the controller and are stored for a period of 10 (ten) years from the last interaction with the data subject/user, in consideration of the limitation period of any claims arising from the contact between the controller and the data subject/user, as set forth by law.
6 – Rights recognized to the data subject
At any time, the data subject/user may assert the rights provided by the articles 15 to 22 of the Regulation against the controller, i.e. the right to request:
- access to personal data, i.e. the right to be acquainted with his/her personal data held by the controller, the purposes for which they are processed, their origin and other information required by art. 15 of the Regulation;
- rectification of personal data in case of inaccuracy of the same;
- erasure of personal data (so-called ‘right to be forgotten’);
- restraint of the processing of personal data, or the right to obtain the suspension of the processing of personal data for a period necessary to verify the request for rectification of personal data, or in other cases provided for by art.18 of the Regulation.
Furthermore, the data subject/user has the right to:
- data portability, i.e. the right to receive personal data in a structured, commonly used and machine-readable format – and to request the direct transfer to another controller;
- the right to lodge a complaint with the Italian Supervisory Protection Authority or with the Supervisory Authority of the place of residence or work, or of the place where the violation occurred, where it considers that the processing of personal data violates the Regulation.
7 – Plug-ins for Facebook, Twitter and other Social Networks
Some of the pages of the Website may contain plug-ins of social networks (e.g. Facebook, Twitter, etc.). By clicking on these plug-ins – that are identifiable with the same symbol of the social network which they refer to – the browser directly connects to the servers of the social network and opens an additional page or tab of the browser, linked to the social network. In the event that, while clicking on the plug-in the data subject/user connects to their social account, some personal data may be associated to the social account. Indeed, this connection can remain active even if the social network page is closed, for instance this occurs when the user returns to the address of the social network, while has already logged in with their own account. Further information on the collection and use of data by social networks in general, as well as on the rights and procedures available to protect the privacy of the data subject/user in this situation, are indicated on the pages of social networks. If the data subject/user does not wish to associate the visit to our Website with his/her social account, he/she must log-off from the social network before visiting our Website.
The controller reserves the right to amend, update, add or remove sections of this privacy statement, at his discretion and at any time. In order to facilitate examination of any revisions/updates, the statement will specify the update date.
9 – Identity and contact details of the Controller
Data of the update: May 25, 2018
Please contact us using the form below