This section describes how the data of the users who visit the website are processed, in accordance with Regulation EU 679/2016 (GDPR) and Legislative Decree 196/2003.
Nature of the Data Processed
- Browsing Data
The information technology systems and software procedures used by this website during the course of its normal operation acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified users, but due to its nature, when elaborated and combined with data held by third parties, it may lead to their identification.
This category of data includes: IP addresses, domain names of the computers used by users to connect to the site; the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time when the request is made, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server (successful, error, etc.) and other parameters concerning the user’s operating system and computer environment.
See the relevant policy.
- Data voluntarily provided by users using contact forms and subscribing to the newsletter
By voluntarily, explicitly and willingly sending emails to the addresses published on this website, including filling online contact request forms in the CONTACT US section, applying for positions in the WORK WITH US section and/or submitting candidacies in the START-UP section, the receiver automatically acquires users’ email addresses, required to reply to their requests, and any other personal details included in the emails/forms.
Purpose of Data Processing
Browsing Data are used solely to obtain anonymous statistical information on how the site is used and to make sure it is working properly. This data could be used to ascertain liability in the event of hypothetical cybercrimes to the detriment of the site.
Data pertaining to the emails and data voluntarily provided by users filling contact forms/sending applications/submitting projects are used to reply and communicate with users and manage their requests.
Legal Basis of Processing
For browsing data, information collected by technical and analytic cookies and technical information strictly necessary to provide the service, the legal basis of the processing is the legitimate interest of the Data Controller to publish and manage the website.
For data acquired through contact forms and emails, the legal basis of the processing is the legitimate interest of the Data Controller to reply to the communications received from users and to adopt pre-contractual measures expressly requested by the Data Subject (for example, sending offers and commercial information).
Methods of Processing
Personal data are processed using automated and electronic tools for the time strictly necessary to achieve the purposes for which they were collected and are communicated to third parties only if necessary to obtain the performance requested. Specific security measures are in place to prevent loss, unlawful and inappropriate use of data and unauthorized access.
Optional and Mandatory Data
Aside from what specified for necessary browsing data, the provision of personal data is optional.
Failure to provide personal data may result in the total or partial impossibility to comply with legal obligations or to stipulate or correctly perform the agreement, or obtain the information requested.
Users’ data will be stored for the time necessary to achieve the purposes for which they were collected.
Data are stored for different periods of time depending on the purposes for which they are processed.
In any case, data will be stored for the time necessary to: (i) carry out the website hosting and maintenance activities; (ii) comply with the requests submitted by users; (iii) match professional positions with the profiles of the candidates, as described in their CVs and the information sent via the form in the “JOB OPPORTUNITIES” section; (iv) defend rights in judicial proceedings; (v) for the time prescribed by the applicable laws.
The data collected for the purposes mentioned above may be communicated:
- to companies part of the group and any third party with which the Company may stipulate business agreements with marketing purposes;
- to third-party service providers, or providers that participate in the operational management of the program and may get to know said data;
- to personnel and/or collaborators of the Data Controller and/or third parties with whom it is in business with, who may get to know the data in their capacity as designated/authorized processors.
The Data Controller may process data directly or via authorized employees, or external collaborators, which in this case qualify as Data Processors.
The updated list of Data Processors will be made available by the Data Controller on request.
Personal data shall not be disseminated.
Data Subjects Rights
The General Data Protection Regulation (articles 12-22 Regulation EU 679/2016) gives Data Subjects the right to be informed about the processing of their Data and access them at any time, as well as request their update, integration and rectification. When certain conditions are met, Data Subjects also have the right to erase Data, limit Data processing, the right to Data portability, to object to Data processing and the right not to be subject to decisions based entirely on automated processing.
When Data processing is based on consent, Data Subjects have the right to revoke their consent at any time.
To exercise their rights and to obtain more detailed information on how Data are processed, Data Subjects my contact STEP SB s.r.l. by sending an email to the following address: firstname.lastname@example.org.
Data Subjects who consider that their rights have been breached may complain to the Data Protection Authority.
The Data Controller is STEP SB s.r.l, with headquarters in Via Redipuglia 70, Treviglio 24047, Italy, email address: email@example.com