POLICY ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679
Date of last update: 27/03/2023
With this document Asolo Gold S.p.A., Owner of the site www.asologold.com (hereinafter only the “Site“), intends to provide information on the management methods of the Site itself in relation to the processing and protection of the personal data (“Data“) of the individuals who navigate on it or who otherwise contact the company by the means indicated on the Site (hereinafter “Users” or “Interested Parties“).
This document represents a Policy pursuant to Article 13 of the European Regulation of April 27, 2016 No. 679 (hereinafter “GDPR“) and is valid only and exclusively for the Site and not for other sites or web pages that can be consulted by the user through links or other interactive links that may be activated through the Site. Therefore, users are invited to read the Policies on data processing rendered by the owners of each site to which they may be redirected in the course of navigation.
Please note that this Policy may change as a result of the introduction of new regulations or as a result of changes to the Site, so users are encouraged to periodically visit the “Privacy Policy” and “Cookie Policy” sections of the Site.
This policy does not exclude that further information on the processing of personal data is also given to the Data Subjects in different ways, for example by sending specific information following the activation or request of a specific service.
1. Identity and contact details of the Data Controller
The Data Controller of the processing of personal data for the purposes described in this Policy is Asolo Gold S.p.A, current at Via delle Industrie 9, 31020, San Zenone degli Ezzelini (Treviso), P. Iva 01696060266 (hereinafter also “Data Controller” or “Company“).
For all matters relating to the processing of data, for the exercise of rights arising from the Regulations (on this point see paragraph 9 below), as well as for any doubts or clarifications regarding this Policy, the data subject may contact the Data Controller by sending a registered letter with return receipt to the above address, or a communication to the following e-mail address: privacy@asologold.com.
2. Purpose and legal basis for processing
Personal data collected through the Site are processed for the following purposes:
a. ensure the proper functioning of web pages and their contents and obtain statistical information on the use of services;
b. provide assistance/make contact with the user or otherwise respond to/follow up on requests for information sent by the user by filling in the data collection forms in dedicated areas of the Site (by way of example but not limited to “contact” section);
c. evaluate applications for open job positions or spontaneous applications transmitted by the interested party through the Site, through the dedicated section “Work with us”.
Considering the purpose of the processing (personnel search and selection), the Interested Parties are invited to indicate in the Curriculum Vitae only the data necessary to evaluate their candidacy as well as to schedule a possible interview, refraining from including information not strictly pertinent to the aforementioned purposes.
Please note that additional or specific information on the processing of personal data may be submitted to interested parties during the selection process;
d. direct marketing by the Data Controller: to send to the data subject – via paper mail, electronic mail, Sms, telephone calls with or without an operator or other means in use by the Data Controller, informative material, newsletters, promotional, commercial and advertising communications or pertaining to events and initiatives of the Data Controller, conducting market research and satisfaction survey activities regarding the services of the Data Controller.
Please note that if, in the course of browsing the Site, the user has consented to the use of profiling cookies (on this point, see the cookie policy in more detail), the Data Controller may send customized commercial communications, offers, invitations, etc., depending on the profile and/or interests of the individual user (e.g. commercial communications and specific advertising campaigns, dedicated offers based on the user’s profile, etc.).
We also inform you that:
- in relation to the purposes referred to in (a) above, the legal basis lies in the legitimate interest of the Owner (Art. 6.1 lett. f) GDPR) to ensure the proper functioning of the Site and its improvement;
- in relation to the purpose referred to in point b) above, the legal basis lies, as the case may be: in the need to execute pre-contractual measures taken at the request of the data subject (Art. 6.1 lett. b) GDPR); in the legitimate interest of the Data Controller (Art. 6.1 lett. f) GDPR), consisting in the need to respond to the data subject’s requests, taking into account the data subject’s reasonable expectations, even where the request is not pre-contractual in nature;
- in relation to the purposes referred to in letter c) above, the legal basis for the processing of your personal data is mainly that provided for in Article 6(b) of the GDPR: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract“. Should the processing involve data disclosing the data subject’s health status, for the purpose of hiring workers belonging to protected categories, the processing will be based on Art. 9 para. 2 lett. (b) GDPR: Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.” If the data subject, despite the invitation not to provide them, communicates additional special categories of data as defined in Article 9 para. 1 of the GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, etc. ), the processing of the same will be conditional on the prior consent of the data subject in accordance with Article 9 par. 2, letter a) of the GDPR, it being understood that if the data is not pertinent to the purpose of recruitment and selection, such information will not be used for the purpose of evaluating the candidacy, in accordance with the regulations in force;
- in relation to the purposes referred to in point d), the processing will be carried out only after the acquisition of your express consent (art. 6.1 lett. a) GDPR), except for the hypotheses: i) of so-called “soft spam” as described below, for marketing by the Data Controller; and ii) profiling through cookies, if consented to by the data subject through the cookies banner.
Interested Parties are informed that in Italy the Privacy Code (art. 130, paragraph 4, Legislative Decree 196/2003 and subsequent amendments) allows soft spam. This means that without having to acquire the explicit consent of the Interested Parties, it is possible to use the e-mail address that was provided with a previous purchase, for the purpose of direct sales of services similar to those that the Interested Party has already purchased from the Data Controller, provided that the Interested Party does not object to such use. It should be noted that the User may object to this processing at any time by contacting the Data Controller at the addresses mentioned in point 1) or by clicking on the appropriate link to object to the receipt of communications considered as unsolicited, present in all e-mails with commercial content sent by the Data Controller.
It should be noted that the personalization of commercial offers could occur, even in the absence of express consent to profiling, where the user has consented to the Site’s use of profiling cookies.
3. Nature of data provision
The provision of data for the purposes referred to in point a) above is optional and yet necessary for the proper functioning and use of the Site. Any refusal to provide data in relation to the aforementioned purpose could therefore result in the inability to navigate the Site, to view all of its contents and to access the related services.
The provision of data for the purposes referred to in letters b) and c) is optional; however, any refusal to provide the data in relation to the aforementioned purposes will result in the impossibility of processing your requests (e.g.: obtaining product information, quotes, etc.) or evaluating your application.
The provision and consent to the processing of your data for the purpose referred to in point d) is entirely optional. Any refusal will result in the impossibility for the Data Controller to carry out marketing activities towards you, while it will not entail any negative consequence with regard to the purposes under letters a), b) and c).
4. Type of data processed
In pursuit of the above purposes, the following categories of data will be processed:
- Navigation data: the computer systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site or other users, only at the request of the supervisory bodies in charge. The above information may be collected automatically through cookies and other similar technologies. For more information and to personalize your browsing choices, we invite you to consult our cookie policy.
- Data provided by the user: g. identification data (first name, last name) and contact data (phone number, e-mail address, etc.). Any additional data of a personal nature voluntarily provided in the compilation of data collection forms and/or through the voluntary sending of e-mails will be processed in accordance with the principles of correctness, lawfulness and transparency, as well as in compliance with the principle of “minimization,” i.e., acquiring and processing data limited to what is necessary with respect to the purposes pursued.
With specific reference to the collection of data in relation to possible applications, through the dedicated section of the Site (“Work with Us”), it should be noted that the data collected are identification data (first name, last name, place and date of birth, photograph, if any), contact data (address, telephone number, e-mail) and data relating to the education, qualification, professional experience, technical knowledge of the person concerned. Applicants are requested, unless expressly required by a job advertisement addressed to workers belonging to protected categories, not to disclose data related to health, nor data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data related to sexual life or sexual orientation, and any information in any way attributable to the particular categories referred to in Article 9, paragraph 1, of the GDPR. In the event that the Curriculum Vitae transmitted nevertheless also contains data falling into these categories, or if such data are provided on the occasion of any subsequent assessment interviews aimed at verifying the skills and conditions necessary for a possible recruitment, we will proceed to their processing only if the candidate has given his or her consent to the processing of these types of data, it being understood that we will refrain from using data that are not strictly pertinent to the purpose pursued.
5. Mode of Treatment
The processing of your personal data will be carried out using paper and IT tools, in compliance with the provisions on the protection of personal data and, in particular, with the appropriate technical and organizational measures pursuant to in Article 32.1 GDPR, as well as with the observance of any precautionary measures that guarantee their relative integrity, confidentiality and availability.
6. Categories of data recipients
Your personal data will not be disclosed, except where required by a law or regulation or by EU legislation.
Your personal data may be disclosed, strictly in relation to the above purposes, to the following parties or categories of parties:
a. third parties and companies that provide services to the Controller, such as – by way of example – the management of the information system and telecommunications networks (including e-mail), the development and management of the Site, sending commercial communications, etc.;
b. firms, companies or professionals in the context of assistance and consulting relationships;
c. call center for customer care;
d. authorities responsible for fulfilling legal obligations.
We also inform you that the subjects mentioned in letter d) will process your data as autonomous Data Controllers. In relation to the categories of subjects referred to in letters a), b) and c), on the other hand, the Data Controller undertakes to rely exclusively on subjects that provide adequate guarantees regarding the protection of the data, providing to appoint them, where required by the regulations in force, Data Processors ex art. 28 GDPR. The list of Data Processors is available from the Data Controller and the data subject may view it upon request.
In addition, your data will be processed, exclusively for the above-mentioned purposes, by company employees specifically authorized and instructed by the Data Controller pursuant to Article 29 of the GDPR.
7. Transfer of personal data to third countries
The Data Controller does not intend, at present, to transfer Data to non-EU/EEA countries. In any case, the Data Controller assures that any such transfers will take place in full compliance with the conditions set forth in Chapter V of the GDPR (Art. 44 et seq.), in order to ensure that the level of protection of individuals guaranteed by the GDPR is not undermined. The transfer will therefore take place to countries that the European Commission has deemed to guarantee an adequate level of protection, either in accordance with Article 44 GDPR or in compliance with specific standard contractual clauses approved by the European Commission pursuant to Article 46 GDPR, provided that the recipient of the data provides adequate safeguards and that the data subjects have enforceable rights and effective remedies. Any exceptions to the above will only take place in compliance with Article 49 GDPR.
8. Retention period
Data collected to ensure the proper functioning of the web pages and their content and to obtain statistical information on the use of services will be stored in accordance with our cookie policy.
Personal data collected for the purpose of responding to inquiries will be retained for the time necessary to provide the response to the data subject and in any case no longer than 24 months after the request has been processed, unless a contractual relationship is subsequently established, in which case the data will be retained for a period of 10 years after the termination of the relationship, in accordance with current regulations.
For direct marketing activities, data will be retained for a period of 24 months from the collection of consent, unless renewed.
Personal data inherent to any applications (e.g., collected through the “Work with Us” section) will be retained for a period of 12 months from the relevant registration.
Please note that, at the end of this period, the data will be subject to automatic deletion or irreversible anonymization. However, a longer period of data retention may possibly be determined by requests made by the Public Administration or other Body or Authority, or by the Owner’s participation in judicial proceedings involving data processing.
9. Rights granted to the data subject
The data subject may exercise his or her rights under the GDPR at any time in the manner described in paragraph 1 above. In particular, the data subject is entitled to:
Right of access
The data subject may ask us whether or not we process any of his or her data, and if so, he or she may obtain access to that data from us in the form of a copy. When the data subject makes a request for access, we also provide him or her with additional information, such as the purposes of processing, the categories of personal data involved, and any other information necessary for the data subject to exercise this right.
Right of rectification
The data subject has the right to correct his or her data if it is inaccurate or incomplete. Upon request, we will correct inaccurate personal data and, taking into account the purpose of processing, complete incomplete data.
Right of cancellation
Data subjects have the right to have their personal data deleted. The erasure of personal data can only occur in certain cases, listed in Article 17 of the GDPR. This includes situations where the data subject’s personal data is no longer necessary in relation to the initial purposes for which it was processed, as well as situations where it has been processed unlawfully. In relation to how we provide some services, we inform that it may take some time before backup copies are deleted. We also inform you that the Data Controller will, within the limits of the state of the art, provide for the deletion of the data subject’s personal data, except in cases where their retention is required by law.
Right to limitation of processing
The data subject has the right to obtain the restriction of the processing of his or her personal data, which means that we suspend the processing of the data subject’s data for a certain period of time. Circumstances that may give rise to this right (Article 18 GDPR) include situations where the accuracy of personal data has been disputed, but time is needed to verify its (in)accuracy. If the data subject has obtained a restriction on the processing of your data, we will inform him or her before this restriction is lifted.
Right of opposition
The data subject has the right to object to the processing of your personal data, which means that you can request us to stop processing your personal data for certain purposes (e.g., direct marketing). Please note that this right is granted to the data subject only in special circumstances (Art. 21 GDPR) and, in particular, in cases where the legal basis for processing is the legitimate interest of the Data Controller.
Right to data portability
The right to data portability means that the data subject can ask us to provide him or her with personal data in a structured, commonly used, machine-readable format and to ask us to transmit such data directly to another data controller, where this is technically feasible.
Right to withdraw consent
The data subject has the right to withdraw consent to the processing of personal data at any time if the processing is based on his or her consent (e.g., direct marketing). In any case, revocation of consent does not affect the lawfulness of processing based on consent prior to revocation
Right to submit a complaint with the supervisory authority
The Data Subject also has the right to lodge a complaint with the supervisory authority if he or she believes that a processing operation concerning him or her violates the GDPR and/or current legislation on the processing of personal data.
Please note that in Italy said authority is represented by the Italian Data Protection Authority, based in Rome. A Data Subject not resident in Italy may lodge a complaint before the Supervisory Authority designated in his or her country of residence.
Non-existence of an automated decision-making process
The processing referred to in this Notice is not subject to automated decision making.