INFORMATION ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH ARTICLE 13 OF EUROPEAN REGULATION 2016/679
We inform you that Intermediate S.r.l. is required to process and protect your data as indicated by European Regulation 2016/679 and Legislative Decree 196/2003 and subsequent amendments. This information notice provides information on the purposes and methods of the processing carried out through this website, as well as on the rights that may be exercised by the Data Subject.
- ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data falling into special categories: these are the so-called "sensitive" data, i.e. those revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, concerning health or life and sexual orientation.
- Data relating to criminal convictions and offences: these are the so-called "criminal" data, i.e. data which may reveal the existence of certain criminal measures subject to entry in the criminal record (e.g. final criminal convictions, conditional release, prohibition or obligation of residence, alternative measures to detention) or the status of accused or suspected person.
- ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
For the complete list of applicable definitions, please refer to Article 4 of European Regulation 2016/679.
Personal data are collected by the Data Controller for the following purposes:
a) purposes related to the performance of a contract to which the Data Subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
b) purposes related to the compliance with a legal obligation to which the Data Controller is subject;
c) purposes necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
d) purposes of preparing personalised quotations for the translation service;
e) purpose of evaluating requirements and skills of the Data Subject and related communications with respect to the needs of the Controller for a possible recruitment;
f) purposes of managing and sending newsletters.
3. DATA UNDERGOING PROCESSING: COLLECTED DATA AND ACQUISITION OF CONSENT
The data processed are as follows:
4. DATA PROCESSING METHODS
- Personal data: The granting of the consent referred to in points a) through e) is mandatory. The granting of the consent referred to in point f) is optional;
- Data falling into special categories: The granting of the consent referred to in points a) through e) is mandatory and is subject to the acquisition of a specific consent;
- Data relating to criminal convictions and offences: The granting of the consent referred to in points a) through f) is mandatory and is subject to the acquisition of a specific consent.
The processing will be done both manually and/or using computer systems and telematics with logical systems of organisation and processing closely related to the purposes themselves and in any case to ensure the security, integrity and confidentiality of the data in accordance with organisational, physical and logical measures set out by the regulations in force.
In addition to its collection, the processing of personal data may consist of automated or semi-automated recording, storage, modification, communication or deletion of the data, and the data storage will be in paper form and/or electronic/computer form.
6. LEGAL BASIS FOR PROCESSING
In this sense, this data processing will be based on principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the Data Subject.
The Controller shall process the Personal Data of the Data Subjects in the event that one of the following conditions exists:
7. PLACE OF PROCESSING AND TRANSFER ABROAD
- The Data Subject gave his consent for one or more specific purposes. Note: In some jurisdictions, the Controller may be authorised to process Personal Data without the Data Subject's consent or any other of the legal bases specified below, until the User objects to such processing ('opts out'). However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
- The processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures;
- The processing is necessary to provide the service the Data Subject requested;
- The processing is necessary for compliance with a legal obligation to which the Controller is subject;
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- The processing is necessary for the purposes of the legitimate interests pursued by the Controller or by third parties.
However, it is always possible to ask the Controller to clarify the concrete legal basis for each instance of data processing and, in particular, to specify whether the processing is based on the law, provided for by a contract or necessary to conclude a contract.
Personal data will be managed and stored on (non-EU) servers in the USA. The Controller hereby guarantees that the transfer of data outside the EU will be done in accordance with the applicable legal provisions by entering into agreements, if necessary, guaranteeing an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
The Data Subject shall have the right to obtain information about the legal basis for the transfer of data outside the European Union or to an international organisation governed by public international law or consisting of two or more countries, such as the UN, and about the security measures taken by the Controller to protect the Data. If one of the transfers described above takes place, the Data Subject may request information from the Controller by contacting him using the information given at the end of this statement.
8. DISCLOSURE OF THE DATA
The personal data collected may be disclosed, to the extent required by their specific jurisdiction, to:
a) The Company's personnel in charge of managing relations with Data Subjects;
b) The Controller's collaborators in their capacity as authorised persons;
c) The Company's shareholders;
d) System administrators, all formally appointed or assigned;
e) Public authorities for any purposes required by law.
Personal data will not be subject to disclosure in any case. Within the limits strictly necessary for the execution of contractual relations, the personal data may be disclosed to third parties located in Italy.
9. SECURITY MEASURES FOR DATA PROTECTION
Specific data management security measures have been adopted to protect the availability, integrity and confidentiality of both electronic and paper-based data.
10. RETENTION PERIOD
The data are processed for the time necessary to perform the service provided by the company and in accordance with the legal obligations for its storage. The Company undertakes to periodically review the retention times for the data and periodically deletes the data.
11. RIGHTS OF THE DATA SUBJECT
Pursuant to Article 13 of European Regulation 2016/679 (GDPR) and national legislation, the Data Subject may, in the manner and within the limits provided for by current legislation, exercise the following rights (provided for in Articles 16 through 21):
12. RIGHT TO WITHDRAW CONSENT
- Request confirmation of the existence of personal data concerning him (right of access);
- Learn its origin;
- Receive intelligible communication about it;
- Obtain information about the logic, methods and purposes of the processing;
- Request the updating, correction, integration, deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data no longer necessary to achieve the purposes for which they were collected;
- In cases of processing based on consent, to receive his personal data that was provided to the Controller, in a structured and readable form, from a data processor and in a format commonly used by an electronic device;
- The right to lodge a complaint with the Control Authority.
The Data Subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
13. PROCEDURES FOR THE EXERCISE OF RIGHTS
The Data Subject may exercise his rights at any time by sending an email to: email@example.com
14. LEGAL REFERENCES
15. DATA CONTROLLER AND DATA PROCESSOR
The Controller and Data Processor is Intermediate S.r.l., in the person of its legal representative, with registered office in Via Bramante 13, 00153 - Rome (Italy).
Place and date: Rome, 25 May 2018
The Data Controller
Intermediate S.r.l. in the person of legal representative Eveline Hermans