PRIVACY NOTICE ON THE PROCESSING OF USERS’ PERSONAL DATA OF THE WEBSITE WWW.NEXUMSTP.IT
The following information (“the Privacy Notice“) is provided to you, pursuant to article 13 of EU Reg. 2016/679 (“GDPR“), in order to illustrate the purposes and means of the processing of personal data related to users accessing the website www.nexumstp.it (“the Website“) and carried out by NEXUMSTP S.p.A..
This Privacy Notice only refers to the processing of personal data relating to users of the Website (“the Data Subjects“), and does not apply to the processing of personal data carried out by third parties whenever Data Subjects visit pages and websites accessible through links embedded in the Website.
The Website is NOT intended for navigation or use by persons under 18 years of age.
In addition to this Privacy Notice, NEXUMSTP S.p.A. may provide more specific information concerning certain processing operations that are carried out on information collected via forms embedded in the Website.
DATA CONTROLLER
The data controller is NEXUMSTP S.P.A. (Fiscal code & VAT no. 13262641007), having its registered office in Via Nairobi, n. 40 – 00144 Roma (RM) (“the Data Controller“).
For the purposes of this Privacy Notice, the contact details of the Data Controller (“Contact Details“) are: phone number 06 59 16 078, e-mail: info@nexumstp.it
DATA PROTECTION OFFICER
With regard to all issues related to the processing of the Data Subjects’ personal data and to the exercise of their rights, the Data Protection Officer (D.P.O.) appointed by the Data Controller may be contacted using the e-mail address dpo@nexumstp.it.
TYPE OF DATA PROCESSED AND PURPOSE OF PROCESSING
Whenever a user visits the Website, the following information relating to them may be subject to processing:
- data related to Website navigation, which is detected and collected by the Data Controller through the use of software applications which are necessary to ensure the Website’s functioning.
The processing of these information (such as the Internet Protocol address, the domain names of the computers and devices employed by users, the browser used, the Uniform Resource Identifier, the Uniform Resource Locator and other data that, by providing information on the device and connection used to visit the Website, may indirectly allow the identification of the Data Subject), is essential to the proper functioning of the Website and is therefore necessary to allow users enjoy the services offered.
Failure to provide these data will prevent from navigating the Website and from using of the services thereby offered.
The Website’s technical parameters have been set as to minimize the collection and use of users’ personal data.
- data which the Data Subjects voluntarily provide the Data Controller with by submitting their personal information via forms available on the Website, by sending e-mails or communications to the Data Controller’s and/or its partners’ and associate’s addresses displayed on the Website and by using the Website’s features and functions.
These personal data are processed in order to:
- provide the services which are being offered to the Data Subjects through the Website, i.e. in order to process and respond to requests for information sent via the form embedded in the “Contacts” subsection.
These processing operations are performed upon data such as e-mail address and any other piece of information the Data Subjects will spontaneously volunteer in their messages and communications, and are performed being necessary to offer the services requested and to carry out the pre-contractual measures requested by the Data Subjects themselves. The provision of such data is optional, but it is nevertheless necessary in order for the Data Controller to be able to fulfil requests and to offer its services.
- send to the Data Subjects newsletters and informative communications concerning the services offered by the Data Controller, limited to contact details.
These processing operations are only carried out with the Data Subject’s consent, which may be expressed by entering name, surname and his e-mail address in the appropriate form and by ticking the dedicated box. Data Subjects may revoke their previously given consent at any time, using the appropriate function at the bottom of each e-mail received or by contacting the addresses indicated in this policy. Consent to the processing operations described above is optional; if the Data Subject prefers not to consent, she will not be affected by any kind of prejudice or repercussion regarding the use of the other services offered through the Site (it is understood, however, that the Data Subject will not be able to receive newsletters from the Data Controller);
- to assess job applications and, provided pre-selection and selection processes are successful, make an offer for a professional collaboration or job placement.
These processing operations are described in further detail in a dedicated privacy notice available in the “Work with us” subsection, which Data Subjects are required to read and understand before submitting their application.
- data such as the Internet Protocol (IP) address and the technical features of the browser the Data Subject uses for navigation, which are collected and communicated by the Data Controller to Facebook Ireland Ltd. for the purpose of increasing the Data Controller’s commercial image.
Limited to the processing operations above mentioned, the Data Controller is also Facebook Ireland Ltd., having its registered office in 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland (EU). This implies, moreover, that liability for any further processing operations carried out after the transmission of such data lies exclusively with Facebook Ireland Ltd., to which the Data Subject may turn to in order to exercise their rights in relation to such processing operations.
These processing operations are carried out in pursuit of the legitimate interest of the Data Controller to promote its commercial image on the aforementioned social network.
Personal data will be processed, mainly by automated means (e.g. management softwares) and residually by non-automated means (e.g. paper filing systems) chosen in order to ensure data security, by individuals who operate under the Data Controller’s direct authority and who have been properly authorized and instructed in this regard by the latter.
DATA STORAGE PERIOD
Personal data processed for the purposes referred to point A) will be stored for the time necessary to allow navigation of the Website and in any case no further than 7 days from collection, except when a longer storage period is required for purposes of crimes detection by public authorities or for purposes of exercising or defending a legal claim of the Data Controller.
Personal data processed for the purposes referred to point B) will be stored and processed for the time strictly necessary to achieve the purposes for which they were collected; contact details shall be processed for the purpose of sending newsletters and informative communications until consent is withdrawn by the Data Subject or, in any case, for no longer than 24 months after those data has been registered for such purposes.
RECIPIENTS OF PERSONAL DATA AND TRANSFERS TO THIRD COUNTRIES
Personal data relating to the Data Subjects may be disclosed to:
- suppliers of information technology (IT) services, such as website management and maintenance support, hosting and e-mail delivery;
- Data Controller’s staff tasked with managing the Website and providing feedback to requests made via the Website;
- public authorities, such as police forces and judicial offices, where required by law or by a legitimate order.
If the conditions established by the GDPR are met, the Data Controller shall enter into specific contracts with those recipients, among those listed above, who receive disclosure of personal data so that they may process them on the Data Controller’s behalf (“Data Processors“), aimed at ensuring that the operations carried out are performed consistently with the instructions given by the latter and that appropriate technical and organisational measures are implemented to safeguard the security of the personal data processed. Personal data shall not be transferred to countries outside the European Economic Area (“Third Countries“).
DATA SUBJECTS’ RIGHTS
At any time, the Data Subject may exercise the rights attributed to him or her by Articles 15 et seq. GDPR by reaching out to the Data Controller. Namely the user, as a Data Subject and within the limits established by the GDPR and by Legislative Decree n. 196 of 2003, may exercise the following rights:
- the right of access, i.e. the right to obtain confirmation as to whether or not your data are being processed, as well as the right to receive any information related to the processing operations and a copy of the personal data undergoing processing;
- the right to rectification, i.e. the right to obtain the rectification or the completion of the personal data undergoing processing, if they are inaccurate or incomplete taking into account the purposes of the processing;
- the right to erasure (“right to be forgotten”), i.e. the right to obtain the erasure of the personal data undergoing processing when they are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or when another ground established by article 17 GDPR applies;
- the right to restriction of processing, i.e. the right to obtain the restriction of the processing of personal data, when the requirements set out in article 18 GDPR are met;
- the right to data portability, i.e. the right to receive personal data concerning the Data Subject, which he/she has provided to the Data Controller, in a structured, commonly used and machine-readable format, and to have the personal data transmitted directly from one controller to another, where technically feasible;
- the right to object to the processing, i.e. the right of the Data Subject to object at any time, on grounds relating to his or her particular situation, to the processing operations of personal data concerning him or her which are necessary to the performance of a task carried out in the public interest, to the exercise of official authority or for the purposes of the legitimate interest of the Data Controller, unless the latter demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
- the right to lodge a complaint with a Supervisory Authority, such as the Garante per la Protezione dei Dati Personali, with offices in Piazza Venezia 11 – 00187, Rome (RM), Italy (IT), E-mail: garante@gpdp.it, P.E.C.: protocollo@pec.gpdp.it.
These rights may be exercised free of charge, by sending a written request to the Data Controller at the latter’s Contact Details. However, in case manifestly unfounded or excessive requests – in particular because of their repetitive character – are filed, the Data Controller may charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request altogether.
PRIVACY NOTICE UPDATES
Over the course of time, the Data Controller may make changes or amendments to this Privacy Notice, in order to ensure it is updated to the processing operations being performed or merely in order to improve its clarity; in such cases, the Data Controller shall promptly inform users of the Website employing the most effective and appropriate tools to that end.
Last update: 21 January 2022