- Data Controller and contact details
The Data Controller is the company BERGS & MORE, società tra avvocati, with registered office in V. Bellini, 4 – 35131 Padova (Italia), VAT number and Tax Code IT05388510280, C.R.N. PD-463959, minimum registered capital €50.000,00, hereinafter “Bergs & More”, or also “Data Controller” or “Controller”.
- Personal data subject to processing
The personal data processed through the Website are the following:
- NAVIGATION DATA
The computer systems used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These personal data are not collected to be associated with identified data subjects, but, considering their nature and intrinsic characteristics, they could, through processing and association with data held by third parties, enable users to be identified. This category of data includes, for example, IP addresses or domain names of the computers used by users and URL address. Such technical/informational data are used for the sole purpose of obtaining aggregate or anonymous statistical information on the use of the Website, monitoring the proper functioning of the services offered through the Website and identifying anomalies and/or abuses. This information are deleted immediately after being processed. The data could be used to ascertain responsibility in case of hypothetical computer crimes or at the request of the Public Authority.
- DATA PROVIDED ON A VOLUNTARY BASE:
By means of the website, the User may voluntarily provide personal data such as, for example:
- personal data provided by the User (for example, name, surname, e-mail) when sending e-mails to get information and/or clarification to the contact details specified within the Website;
- personal data provided by the User when sending the curriculum vitae to the e-mail address indicated in the “Careers” section of the Website (for example: personal and contact data, data relating to educational and professional qualifications). To this end, the data subject/candidate is invited not to enter data that could reveal health status, racial and ethnic origin, religious beliefs, political opinions, sexual life, and any information qualifying as special categories of data under Article 9 of the GDPR. Any special data indicated by the data subject will be immediately deleted in the absence of a written declaration of consent to their processing. The data subject is also requested not to communicate judicial data, as defined by current legislation. Such data, if provided by the data subject, will also be immediately deleted;
- personal data (first name, last name, e-mail address, job title, company/institution) provided by the User in order to download materials made available within the Website.
The Data Controller will process the User’s data in compliance with the Applicable Regulations, assuming that they relate to the User himself or to third parties (in particular, customers or potential customers) who have expressly authorized him to confer them or whose personal data the User was otherwise entitled to confer. With respect to such assumptions, the User undertakes to relieve and hold harmless the Data Controller from any dispute, claim, and/or request for compensation for damages from the processing of personal data that may be received from such third parties.
- COOKIES AND OTHER TRACKING TOOLS
- Purposes and legal basis of the processing
The following table provides the purposes and legal basis concerning the processing of the above-mentioned personal data:
Providing feedbacks to any requests for information/clarification.
The implementation of pre-contractual measures taken at the User’s request and/or the contract to which the User is a party [art. 6 (1)( b), of the GDPR].
Carrying out the recruitment process, including but not limited to receiving and registering the CV within the Data Controller’s databases, evaluating the information within the CV in order to determine the potential suitability of the candidate for the establishment of an employment relationship or internship with the Data Controller, arranging interviews and related fulfillments.
The implementation of pre-contractual measures taken at the request of the data subject [Art. 6(1)(b) of the GDPR].
If the candidate independently decides to include special data, as described above, within the CV, the legal basis is the data subject’s consent [Art. 9(2)(a) of the GDPR].
Complying with legal obligations to which the Data Controller is bound, included to respond to any requests to exercise the User’s rights as data subject under current data protection legislation.
The compliance with legal obligations to which the Data Controller is bound [Article 6(1)(c) of the GDPR].
Making available materials through the Website and to carry out marketing activities by sending, by e-mail, professional newsletters, communications related to professional content (updates, publications, invitations to events organized by the Data Controller) and promotional communications concerning BERGS & MORE services and initiatives.
The data subject’s consent to process the User’s personal data [art. 130 of Legislative Decree No. 196/2003 (“Italian Privacy Code”) – art. 6, (1)(a), of the GDPR].
Verifying any fraudulent or illegal use of the Website and ensure its security and functionality in the interest of the Users and the Data Controller.
The legitimate interest of the Data Controller and the Users themselves to prevent or identify any fraudulent or otherwise illegal use of the Website [art. 6(1)(f) of the GDPR].
Carrying out research/statistical analysis on aggregate or anonymous data, without therefore being able to identify the User, to measure traffic and assess usability and interest with respect to the Website.
The legitimate interest of the Controller to verify the usability and appeal of the Website [art. 6(1)(f) of the GDPR].
Ascertaining, exercising, or defending legal claims or whenever courts are acting in their judicial capacity.
The legitimate interest to ascertain, exercise, or defend legal claims or whenever the courts are acting in their judicial capacity [art. 6(1)(f) of the GDPR].
- Consequences of failure to provide personal data
The provision of data by the User is optional. Nonetheless, failure to provide them, in whole or in part, could make it impossible to provide feedbacks to any requests for information/clarifications and/or requests to exercise the rights. Failure to give consent to the sending of commercial communications, on the other hand, will have no consequence other than the impossibility of downloading the materials made available through the Website, and remaining updated and receiving news regarding BERGS & More and its services/initiatives.
- Methods of personal data processing
Personal data are processed with manual and/or paper-based and/or computer-based and/or telematic instruments and/or supports, in any case in such a way as to guarantee their security and confidentiality. To this end, the Data Controller has adopted and implements security measures, both technical and organisational, appropriate to the level of risk related to the processing of personal data carried out.
In particular, the Website functionality is provided on HTTPS encrypted connection and personal data are collected, filed, and stored on secure servers and protected by firewalls.
- Recipients of personal data
The personal data of the User may be shared, for the purposes stated above, with:
- employees or other types of collaborators of the company authorized by the Data Controller to process those personal data pursuant to and for the purposes of Article 29 of the GDPR and Article 2-quaterdecies of the Italian Privacy Code and who have received specific instructions on how to process the data in accordance with the Applicable Law;
- companies, consultants, or professionals who may be entrusted with the installation, maintenance, updating of the Site (for example, web agencies and/or marketing agencies) and, in general, with the management of the hardware and software of the Owner, included hosting providers and cloud computing services providers that act as data controllers pursuant to and for the purposes of art. 28 of the GDPR;
- Public Authorities to whom, in their capacity as independent data controllers, it is mandatory to disclose the personal data of the User by virtue of legal provisions or orders of the authorities.
- Transfers to non-EU countries and/or international organisations
Personal data may be transferred outside the European Union or to international organisations. In such cases, the transfer will take place, either on the basis of an adequacy decision or standard contractual clauses (standard contractual clauses or SCC’s) approved by the European Commission or, failing that, subject to one of the exceptional situations set out in Article 49 of the GDPR. Personal data will not be disclosed.
For more information on data transfers, the User can contact the Data Controller at the following e-mail addresses: email@example.com, PEC firstname.lastname@example.org.
- Period of retention of personal data
The User’s personal data or provided by the User will be kept for a period not exceeding the one necessary for the pursuit of the purposes indicated above and for which they are processed.
In particular, personal data will be kept for the period necessary to provide feedbacks to any requests for information and/or clarifications received. With regard to the personal data contained in CVs, these data will be kept for a maximum period of 12 months after receipt, unless the employment/collaboration relationship is contracted and consequently retained for the time related to it.
With regard to the processing of personal data for promotional/commercial purposes, these data will be kept for a period of maximum 24 months from the moment the User provided the consent to process his/her personal data for marketing purposes. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Rights of the data subject
We inform the User that, as the data subject, he/she is entitled:
- to receive confirmation as to whether or not his/her personal data are being processed and, if so, to obtain access to them and to a range of relevant information, including, by way of example, information concerning : a) the purposes of the processing; b) the categories of personal data that are subject to processing; c) the entities or categories of entities to whom or which the personal data have been or will be communicated; d) the storage period of the data or, if that is not possible, the criteria used to determine that period; e) the source of the personal data, if they have not been provided by the User;
- to request and obtain the updating of personal data, the rectification of inaccurate data or, when needed, the integration of incomplete data;
- to request and obtain the erasure of personal data if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the User objects to the processing carried out on the basis of a legitimate interest of the Controller and there is no overriding legitimate reason to continue the processing; c) the personal data have been processed unlawfully; d) the personal data must be erased by the Controller in compliance with a legal obligation;
- to request and obtain the restriction of processing in the event of: (a) contestation of the accuracy of his/her personal data for the time necessary for the Data Controller to carry out the requested verifications; (b) unlawful processing of data by the Data Controller, if the User objects to the deletion of the data and instead requests the restriction of its use; (c) ascertainment, exercise or defence of a right of the User in court, although the Data Controller no longer needs the data for the purposes of processing; (d) awaiting the outcome of the verification as to whether the Data Controller’s legitimate reasons prevail over those of the data subject;
- in cases where the processing of personal data is based on a contract and is carried out by automated means, to request and receive in a structured, commonly used and machine-readable format his/her personal data and, if technically feasible, to obtain the direct transmission of them by the Controller to another controller;
- to object, in whole or in part, on legitimate grounds relating to the User’s particular situation, to the processing of personal data concerning the User, even though they are relevant to the purpose of collection; in cases where the processing of personal data is based on the consent, to withdraw, at any time, the consent given; the withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal;
- to file a complaint with the Italian Data Protection Authority pursuant to Article 77 of the GDPR and Articles 140-bis et seq. of the Privacy Code.
The Data Controller shall inform each of the recipients to whom the User’s personal data have been transmitted of any rectification, cancellation and/or restriction of processing carried out, except when this proves impossible or involves a disproportionate effort.
- Ways of exercising rights of the data subject
If the User wishes to lodge a complaint, he/she may use the forms available on the website of the Italian Data Protection Authority.
Last update: 16.01.2023