Privacy
INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
PRIVACY POLICY
The methods of management of the Site www.generalfinance.it (hereinafter only “site”) are described here in reference to the processing of personal data of users who consult it. This is a general document that informs about the criteria for the correct processing of personal data carried out on or through the site. The information relating to any individual services that the user will use, drawn up pursuant to Article 13 of the General Regulation EU/679/2016 on the protection of data and their free circulation (hereinafter only “Regulation”), can be consulted on the website in the specific sections and found at the owner’s offices.
This information is provided pursuant to Article 13 of the Regulation to those who interact with the web services of the site and does not include the processing carried out on other sites that may be consulted by the user via links on the site itself. Users are invited to read this information carefully before submitting any type of personal information.
The owner of the personal data processing
Following consultation of this site, data relating to identified or identifiable persons may be processed (“interested party” pursuant to the Regulation and hereinafter only “user”). The data controller of personal data is GENERALFINANCE S.p.A. (hereinafter “controller”). As of today, all information concerning the controller, together with the updated list of designated managers and system administrators, can be found at the Headquarters in via Giorgio Stephenson 43A, PEC [email protected] .
Purpose, lawfulness of processing, types of data and criteria used to determine the period of retention of personal data
Browsing data
Browsing the site involves the acquisition of some personal data whose transmission is implicit in the use of Internet communication protocols (browsing data). This information is not collected to be associated with identified users, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP (Internet Protocol) addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server on which the site is hosted or which manages the provision of the requested services, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of users.
The purposes for which the user’s personal data will be processed are listed below:
- use of the site;
any checks on the correct functioning of the services offered.
The user’s personal browsing data are stored for the period necessary to achieve the purposes for which they are collected and in any case not exceeding 7 days, without prejudice to the time necessary to satisfy requests received from the Judicial Authority for purposes of defense and/or security of the State and/or prevention, detection or repression of crimes or to satisfy requests received from the Authority for the protection of personal data.
The lawfulness of the processing of personal data is based on the need to pursue the legitimate interest of the owner (article 6.1 letter f) of the Regulation) on the correct functioning of the site.
The provision of personal data is mandatory. If the interested party does not wish to provide his/her personal browsing data, he/she must refrain from accessing and browsing the site.
The statistics on the use of the service (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.) are carried out by the owner on the basis of anonymized data that do not allow the identification of the user and therefore do not involve the processing of personal data.
Contact/information request section
The personal data provided by the user when filling out the “Contact us” form and any personal data contained in the message are used for the sole purpose of following up on what has been requested or in any case providing feedback to the user. The optional, explicit and voluntary sending of such data or the sending of emails to the addresses indicated on the site, entails the subsequent acquisition of the sender’s email address, necessary to respond to requests, as well as any other personal data included in the message.
The lawfulness of the processing of personal data is based on the need to execute a contract to which the user is a party or to execute pre-contractual measures adopted at the request of the same (art. 6.1 letter b) of the Regulation) or is based on the need to pursue the legitimate interest of the owner (article 6.1 letter f) of the Regulation) which consists in responding to requests received.
The user’s personal data is stored for the time necessary to provide feedback to the user and in any case for a time not exceeding that necessary to manage possible appeals and/or disputes.
The provision of personal data by the user is optional. Failure to provide personal data by the user does not allow the owner to respond to the requests received by the latter.
Complaints Section
The personal data provided by the user who sends a complaint, appeal or reconciliation message by ordinary or registered mail will be used for the sole purpose of performing the requested service or in any case providing feedback to the user. The optional, explicit and voluntary sending of the letter to the addresses indicated on the site, by its very nature, involves the subsequent acquisition of the user’s personal data, necessary to respond to requests.
The lawfulness of the processing of personal data is based on the need to execute a contract to which the user is a party or to execute pre-contractual measures adopted at the request of the same (art. 6.1 letter b) of the Regulation) or is based on the need to pursue the legitimate interest of the owner (article 6.1 letter f) of the Regulation) which consists in providing feedback to the requests received.
The user’s personal data are stored for the time necessary to provide feedback to the user and in any case for a time not exceeding that necessary to manage possible appeals and/or disputes.
The provision of personal data by the user is optional. Failure to provide personal data by the user does not allow the owner to respond to requests received by the latter.
Reserved Area
The user’s personal data are processed for access to the reserved area intended for the use of email and the use of the Attendance Register. The lawfulness of the processing of personal data derives from the execution of a contract to which the user is a party (art. 6.1 letter b) of the Regulation).
The user’s personal data are stored for the time necessary to provide the requested service, or until the revocation of the registration to the reserved area or for the time necessary to manage any appeals or disputes.
The provision of personal data by the user is optional. Failure to provide personal data by the user does not allow access to the reserved area.
Disclaimer
The user’s personal data are processed for access to the Disclaimer area for the consultation of technical documentation produced by GENERALFINANCE S.p.A. (press releases, procedures, etc.). The lawfulness of the processing of personal data derives from the execution of a contract to which the user is a party (art. 6.1 letter b) of the Regulation).
The user’s personal data are stored for the time necessary to provide the requested service or, if applicable, for the time necessary to manage any appeals or disputes.
The provision of personal data by the user is optional. Failure to provide personal data by the user does not allow access to the Disclaimer area.
Work with us section
The personal data provided by the user when completing the “Work with us” form and contained in the curriculum vita possibly attached to the same form, may be used for the search and selection of personnel for the purposes of a possible collaboration with the owner. The lawfulness of the processing of personal data derives from the execution of a contract to which the user is a party or from the execution of pre-contractual measures adopted at the request of the same and from the need to fulfill a legal obligation (laws and regulations of the State, community legislation) to which the owner is subject (art. 6.1 letter b) of the Regulation).
The user’s personal data are stored for the time necessary for the search/selection of personnel and in any case no longer than 12 months or for the time necessary for the management of any appeals or disputes.
The provision of personal data by the user is optional. Failure to provide personal data by the user does not allow the owner to proceed with the search and selection of personnel.
Methods of processing personal data
The processing of the user’s personal data takes place at the owner’s office, or if necessary, at the office of any data controllers identified and designated pursuant to art. 28 of the Regulation or at the entities indicated in the paragraph “Communication and dissemination of personal data”. The processing of personal data is partially automated since it occurs with electronic tools. Specific security measures are observed to prevent loss, illicit and/or incorrect use, unauthorized access to data. The processing of personal data is carried out to the extent strictly necessary for the performance of the functions for which the service is requested, excluding processing when the purposes pursued can be achieved using anonymous data or methods that allow the user to be identified only if necessary.
Communication and dissemination of personal data
Personal data, if necessary, may be communicated (with this term meaning giving knowledge of it to one or more specific subjects):
– to subjects whose right to access the data is recognized by national and European Union legal provisions;
– natural and/or legal persons, public and/or private, when communication is necessary or functional to the performance of the owner’s activity in the ways and for the purposes illustrated above;
– to the owner’s employees/collaborators, within the scope of their duties and/or any contractual obligations;
– to subjects who qualify as managers and/or sub-managers of the processing of personal data pursuant to art. 28 of the Regulation to whom institutional tasks and/or technical management of the site are entrusted (for example hosting, management of any databases used by the site).
Personal data are not disclosed in any case, with this term meaning giving knowledge of it in any way to a plurality of unspecified subjects. Personal data, without prejudice to their free circulation between the states of the European Economic Area (EEA), are not transferred outside the EEA.
Plugin social network
The site also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on the user’s favorite social networks. These plugins are programmed so as not to set any cookies when accessing the page, to safeguard the user’s privacy. Cookies are set, if required by the social networks, only when the user makes effective and voluntary use of the plugin. Please note that if the user uses the social network by authenticating using their authentication credentials, they have consequently already consented, at the time of registration, to the use of cookies. The collection and use of information obtained by means of the plugins are governed by the respective privacy policies of the social networks, to which we ask you to refer.
Changes to the information
The data controller reserves the right to make changes to this information at any time by giving notice to the user on this page. Therefore, the user is invited to consult this page frequently to be constantly updated.
Data Protection Officer (DPO)
The Data Protection Officer identified by the owner is the following person:
| DPO | P.IVA | Via/Piazza | CAP | Comune | Nominativo del DPO |
| LTA S.r.l. | 14243311009 | Via della Conciliazione, 10 | 00193 | Roma | Luigi Recupero |
The Data Protection Officer can be contacted at the headquarters of Generalfinance S.P.A. in Via Giorgio Stephenson n.43a – 20157 Milan. In the case of written requests/communications to be sent digitally, the Data Protection Officer can be contacted using the institutional contact details of the owner ([email protected]).
Rights of the interested party (user)
Please be advised that, at any time, you may exercise the following rights:
the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided to a data controller and have the right to transmit such data to another data controller without hindrance from the data controller to whom you have provided them;
the right to obtain access to your personal data;
the right to obtain the rectification of your personal data where this does not conflict with the applicable data retention legislation;
the right to obtain the erasure of your personal data where this does not conflict with the applicable data retention legislation;
the right to obtain the restriction of the processing of your personal data;
the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data.
You may exercise the above rights by making a request without formalities to the data controller or by contacting the Data Protection Officer.
To facilitate the exercise of these rights, the Italian Data Protection Authority has prepared a specific form that can be downloaded from the website www.garanteprivacy.it.
Right to lodge a complaint
The user has the right to lodge a complaint with a supervisory authority (in particular the Italian Data Protection Authority www.garanteprivacy.it).
Cookie
The specific information describing the use of cookies by the site is available and can be consulted in the document “Cookie policy”.