Background information on the processing of the user’s personal data
Rights of the user concerned
How to exercise rights and/or request information on processing
You will be provided with specific and/or supplementary information on the processing of your personal data each time we collect it, during your interaction with the site, or under contractual relationships established with our Company. You can consult all of them at any time by clicking on the links in the “Information” section at the bottom of this page.
GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (General Data Protection Regulation)
Personal data: Any information relating to an identified or identifiable natural person. In addition to the data provided by the user via any forms within the individual areas of the Web Services, this also includes data relating to the user’s navigation
Stakeholder or interested party: The identified or identifiable natural person to whom the Personal Data relates.
Navigation data: The computer systems and software procedures used to operate the Web Services acquire, in the course of their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could enable users to be identified through processing and association with data held by third parties. However, if the browsing session is carried out after accessing the Reserved Area (or log in), the data collected are associated with the user’s personal account.
Navigation data includes:
- IP addresses or domain names of computers used by users connecting to the site;
- the addresses in URI (Uniform Resource Identifier) notation of the requested resources;
- the time of the request;
- the method used to submit the request to the server;
- the size of the file obtained in response;
- the numerical code indicating the status of the response given by the server (successful, error, etc.);
- other parameters relating to the user’s operating system and computer environment.
Data provided by the user: These are the data that the user voluntarily and knowingly shared by sending communications (e.g. by e-mail, to the addresses present in the web domain) or by filling in specific forms, if present in the spaces provided by the Services.
The Data provided by the User are only those strictly necessary for the purposes occasionally required by the services (for precise indications regarding the categories of data occasionally collected, please refer to the individual privacy policies of reference). By way of example, such data may include:
- personal details;
- contact details (e.g. e-mail address);
- information related to the contractual position of the user/customer;
- geolocation (where the user has given consent to the collection of data relating to his/her location);
- information related to the use of the individual services made available to the user;
- relevant facts and events revealed by the user in his/her messages (in this regard, and for his/her greater protection, the user is invited not to provide information that is not strictly pertinent to the subject of the request and the nature of the services provided by the company).
Data Controller or the Controller: The person who decides upon the purposes and means of processing Personal Data. With reference to Web Services, it is the Company of the Unipol Group to which this site refers, and the references of which you can find at the bottom of each page.
Services or Web Services: The services provided through the internet, used through the website and/or any apps.
User: The data subject (natural person) who browses, consults, accesses, or uses the Web Services.
DPO: The Data Protection Officer. The user concerned may request clarifications on the processing of Personal Data or exercise his/her rights by contacting the DPO, in the manner and form indicated in the section “How to exercise rights and/or request information on data processing”.
Privacy Guarantor: The Garante per la protezione dei dati personali [Data Protection Guarantor], i.e. the Italian national supervisory authority for the protection of personal data. See the website of the Privacy Guarantor.
Cookies: Cookies are pieces of information that are stored on your device (e.g. in the memory of your browser) when you visit a website or use a web application.
Each cookie may contain various data, such as the name of the server from which it comes, a numeric identifier, etc.
BACKGROUND INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA
Below we provide you with useful information regarding the processing of Personal Data carried out through the Web Services.
In particular, we want to inform you about:
- the identification and contact details of the data controller;
- the contact details of the Data Protection Officer (DPO);
- the categories of Personal Data processed through the Web Services;
- the purposes for which such Personal Data are occasionally processed;
- the preconditions for processing such data (legal bases);
- the duration of their storage, always strictly necessary for the pursuit of the stated purposes;
- the categories of recipients of data communication.
|Data controller||Registered office|
|ITAL H&R S.r.l.||– Via Stalingrado, 37 – 40128 Bologna (Italy).|
Categories of Personal Data, purpose, and legal basis of processing and retention periods
|Categories of Personal Data||Purpose of processing||Legal bases||Terms of Data Retention|
|Navigation data||Allowing web browsing and the provision of services||Requirement to perform a contract to which the data subject is party or to provide a service at the request of the data subject||For the duration of navigation within the services|
|Obtaining anonymous statistical information on the use of the Web Services, for the sole purpose of monitoring their correct functioning||Legitimate interest of the company||Collected data are aggregated and no longer traceable to the individual user who did the browsing|
|Data provided by the User: provision of Web Services||Request for information||Requirement to execute requests made by the data subject (pre-contractual phase) or legitimate interest||The time needed to provide feedback|
|Booking at the facilities||Requirement to execute requests made by the data subject (pre-contractual phase) or contractual phase||The validity period of the reservation|
The provision of your Personal Data is free and optional. We remind you, however, that for the pursuit of certain purposes (to provide you with the appropriate feedback requested, for registration in the Reserved Area or for the provision of individual Services) it is indispensable; if not provided, in such cases, it may not be possible to proceed with the pursuit of the aforementioned purposes.
However, we invite you to consult the individual data processing notices for more details.
Processing methods and recipients of data communication
The above data will not be subject to dissemination and may be viewed the by employees of our company specifically authorised to process them. They may also be acquired and/or processed by other companies of the Unipol Group and/or by the companies. Processing operations may be carried out by external parties to whom we entrust the performance of activities on our behalf, and with whom we enter into appropriate agreements aimed at regulating the processing of data.
Finally, the data may be communicated to public authorities or law enforcement agencies at their express request.
The processing of Personal Data is always carried out following the adoption of appropriate security measures to ensure the confidentiality, availability and integrity of such data.
The Web Services may use technical, analytical, and profiling cookies, both first and third party ones.
Cookies are essential for improving the services and providing products that are always in line with users’ preferences.
Any use of profiling and/or third-party cookies will always be subject to your prior consent.
To find out more, click here.
RIGHTS OF THE USER (AS DATA SUBJECT)
|Rights||What does it consist of?||Prerequisites for exercise|
|Access to data||The user may request from the Data Controller: confirmation that he/she is processing data relating to the user;a copy of the data concerning the user;information concerning data processing (e.g. legal bases, retention periods, categories of data recipients, etc.)||The user always has the right to submit such a request|
|Correcting or supplementing data||The user may request the Data Controller to: correctupdateedit the Personal Data processed||If the data processed are inaccurate or incomplete|
|Data deletion||The user may request the Data Controller to erase the Personal Data being processed||Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed;the user revokes the consent on which the processing is based, and if there is no other legal basis for the processing;the user objects to the processing pursuant to Article 21 and there is no overriding legitimate reason for processing;Personal Data have been unlawfully processed; the Personal Data must be erased in order to comply with a legal obligation imposed by a European Union or Member State law to which the Data Controller is subject|
|Limitation of the processing of Personal Data||The user may request that the Controller does not carry out any processing operation on the user’s Personal Data other than storage, except with the user’s consent or to protect his/her rights||the user disputes the accuracy of the Personal Data, for the period necessary for the controller to verify the accuracy of such Personal Data; the processing is unlawful and the data subject objects to the erasure of the Personal Data and requests instead that their use be restricted;although the data controller no longer needs the Personal Data for processing purposes, the Personal Data are necessary for the establishment, exercise or defence of legal claims; the user has objected to the processing, pending verification of whether the legitimate reasons of the data controller prevail over those of the data subject|
|Objecting to the processing of Personal Data||The user may object to processing based on a legitimate interest (including the sending of promotional communications) or a public interest||There must be grounds relating to the particular situation of the user, except where the objection is to processing for direct marketing purposes|
|Objections to automated decision-making||The user may object to automated decision-making processes. If such a process is necessary for the conclusion of a contract, or if it is based on explicit consent, or if it is authorised by law or regulation of the State or the European Union, the user has the right to obtain human intervention by the Controller, to express his/her opinion and to contest the decision||There is a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects him/her in a similar way|
|Portability of Personal Data||The user has the right to receive in a structured, commonly used, and machine-readable format, the Personal Data concerning him/her||Provided that all the following conditions are met: the data have been provided by the user;the processing is based on consent or on a contract; the processing is carried out by automated means|
|Withdrawal of consent||The user may revoke the consent previously given. Revocation does not affect the lawfulness of the processing carried out up to that moment||Always|
HOW TO EXERCISE RIGHTS AND/OR REQUEST INFORMATION ON PROCESSING
The “Data Protection Officer” is available to clear any doubts, for clarifications, for the exercise of the rights of the Data Subjects, and to provide an updated list of the categories of data recipients.
|Data Protection Officer or DPOfirstname.lastname@example.org|
This does not affect your right to approach the Privacy Guarantor, including by means of a complaint, where deemed necessary for the protection of your Personal Data and your rights in this respect.
The list of background information is given below: