INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
This information is provided in accordance with the Regulation (EU) 2016/679 (hereinafter the “Regulation” or “GDPR”) and describes the methods for processing the personal data of users who consult and use this website, accessed at https://www.gellify.com/ (hereinafter also “Site”).
According to the current European Regulation on the protection of personal data No. 679/2016 (“GDPR”), the collection and processing will always follow principles of lawfulness, correctness and transparency.
1. DATA CONTROLLER
The Data Controller is GELLIFY S.r.l. with registered office in Casalecchio di Reno (BO), via Isonzo n. 55/2, 40033, P.I. 03561101209.
The Data Controller can be contacted at the following email address: firstname.lastname@example.org
The treatments will be carried out in a mixed mode using both electronic and paper media and as explained below.
2. DATA PROTECTION MANAGER (RPD).
The Company has appointed a Data Protection Officer (DPO).
For any need regarding the protection of personal data, including the right to exercise the data subject’s rights under current legislation, please refer to the following contacts to the Data Protection Officer: email@example.com
3. NATURE OF DATA PROCESSED, FINALITY, LEGAL BASIS OF PROCESSING AND STORAGE
As part of the activities and services offered, the Company will carry out some data processing activities as better specified below:
Data collected: IP addresses or domain names of the computers used by the users who connect to the site, URL addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and platform used by the user.
Purpose: the computer systems and software procedures used to operate this site collect, during their normal operation, some personal data whose transmission is implicit in the navigation of the website. This information is not collected to be associated with identified interested parties, however, by their very nature they could, through processing and association with data held by third parties, allow users to be identified.
The submission of these data is mandatory and the information is acquired independently in order to ensure access and navigation on the Site. The above data are used only to obtain anonymous statistical information about the use of the site and to check its correct functioning.
Legal Notice: the legitimate interest of the Company to make the Site usable and navigation on it safe. Exclusively for the specific activity of profiling the express consent of the data subject (art. 6, par. 1 lett.f EU Regulation 2016/679).
Storage: navigation data are deleted after processing since they are used only to obtain anonymous statistical information about the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site: except for this possibility, at present the data on web contacts do not persist for more than 7 (seven) days.
B. DATA PROVIDED VOLUNTARILY BY THE USER THROUGH CONTACT FORMS AND E-MAIL.
The optional, explicit and voluntary sending of communications using the contact forms present on the Site or by e-mail to the addresses indicated on this site, entails the subsequent acquisition of the data communicated by the user, including their e-mail address, and their consent to receive any messages in response to their requests.
Data collected: common data, first name, last name, email address.
Purposes: The providing of the email address and other data that may be indicated is optional, explicit and voluntary. The providing of this data is required in order to use the service and receive an answer to your request or be contacted by email or telephone, and, in their absence, we will not be able to proceed with the elaboration. The personal data provided in this way are used for the only purpose of satisfying or responding to the requests transmitted and are communicated to third parties only if this is necessary for that purpose.
Legal basis: the provision of the services requested by the data subject and therefore the fulfillment of a contractual and pre-contractual obligation assumed by the Data Controller with the service (Art. 6, par. 1 lett.b EU Regulation 2016/679).
Storage: The Data voluntarily provided by the user are stored for the period necessary for the purpose of fulfilling the request and as permitted by applicable law and any contractual obligations that may have arisen.
C.DATA PROVIDED BY SENDING CV’S VIA E-MAIL OR APPLICATION ON THE PLATFORM.
Collected data: common data, contact data, work experience, training.
Purpose: the optional, explicit and voluntary sending of CVs in order to apply for open positions or to submit one’s professional profile by e-mail to the addresses indicated on this site, or through the dedicated “careers” section, entails the subsequent acquisition of the data communicated by the user, including their e-mail address, and their professional aptitudes. The failure to provide such data, although not mandatory, does not allow the evaluation of the application and the start of any selection process. The personal data provided in this way are used for the only purpose of satisfying or responding to the requests sent and are disclosed to third parties only if this is necessary for that purpose. Gellify s.r.l. collects this data as the Data Controller if the sending of applications is for its internal positions. However, in some cases, Gellify s.r.l. acts as the External Data Processor ex art. 28 for other companies specified in the details of each advertisement and from which we are commissioned to search and select personnel. In these cases, Gellify s.r.l. acts exclusively as the person in charge of the treatment, and it is not up to us to decide on the modalities of treatment of the data.
Legal basis: The processing is carried out for the fulfillment of a contractual and pre-contractual obligation assumed by the Controller with the service (art. 6, par. 1 lett.b). The processing may, in some cases, be carried out by us as data processors pursuant to Art. 28 on behalf of third party companies that are disclosed in the advertisement and that entrust us with the selection and evaluation of candidates.
Storage: The data is stored for the period necessary for the purposes of processing the request and in accordance with current legislation, and in any case no longer than 2 years from receipt of the data.
D.DATA PROVIDED FOR NEWSLETTER, PROMOTIONAL COMMUNICATIONS AND MARKETING.
Collected data: contact and identification data.
Finalità: where requested, it is possible to provide one’s own contact data in order to receive communications of a commercial and/or informative nature regarding the Controller’s activities. The submission of such data is optional but essential in order to proceed with the provision of promotional information service described above.
Legal basis: for the sending of newsletters and communications of a commercial/promotional nature, exclusively for commercial purposes, the processing is carried out on the basis of the explicit consent of the data subject (art. 6, par. 1 lett.a EU Regulation 2016/679).
Storage: the Data provided for the sending of newsletters and promotional communications are stored for the period necessary to carry out the activity for which they were provided and, in any case, specifically for the purposes described above, for no longer than two years as expressly provided for by law (unless renewed consent from the interested party for use for other purposes as provided by law).
Collected data: contact and identification data.
Purpose: sending communications relating to products or services similar to those already purchased by the user without the need for the express consent of the User as provided for in art. 130, paragraph 4, Privacy Code, and provided that the user does not exercise the right of opposition.
Legal basis: art. 130, co.n. 4 Privacy Code as amended by Legislative Decree n.101 of 2018 and art. 6, par. 1 lett.f EU Regulation 2016/679.
Storage: the Data used to send promotional communications are stored for the period necessary to carry out the activity for which they have been conferred and in any case, specifically for the purposes described above, no longer than two years as expressly provided for by law (unless renewed consent by the interested party use for other purposes as provided for by current legislation).
4. RECIPIENTS OF DATA.
The personal data collected are processed by the staff of the Company, which acts with specific authorization, based on specific instructions regarding the purposes and methods of treatment. In addition, subjects designated as data processors pursuant to art. 28 of the GDPR or sub-pursuants, which the Data Controller uses for the provision of services and for the performance of activities falling within its competence, as well as Public and Judicial Authorities at the request of the same or for legal obligations.
- to other companies in the Company’s group in order to allow the latter to carry out specific activities and/or provide specific services that are the subject of the contract entered into with the Customer;
- to persons, companies, associations or professional studios that provide assistance and consultancy services or that provide services to the Company, with particular but not exclusive reference to accounting, administrative, legal, tax and financial matters;
- subjects whose right to access data is recognized by law or by provisions issued by authorities empowered to do so by law.
The subjects belonging to the above-mentioned categories will use the data as autonomous data controllers or data processors, in the latter case subject to agreement of appointment pursuant to art. 28 of the Regulations.
5. TRANSFER ABROAD OF PERSONAL DATA.
Personal data may also be transferred to countries that do not belong to the European Union or to the European Economic Area (so-called Third Countries) recognized by the European Commission as having an adequate level of personal data protection or, if this is not the case, only if an adequate level of data protection is contractually guaranteed compared to that of the European Union (e.g. by signing standard contractual clauses provided for by the European Commission).
6. RIGHTS OF THE DATA SUBJECT.
According to current legislation (Art. 15 et seq. of EU Reg 2016/679), the data subject has the right to ask the Data Controller for access to personal data, rectification of data, cancellation of data, limitation of processing concerning them, as well as the right to portability.
The appropriate request must be submitted to the Data Controller through the following e-mail address: firstname.lastname@example.org.
Interested parties who believe that the processing of personal data referring to them takes place in violation of the requirements of Regulation (EU) 2016/679 or of Legislative Decree 196/2003 and subsequent amendments and additions have the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as provided for in art. 77 of the aforementioned Regulation, or to take legal action (art. 79 of the Regulation).
Data subjects – the identified or identifiable natural persons to whom the data refer – may exercise specific data protection rights, which are listed below:
(a) right of access: right to obtain from the Data Controller confirmation as to whether or not personal data is being processed and if so, to obtain access to personal data and detailed information regarding the origin, purposes, categories of data processed, recipients of communication and/or transfer of data and more;
b) right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, also by providing a supplementary declaration;
c) right to erasure (” oblio”): right to obtain from the Controller the erasure of personal data without undue delay in the event that: i. the data are no longer necessary in relation to the purposes of the processing; ii. the consent on which the processing is based is revoked and there is no other legal basis for the processing; iii. the personal data have been processed unlawfully; iv. the personal data must be erased in order to comply with a legal obligation;
d) right to object to processing: right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Controller;
e) right to restriction: right to obtain from the Data Controller the restriction of processing, where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has objected to the processing;
f) right to data portability: right to receive in a structured, commonly used and machine-readable format personal data and to transmit such data to another Data Controller, if technically feasible, only for cases where the processing is based on consent or contract and only for data processed by electronic means;
g) right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing concerning him or her is in breach of the Regulation shall have the right to lodge a complaint with the supervisory authority of the Member State in which he or she resides or habitually works, or of the State in which the alleged breach occurred.
7. FURTHER PURPOSES OF PERSONAL DATA PROCESSING
Where processing is carried out for purposes other than those mentioned above or in the case of processing based on different legal bases and / or additional to those identified above, will be given specific indication in any information reference.
This policy was updated on 04/01/2022.