with sole shareholder relating to this site
This page describes the management of the site HSL S.r.l. with sole shareholder (hereafter “Data Controller“) in relation to the processing of personal data of the relevant user (hereafter “Interested Party” or “User“).
This information is provided (pursuant to article 13 and subsequent of EU Regulation 679/2016 – hereafter “Regulation” -) to those who interact with web services and concerning the protection of personal data, accessible electronically from the address //hsl-italia.com/, corresponding to the homepage of this site (hereafter “Site“).
The information is provided only for the Site and not for other websites that may be consulted by the user through links. The information draws on the Recommendation no. 2/2001 that the European Authorities for the protection of personal data, gathered in the Group established by art. 29 of the Directive 95/46 / EC, adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to users when visiting web pages, regardless of the purpose of the visit.
Personal data collected at the time of browsing and/or registration on this website and / or through e-mail messages (hereafter “Data“) are processed in compliance with the requirements of national and European legislation and the rights recognized by the law to the” interested party “.
Purpose and legal basis of the processing
Following access of the Site, data relating to identified or identifiable persons may be processed. Data processing will have the following purpose: a) to facilitate the navigation of the Site and the technical use of the services described therein, perform web analysis, check the number of visitors to the Site, check the progress of relations with the Users of the Site; in such cases the legal basis of the processing is the legitimate interest of the owner to manage the site, to maintain a proper functioning thereof and to protect its rights; b) if the relevant services are available, to find any requests for information and / or execute the services, requested through the Website, and / or select and manage the submitted applications (the User is advised not to include sensitive data in the profile – e.g. related to health, political opinions, sex life, etc. – if not strictly necessary for the purposes of selection and evaluation of the profile itself; for this last purpose of the processing the interested party is invited to review also the specific “information to candidates” published on the Website and accessible through the website //hsl-italia.com/); in such cases, the legal basis of the processing is the execution of measures taken at the request of the interested party, the execution of a contract of which the Interested party is a party or of pre-contractual measures adopted at the request of the same, as well as consent in the foreseen cases (see also “ information to candidates” accessible via the link above); c) if the related service is available, to send, at the contact details of the interested party (e.g. via telephone, social networks, email, communications on initiatives such as conferences, workshops, training courses, initiatives and/or new services/products offered by Data Controller, forwarding newsletters by e-mail, in the event that the interested party has made a specific request and only after expressing a specific consent, which will be separately requested; in this case, the legal basis of the processing is the consent of the User but also the legitimate interest of the Data Controller (as indicated in paragraph 47 of the Rules) to make known and to develop its activity, without prejudice to the rights of the interested party indicated below; d) to fulfil obligations deriving from laws, regulations, community legislation; in this last case, the legal basis of the processing is the fulfilment of a legal obligation to which the Owner is party.
Place of data processing, categories of recipients and transfer of personal data to a third country
The Data may be communicated and processed by companies and consultants of the Owner – and / or their representatives – for the design and / or maintenance of the technological part of the Site and for the performance of instrumental, support or functional activities for the execution of contracts or services requested by the interested party. In any case, these parties will treat and communicate to third parties the Data as independent “data controllers” or “data supervisors” of the processing (pursuant to Article 28 of the Regulations) on the basis of the instructions of the Data Controller, also concerning security, for the purposes indicated above.
The Data may be transferred to countries outside the EU exclusively within the aforementioned purposes and in compliance with the Regulation (hence on the basis of a decision of the European Commission of the adequacy of the level of personal data protection guaranteed by the third country or on the basis of adequate guarantees, pursuant to articles 45 and 46 of the Regulations), or, failing that, if for example it is necessary for the execution of a contract between the Data Controller and the Interested party, or in favour of the latter, or for the execution of pre-contractual measures adopted at the request of the same, or on the basis of the prior consent of the latter (as required by Article 49 of the Regulation).
In particular, for example, for the purposes referred to at the previous letter c), for the management of external services (to send the newsletter), when envisaged, the Owner uses the “MailChimp” service of the company The Rocket Science Group, LLC, 675 Ponce De Leon Ave, Suite 5000, Atlanta, Georgia 30308, and therefore, in case of subscription to the newsletter service, the Data may be transmitted and known by the latter company, which adheres to the Privacy Shield (subject of the European Commission 2016/1250 adequacy decision), with which standard contractual clauses have been signed in order to legitimize and guarantee non-EU transfer. The specifications relating to the service that the Data Controller uses, when provided, to manage and send emails are available at the following links //mailchimp.com/legal/terms/ and //mailchimp.com/legal/privacy/.
Types of data processed
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters relating to the operating system and the user’s computing environment.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on the Website entails the subsequent acquisition of the sender’s address, necessary to respond to the requests, as well as any other personal data included in the communication.
Specific summary information will be progressively reported or displayed on the pages of the Site prepared for particular services on request.
Cookies and other tracking systems
Please refer to the Cookies Policy published on the website.
Optional data supply
Apart from what has been specified for navigation data, the User is free to provide personal data contained in the request forms of the Site, where present, for example to request receipt of the newsletter, information material or other communications or for applications.
Failure to provide such data will render the receipt thereof impossible. For the sake of completeness, it is noted that in some cases (not subject to the ordinary management of this site) the Antitrust Authority may request that the Data controller, the Data supervisors, the interested party or even third parties, provide information and produce documents also pursuant to art. art. 58 of the Regulation, for the purposes of monitoring the processing of personal data. In these cases, the data supply is mandatory under penalty of administrative sanction.
Processing methods and data retention policy
Data will be processed in a manner that guarantees security and confidentiality and may be carried out in hard copy or electronically or in any case automated, computerized, manual and logically designed to ensure that the Data are processed securely, are always intact and available, and are processed in compliance with the principles set out in EU Regulation 679/2016 and solely for the purposes envisaged. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
The Data are kept for the time strictly necessary for the accomplishment of the aforementioned purposes (referred to in the aforementioned letters a, b, c) with the indication that the data which will eventually be sent in relation to the applications will be stored for a period of 2 years (see also “information to candidates” accessible via the link above).
Rights of the interested parties
The interested party has the right to exercise the following rights (specifically described in Article 15 of Article 22 of EU Regulation 679/2016), by contacting the Data Controller without further formalities (at the e-mail address below): ask the Data Controller to confirm that the relevant data concerning is being processed and, if so, obtain access to the data; request the correction and/or the integration, the erasure or the limitation of the data processing; oppose the data processing; request the portability thereof; submit a complaint to a supervisory authority; obtain all the available information on the origin of the Data and on the categories of Data, if they are not collected from the Data Subject; obtain information on the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party; not to be subject to a decision based solely on automated processing, including profiling.
In cases where the legal basis of the processing is consent (e.g. to send electronic communications relating to the activity carried out by the Data Controller) the interested party has the right to revoke the consent at any time without prejudice to the lawfulness of the processing based on consent given before the revocation.
The Data Controller
The data controller is HSL S.r.l. with sole shareholder, based in Trento, via dei Masadori no. 46. The interested party can exercise the above rights and obtain further information by contacting the Data Controller at the phone number + 39 0461955411, at the e-mail address: email@example.com or by visiting the site //hsl-italia.com/ Privacy section.