1. Data Controller
Data controller is Goppion S.p.A., Via T. Edison, 58/60, 20090 Trezzano sul Naviglio MI - Italy; telephone no.: +39 024844971; e-mail address: firstname.lastname@example.org.
Definition of “Personal Data”
2. Categories of Data Processed
(a) Data Provided Voluntarily by the Data Subjects
Goppion collects some personal data (name, surname, e-mail address, telephone number, postal address, etc.) that is voluntarily provided by the users of the Website by means of ad-hoc registration forms filled on the Website (e.g. subscription to our newsletter, application, etc.) or sent by e-mail or provided to Goppion or to its professionals or collaborators by the data subject himself/herself in some other way (for example: exchange of business cards, exchange of emails or other contact that shows through an active behavior an interest towards the activity of Goppion).
(b) Netsurfing Data
Computer systems and software procedures in charge of the correct functioning of the Website may collect, during their normal activity, some personal data, whose transmission is implicit in internet communication protocols. This type of information is not collected in order to be linked to identified subjects, but by its own nature, through processing and in combination with third party’s data, such information might be able to be used to identify users. Such category of data includes, among others: IP addresses relating to the computer used to access the Website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, procedure used to forward the request to the server, the size of the answered file, the numeric code that points to the condition of the server’s answer (successful, error etc.) and any other parameter relating to the user’s operating system. This type of data is used only for the purpose of gathering statistic and anonymous information on the usage of the Website and to assure its correct functioning, and is immediately erased after the processing. The above-mentioned data could be used to determine possible criminal liability arising from computer crimes in prejudice of the Website.
3. Purposes and Modalities of Data Processing
Goppion processes the above-mentioned personal data only in relation to:
(a) subscription to newsletter, invitation to events or subscription to mailing lists concerning the sending of communications relating to Goppion (events organized, certifications and prices received);
(b) management of unsolicited job applications, exclusively for purposes of research and selection of personnel in relation to open or future job positions at Goppion and for scheduling an interview (if needed);
(c) requests for information on Goppion or contact requests;
Goppion protects your personal data adopting all security measures prescribed by the GDPR. Goppion shall process the personal data about you only for the time necessary for the achievement of the purposes above described. The processing may be carried out with or without the use of electronic means as well as with automated systems.
4. Legal Basis for the Processing
In relation to the cases described above in sub 3(a):
- the data subject may request to subscribe to our newsletter through the specific section of the Website, thereby asking to receive articles relating to the activity of Goppion; or
- the data subject may receive information on our events on the basis of our legitimate interest to keep contacts with the data subject when the data subject already subscribed to one of our events or newsletters (also considering his reasonable expectations), save the right to object (“opt-out”); or
- the data subject may be entered into a mailing list as a result of contacts with Goppion or with a professional or collaborator of Goppion (for example, exchange of business cards or other contact that may constitute an active behavior demonstrating interest towards Goppion); in such a case it constitutes a legitimate interest of Goppion to keep in contact with him/her by sending communications concerning Goppion as well as events organized by Goppion and that Goppion thinks could be of interest to the data subject (duly considering the expectations of the data subject), save the right to object (“opt-out”).
In relation to the cases described above in sub 3(b):
- the data subject may send his application to work with Goppion in relation to open or future job positions, through the specific section of the Website; in this case the processing of personal data is based on one or more of the following legal bases: (i) the performance of pre-contractual measures upon data subject’s explicit request; (ii) Goppion’s legitimate interest to assess data subject’s suitability to collaborate with Goppion; (iii) the consent, which data subject can revoke at any time by contacting us at the addresses indicated below on point 10.
5. Optional Personal Data Provision
Without prejudice to the provisions on netsurfing data, the data subjects have the ability to provide or not provide his/her personal data in the forms on the Website or through e-mail. Not providing Goppion with such data, however, may render it impossible for Goppion to send you the communications and information you asked for.
6. Communication and Disclosure of Personal Data – International Data Transfers
7. Rights of the Data Subjects with Reference to Their Personal Data
The data subject has the right to obtain at any time confirmation as to whether or not there is personal data concerning him or her being processed, to access such personal data, to ask to receive the data in a structured, commonly used and machine-readable format in order to transmit the data to another controller, as well as to request at any time the erasure of such personal data, to obtain the restriction of processing or to object, in whole or in part, on legitimate grounds, to the processing of his or her personal data, in particular where it is processed for direct marketing purposes, and the data subject may exercise such right also by clicking in the section for such purpose below every communication. The exercise of such rights, however, may be subject to some limitations and exclusions pursuant to the GDPR and the applicable regulations.
Where the processing is based on the consent of the data subject, it shall be understood that the data subject has the right to withdraw his or her consent at any time. Such withdrawal shall not affect the lawfulness of processing based on consent given before withdrawal.
8. Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, every data subject, where it considers that the processing of personal data relating to him or her infringes the law, shall have the right to lodge a complaint with a supervisory authority.
10. Exercise of Users’ Rights and Request of Information
We use a third-party provider, MailChimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice.