PRIVACY POLICY

PRIVACY POLICY
INFORMATION ON THE PROCESSING OF PERSONAL DATA
Of users consulting the website ALFAMEDSRL.COM for the protection of personal data in accordance with Article 13 of Regulation (EU) 2016/679

1. Definitions

From Articles 4, 37-39 of Regulation (EU) 679/2016 (hereinafter also Regulation).

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier, or to one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity.

“Usage Data“: is the information collected automatically by this Application (or by the third party applications that this Application uses), including: the IP addresses or domain names of the computers used by the user who connects with this Application, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.. ) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed within the application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the User’s computer environment.

“Processing” means any operation or set of operations, whether or not by automated means, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction

“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements

“User“: the individual who uses this application, who must coincide with or be authorized by the Data Subject and whose personal data are the subject of any processing.
“Data Controller” means the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria applicable to its designation may be established by Union or Member State law.

“Data controller“: the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller;

“Data Protection Officer (also Data Protection Officer – DPO)“: a mandatory figure in certain cases provided for in Article 37 of the Regulation. He/she carries out advisory, monitoring, coordination and management of relations with the Supervisory Authority on personal data processing.

“This Application“: the hardware or software tool through which users’ personal data are collected.

“Contact“: service provided to Users interested in receiving information regarding the services provided by the Owner.

2. Data Controller.

The “Data Controller” of any personal data processed as a result of the use of the website is AlfaMed S.r.l., with registered office in Via Martiri di Cefalonia, 28 – 63822 Porto San Giorgio (Fermo).

3. Purpose and lawfulness of data processing.

Users who access this site and use the “Contact Us” service, will voluntarily provide certain information necessary to access the service itself. This is, in particular, First Name, Last Name, Address, City, Province, State, E-Mail, Phone number.
The users’ data are used for the sole purpose of performing the service or performance/information that may be requested and will not be disclosed to third parties.
The Data Controller has determined the purposes of the processing identified in the performance of the Controller’s own activities.
Users who send their resumes to the e-mail address listed on the site in the “Work with Us” section will voluntarily provide certain personal data, which may include:
– common data, such as personal information (e.g., first name, last name, date of birth, address, picture, gender, marital status, social security number, etc.), contact information (e.g., landline and/or mobile phone number, e-mail address, etc.), work and professional data;
– “special” data as defined in Art. 9 of the GDPR, i.e., capable of revealing racial and ethnic origin, religious beliefs, political opinions, membership in political parties, membership in trade unions, associations or organizations of a religious or philosophical nature, as well as health status (e.g., membership in so-called protected categories).

4. Legal basis of the processing

The interested party, by using the “Contact Us” service, expresses consent to the processing of his/her personal data for the purposes described in Article 2 above; the legal basis of the processing is, therefore, that provided for in Article 6, paragraph 1, letter a) of Regulation (EU) 679/2016.
The data that may be provided by the data subject by sending his/her CV to the email address indicated in the “Work with us” section will be processed to assess the professional profile with respect to the job positions opened and, in general, for the management of the procedures for the selection of employees. The Data Controller may contact the interested party in order to schedule interviews as necessary, using the contact information indicated in the resume itself.
The legal basis for the processing of the common personal data contained in the resume is that indicated in Article 6.1.b) of EU Regulation 679/2016, which legitimizes the processing where the same is necessary for the execution of pre-contractual measures taken at the request of the data subject.
Providing your personal data for these purposes is optional but failure to do so would make it impossible for the Data Controller to assess your profile or to be able to schedule interviews.
Should your application for collaboration be accepted, the Data Controller in accordance with the privacy policy prepared for employees and/or collaborators would process the personal data concerning you.
On the other hand, the possible processing of special data indicated in the resume transmitted by the interested party may be carried out in accordance with Article 9.2.a) of the Regulations, only with the explicit consent of the interested party. In this regard, if not strictly necessary, we ask not to provide this type of information; otherwise, if the person concerned decides to provide it, it will be necessary – in compliance with the current legislation on the protection of personal data – the release of appropriate consent by means of a statement included in the curriculum itself. The lack of a manifested consent to the processing of any special data indicated in the curriculum prevents the usability of the document itself.

5. Communication and recipients of personal data

The communication of personal data will take place only and exclusively to employees and direct collaborators of the Data Controller for the sole purpose of performing the service eventually requested by the user, unless the communication is imposed by legal obligations.
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site implies the subsequent acquisition of the sender’s address, to which the response to requests made will be sent, as well as any other personal data included in the message.
We invite users, in requests for services or queries, not to send names and/or other personal data of third parties that are not strictly necessary or “special” data as referred to in Articles 9 and 10 of Regulation (EU) 679/2016.
The optional, explicit and voluntary sending of the curriculum vitae to the email address indicated on the site in the “Work with us” section implies the subsequent acquisition of the sender’s address as well as other personal data included in the curriculum.
We invite users, at the stage of self-nominations, not to send “particular” data referred to in Articles 9 and 10 of Regulation (EU) 679/2016, unless strictly necessary. In this regard, please refer to the provisions of Article 3 above.

6. Methods and means of processing

Personal data are processed by automated means, for the time necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access in compliance with the obligations to adapt to adequate security measures. In fact, all data will be acquired and stored in accordance with Articles 32, 33 et seq. of EU Regulation 679/2016.
The Holder is not responsible for errors, content, cookies, and publications of immoral illicit content, advertisements, banners or files that do not comply with the regulations in force from sites not managed by the same.

7. Transfer of data to a third country

No transfer of data to a third country is planned.

8. Automated decision-making process

No automated decision-making process is present.

9. Duration of processing.

The personal data acquired, including by means of the “Contact” service, will be kept for the duration necessary for the execution of the activities requested by the User and, in any case, for no longer than 24 months after their entry.
The retention time may extend and involve the acquisition of additional data at a later date, in the event that the user himself requests services or purchases goods; in this case, the duration of processing, for administrative, accounting, tax and contractual purposes may extend up to 10 years from the termination of the relationship, as provided for by the regulations in force (art. 2220 of the Civil Code, art. 22 of Presidential Decree of 29/09/1973 no. 600 and art. 2200 Civil Code).
The personal data acquired by sending the resume to the mailing address indicated in the “Work with us” section will be kept by the Data Controller for the time necessary for the fulfilments foreseen for the selection of the Candidate and, in any case, no longer than 12 months from their collection, except for the possible establishment of the employment and/or collaboration relationship. In this case, the Owner according to the privacy policy specifically prepared for employees and/or collaborators will process the personal data concerning you.
The technical navigation cookies (described below), will be stored for the sole purpose of allowing the proper technical functioning of the site itself and will automatically expire when the browser is closed.

10. Type of navigation data processed

The computer systems and software procedures used to operate this website automatically acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow the identification of users.
This category of data includes the Internet protocol (IP) addresses or domain names of the computers used by users connecting to the site, the addresses in URL (Uniform Resource Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing.
This data could be used to ascertain liability in the event of any computer crimes against our site.
Hosting and backend infrastructure. These types of services have the function of hosting data and files that allow this Application to function, enable its distribution, and provide a ready-to-use infrastructure to deliver specific functionality of this Application. Some of these services operate through servers located geographically in different locations, making it difficult to determine the exact location where Personal Data is stored.

11. Rights of the interested parties

The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of such data and to know its content and origin, verify its accuracy or request to supplement, update, or rectify it. The subjects to whom the personal data refer also have the right to request the cancellation, transmission of the data to other owners, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their processing. Data subjects also have the right to propose recalls to the supervisory authority (Privacy Guarantor).
Article 13 of the European Regulation 679/2016.
Article 13 “Information to be provided if personal data is collected from the data subject”
1. Where personal data concerning the data subject are collected from the data subject, the controller shall provide the data subject with the following information at the time the personal data are obtained:
(a) the identity and contact details of the data controller and, where applicable, its representative;
(b) the contact details of the data protection officer, where applicable;
(c) The purposes of the processing for which the personal data are intended as well as the legal basis of the processing;
(d) where the processing is based on Article 6 (1) (f), the legitimate interests pursued by the data controller or by third parties;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, the intention of the data controller to transfer personal data to a third country or international organization and the existence or absence of a Commission adequacy decision or, in the case of transfers under Article 46 or 47, or the second paragraph of Article 49, the reference to appropriate or adequate safeguards and the means of obtaining a copy of such data or the place where such data have been made available.
2. In addition to the information referred to in paragraph 1, at the time personal data are obtained, the data controller shall provide the data subject with the following additional information necessary to ensure fair and transparent processing:
(a) the period of storage of personal data or, if this is not possible, the criteria used to determine this period;
(b) the existence of the data subject’s right to request from the data controller access to and rectification or erasure of personal data or restriction of processing concerning him or her or to object to the processing of personal data, in addition to the right to data portability;
c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal
d) the right to lodge a complaint with a supervisory authority;
e) whether the provision of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and whether the data subject is under an obligation to provide the personal data as well as the possible consequences of not providing such data;
f)the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4), and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such processing for the data subject.
3. Where the data controller intends to further process personal data for a purpose other than that for which it was collected, it shall, prior to such further processing, provide the data subject with information about that other purpose and any further relevant information referred to in paragraph 2.
4. Paragraphs 1, 2 and 3 shall not apply if and to the extent that the data subject already has the information.

12. GDPR Surveillance

INFORMATION FOR THE PROCESSING OF PERSONAL DATA (ART.13 GDPR)
VIDEO SURVEILLANCE SYSTEM
Dear visitor, the Data Controller informs you that the personal data obtained from the video surveillance system are processed in compliance with EU Regulation No. 2016/679 and the confidentiality obligations to which we are bound.

The data controller is ALFAMED S.R.L.
based in PORTO SAN GIORGIO (FM) VIA MARTIRI DI CEFALONIA, 28
Contact details: Email. info@alfamedsrl.com Tel. 0734 674379

PURPOSE OF THE PROCESSING AND LEGAL BASIS For needs of work safety and protection of company assets (i.e. to avert the risk of theft, damage, tampering), surveillance cameras are installed within our company which, inevitably, collect the personal data (image) of anyone who enters the visual range of the cameras. The function of the signage is to forewarn you that if you exceed the marked limit, your image will be videotaped. The legal basis for the processing is the pursuit of the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), for the purposes stated above. Your personal data will not be subject to any automated decision-making process, including profiling.

RECIPIENTS Your data is not disseminated and will not be transferred either to European Union member states or to third countries outside the European Union.

PERIOD OF STORAGE Recorded images are retained for 48 hours, subject to special requirements for further storage in connection with holidays or closure of offices or businesses, as well as in the event that we must adhere to a specific investigative request of the judicial authority or police bodies.
After these terms have expired, the images are automatically deleted.

OBLIGATION TO PROVIDE DATA AND CONSEQUENCES The provision of data is mandatory and is strictly instrumental to access the premises. In case of non-provision, access to the premises of the company is not possible.

YOUR RIGHTS As a data subject you can contact the Data Controller (whose contact details are given at the beginning of this policy) to exercise your rights of access and deletion as provided for in Article 15 of GDPR 2016/679.
In the event that you believe that the processing of personal data relating to you occurs in violation of the provisions of the Regulation you have the right to lodge a complaint with the Guarantor, as provided for in Article 77 of the Regulation itself.

13. Contact data
Requests regarding Art 13 of EU Regulation 679/2016 should be addressed to the Data Controller via e-mail at info@alfamedsrl.com