General part - information common to all processing of personal data
Premise
This information illustrates which "Personal Data of natural persons" (henceforth the latter also referred to as interested) are collected and which treatments are carried out concerning all the Services provided by CoreTech Srl, also through this websit www.coretech.it , in compliance with regulation (EU) 2016/679 and related legislation.
Owner Of the Treatment
Unless otherwise indicated, for all the Services indicated below, the owner of the processing of personal data, i.e. the one who decides the purposes and means of the processing of personal data, is the company:
CoreTech s.r.l., Tax Code and VAT number: 03815480961, based in Viale Ortles 13, 20139 Milan, Tel: +39 02 55 23 08 93, email privacy@coretech.it
It is possible to contact the data controller to receive all further clarifications on the policies adopted by our company regarding the protection of personal data.
DPO – Data Protection Officer
Coretech Srl has appointed the DPO - Data Protection Officer as Personal Data Protection Officer, who can be contacted at the following address: privacy@coretech.it
Limits of applicability of this information
Unless otherwise specified, this policy only concerns the processing of personal data of natural persons, and does not concern the processing of data relating to companies. However, in the latter case, this policy applies to the processing of personal data relating to individuals who are their collaborators and who must use the services provided by the data controller and always to the minimum necessary to allow their use. It is the specific responsibility of companies to communicate the personal data of their collaborators, giving the indications to be able to view this policy.
Principles applied to the processing of Personal Data
The data controller adopts personal data processing policies in compliance with regulation (EU) 2016/679 and related legislation, applying the principles established on the processing of personal data such as the principle of confidentiality, lawfulness, transparency, correctness, accuracy, integrity, relevance, to the minimum necessary and through adequate security measures, in order to guarantee the rights and freedoms of the data subjects.
Methods of processing Personal Data
The processing of personal data will take place either in paper form or with other analogical forms, or in whole or in part electronic, telematic or in any case automated, in compliance with the principles indicated above. The data will not be disclosed. Further details may be indicated, if necessary, concerning the single service provided by the data controller, as specified later in this information.
Recipients of Personal Data
The recipients of the personal data to which the data controller can transmit the personal data of the interested parties are identified below, concerning the treatments covered by this information, unless further specifications are made about the type of service provided.
The personal data of the interested party will be disclosed to authorized internal staff and other external parties, only if indispensable for the purposes being processed. In particular, the recipients will be included in these categories:
- employees responsible for managing partners;
- professionals, such as accounting experts, consultants and lawyers, or companies or associations of services for the administration and management who operate on behalf of the data controller;
- banking and insurance institutions that provide functional services for the purposes indicated above;
- judicial or administrative authorities, for the fulfillment of legal obligations or to assert a right of the data controller or data subject.
The names of the persons appointed as data processors will be available at the headquarters of the data controller.
Transfer of Personal Data abroad
Always in compliance with the privacy legislation, the data controller may transfer personal data, if technically possible through encryption systems according to internationally recognized technical standards, even outside the European Economic Area (EEA) or from a country that does not have a adequacy decision by the European Commission according to art. 45 of the GDPR, respecting one of the following conditions:
- the standard contractual clauses provided for in the European Commission Decision 2010/87 / EU, of February 5, 2010, are stipulated with the sub-processor appointed by CORETECH, who is authorized as of now by the CLIENT to sign them;
- if personal data are transferred to the United States, through the application of the "Privacy Shield", www.privacyshield.gov, referred to in the European Commission Decision 2016/1250 / EU of 12 July 2016;
- if transferred to a corporate group concerning intra-group transfers, the latter has obtained the approval of the BCR (binding corporate rules);
- in the other cases provided for by art. 49 of Regulation (EU) as there are no other alternatives.
Exercise of rights by the interested party
Concerning their personal data, the interested party, according to articles 12 ff. Regulation (EU) GDPR, has the following rights, which it can exercise towards the data controller, in the way indicated below:
Rights of the interested party
The rights recognized to the data subject by the GDPR include those of:
-
RIGHT OF ACCESS
that is, the right to obtain from the data controller confirmation as to whether or not the processing of your personal data is in progress and, in this case, to obtain a full copy;
-
RIGHT OF CORRECTION, INTEGRATION, CANCELLATION
i.e. the right to obtain the correction of your inaccurate personal data and / or their integration, if incomplete, or their cancellation for legitimate reasons;
-
RIGHT TO LIMITATION OF PROCESSING
i.e. the right to obtain the correction of your inaccurate personal data and / or their integration, if incomplete, or their cancellation for legitimate reasons;
-
RIGHT TO LIMITATION OF PROCESSING
i.e. the right to request the suspension of the processing of your personal data, if there are legitimate reasons;
-
RIGHT TO DATA PORTABILITY
i.e. the right to receive your personal data, in a commonly used and legible format and transmit them to another data controller, if the legal basis of the processing is the contract and the same is carried out by automated means.
Right to lodge a complaint
In the event of disputes, the interested party has the right to lodge a complaint with the supervisory authority and specifically with the Guarantor Authority for the protection of personal data - www.garanteprivacy.it.
Exercise of rights
To exercise your rights, please send to CoreTech s.r.l. the request via: email to privacy@coretech.it or by post to Viale Ortles 13, 20139 Milan. For any further clarification, contact Coretech S.r.l. at the Tel number: +39 02 55 23 08 93 and ask to speak to the privacy contact person.
More information
Further information on the rights of data subjects can be found on the website: www.garanteprivacy.it.
Changes and additions
The data controller will take care to update and integrate this information every time this becomes necessary and in any case in the event of regulatory and organizational changes that may affect the processing of personal data of the interested parties. Any changes will always be reported on this web page: www.coretech.it/privacy , which contains the most updated information. We therefore invite you to consult this page regularly.
Specific information to individual Services provided by the Data Controller
List of the types of Services performed and related information on treatments
List of the type of processing carried out as data controller concerning the services performed:
Specific policy relating to clients for Cloud services and other IT services
This section contains information on the processing of personal data carried out by the data controller, concerning the data of its customers as individuals and their collaborators, for the provision of cloud services and other IT services.
THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.
Service provided
Provision of cloud services and other IT services provided by the data controller, indicated on this website and related pre-contractual requests for information on the services themselves
Types of data processed
The types of data processed are:
-
common data
The personal data of natural persons (interested) that are processed with the aforementioned service are of a common category, such as identification data (name, surname, tax code, VAT number, etc.), contact data (telephone, email, certified email, address, domicile, etc.), IT data (IP, login, password, logical access, traffic, etc.), financial data (IBAN, payments, etc.) and other administrative, accounting and tax data that can be directly referring to the customer himself, if a natural person, or to his collaborators as strictly necessary to use the services.
Purpose of the processing
The personal data of the interested party will be used for:
- for the management of the contract for the supply of the requested services, even in the pre-contractual phase, in all its contractual, administrative, fiscal aspects, including those relating to privacy aspects, or anything else required by the legal system concerning it;
- for IT security purposes, for which IT personal data are processed to a strictly necessary and proportionate extent to ensure the security and ability of IT systems to withstand, at a given level of security, unforeseen events or illegal or malicious acts, which may involve the violation of personal data stored, transmitted or otherwise processed;
- to possibly ascertain, exercise and defend the rights connected to the previous point of the data controller in out-of-court and judicial proceedings;
- to fulfill any type of obligation provided for by laws, regulations or community regulations, or by provisions issued by Authorities legitimated by the law or by supervisory and control bodies.
- to carry out surveys on our services and on customer satisfaction, carry out internal checks on the quality of our products and processes. Verify the effectiveness of our processes to obtain and maintain certifications and certificates.
Legal basis of the processing
The legal bases for the processing of personal data have a legal basis as they are necessary:
- to fulfill the request for the provision of services or in any case as part of the pre-contractual phase for the possible stipulation of the contract;
- in relation to the right of defense of the rights of the data controller in extrajudicial and judicial proceedings as a legitimate interest of the data controller;
- to fulfill a legal obligation to which the data controller is subject.
- Legitimate interest.
Retention period
The personal data of the interested party will be stored:
- for ten years from the termination of the contract, without prejudice to any delayed payments of the fees that justify the extension or the beginning of a dispute until the substantial definition of the same;
- In any case, for the longest time in which the data controller is subject to retention obligations for tax purposes, or for other purposes, provided for by law or regulation or concerning the limitation periods as outlined by the jurisprudence.
Consequences in case of failure to provide personal data
In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the contract for the supply of the requested services or to provide the information requested during the pre-contractual phase.
Specific information relating to suppliers
This section contains information on the processing of personal data carried out by the data controller, about the personal data of their suppliers, as natural persons or concerning their collaborators.
THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.
Personal supplier data
Personal data relating to suppliers and their collaborators in the context of supply relationships managed by the data controller
Types of data processed
The types of data processed are:
-
common data
The personal data of natural persons (interested) that are processed concerning the management of relations with suppliers, are of a common category, such as identification data (name, surname, tax code, VAT number, etc.), contact data (telephone , email, certified email, address, domicile, etc.), IT data (IP, login, password, logical access, traffic, etc.), financial data (IBAN, payments, etc.) and other administrative, accounting and tax data that they can be directly referred to the supplier himself, if a natural person, or to his collaborators as strictly necessary for the purpose indicated above
Purpose of the processing
The personal data of the interested party will be used for:
-
for the management of the supply contract with the supplier, even in the pre-contractual phase, in all its contractual, administrative, fiscal, information aspects, also relating to privacy aspects, or anything else required by the legal system concerning it;
- for IT security purposes, for which IT personal data are processed to a strictly necessary and proportionate extent to ensure the security and ability of IT systems to withstand, at a given level of security, unforeseen events or illegal or malicious acts, which may involve the violation of personal data stored, transmitted or otherwise processed;
- to possibly ascertain, exercise and defend the rights connected to the previous point of the data controller in out-of-court and judicial proceedings;
- to fulfill any type of obligation provided for by laws, regulations or community regulations, or by provisions issued by Authorities legitimated by the law or by supervisory and control bodies.
Legal basis of the processing
The legal bases for the processing of personal data have a legal basis as they are necessary:
- to allow the execution of the supply contract or in any case as part of the pre-contractual phase for the possible stipulation of the associated contract;
- in relation to the right of defense of the rights of the data controller in extrajudicial and judicial proceedings as a legitimate interest of the data controller;
- to fulfill a legal obligation to which the data controller is subject.
Retention period
The personal data of the interested party will be stored:
- for ten years from the termination of the contract, without prejudice to the arising of any out-of-court dispute or the beginning of a dispute and until their substantial settlement;
- In any case, for the longest time in which the data controller is subject to retention obligations for tax purposes, or for other purposes, provided for by law or regulation or concerning the limitation periods as outlined by the jurisprudence.
Consequences in case of failure to provide personal data
In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the supply contract or in any case to follow up on the pre-contractual phase
Specific policy regarding webinars
This section contains information on the processing of personal data carried out by the data controller, in relation to personal data processed as part of participation in webinars managed by the data controller.
THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.
Service provided
Personal data processing of webinar participants managed by the data controller
Type of data processed:
-
common data
The personal data of natural persons (interested) that are processed with the aforementioned service are of a common category, such as identification data (name, surname, tax code, VAT number, etc.), contact data (telephone, email, certified email, address, domicile, etc.), IT data (IP, login, password, logical access, traffic, etc.), financial data (IBAN, payments, etc.) and other administrative, accounting and tax data that can be directly referring to the customer himself, if a natural person, or to his collaborators as strictly necessary to use the services.
Purpose of the processing
The personal data of the interested party will be used for:
- the provision of the webinar to which the interested party has signed up in all its contractual, administrative, tax, information aspects, including those relating to privacy aspects and anything else required by the legal system in relation to it;
- for IT security purposes, for which IT personal data are processed to a strictly necessary and proportionate extent to ensure the security and ability of IT systems to withstand, at a given level of security, unforeseen events or illegal or malicious acts, which may involve the violation of personal data stored, transmitted or otherwise processed;
- to possibly ascertain, exercise and defend the rights deriving from the aforementioned service by the data controller in extrajudicial and judicial offices;
- to fulfill any type of obligation provided for by laws, regulations or community regulations, or by provisions issued by Authorities legitimated by the law or by supervisory and control bodies.
Legal basis of the processing
The legal bases for the processing of personal data have a legal basis as they are necessary:
- to be able to execute the request to participate in the webinar and provide the information requested in the pre-contractual phase;
- in relation to the right of defense of the rights of the data controller in extrajudicial and judicial proceedings as a legitimate interest of the data controller;
- to fulfill a legal obligation to which the data controller is subject.
Retention period
The personal data of the interested party will be stored:
- for thirty days from the conclusion in the case of free webinars;
- for ten years from the termination of the termination of the webinar if paid, without prejudice to any delayed payment of the fees that justify the extension or the beginning of a dispute until the substantial definition of the same;
- In any case, for the longest time in which the data controller is subject to retention obligations for tax purposes, or for other purposes, provided for by law or regulation or concerning the limitation periods as outlined by the jurisprudence.
Recipients
In addition to what is indicated in the general section of this information relating to recipients, we inform you that personal data are also communicated to third-party IT platforms, data processors, which provide the IT tools necessary for the provision of the service indicated above and always in compliance with the privacy legislation to guarantee the rights and freedoms of the interested parties. The names of the persons appointed as data processors will be available at the headquarters of the data controller.
Consequences in case of failure to provide personal data
In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the service described above or in any case to follow up on the pre-contractual phase.
Specific information relating to online training courses
This section contains information on the processing of personal data carried out by the data controller, in relation to personal data processed in the context of participation in training courses offered by the data controller.
THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.
Service provided
Personal data processing of participants in training courses offered by the data controller
Type of data processed:
-
common data
The personal data of natural persons (interested) that are processed with the aforementioned service are of a common category, such as identification data (name, surname, tax code, VAT number, etc.), contact data (telephone, email, certified email, address, domicile, etc.), IT data (IP, login, password, logical access, traffic, etc.), financial data (IBAN, payments, etc.) and other administrative, accounting and tax data that can be directly referring to the customer himself, if a natural person, or to his collaborators as strictly necessary to use the services.
Purpose of the processing
The personal data of the interested party will be used for:
- the provision of training courses to which the interested party has signed up in all its contractual, administrative, fiscal, information aspects, including those relating to privacy aspects and anything else required by the legal system concerning it;
- for IT security purposes, for which IT personal data are processed to a strictly necessary and proportionate extent to ensure the security and ability of IT systems to withstand, at a given level of security, unforeseen events or illegal or malicious acts, which may involve the violation of personal data stored, transmitted or otherwise processed;
- to possibly ascertain, exercise and defend the rights deriving from the aforementioned service by the data controller in extrajudicial and judicial offices;
- to fulfill any type of obligation required by laws, regulations or community regulations, or by provisions issued by Authorities legitimated by the law or by supervisory and control bodies;
Legal basis of the processing
The legal bases for the processing of personal data have a legal basis as they are necessary:
- to be able to execute the contract for the supply of the training course to which the interested party has signed up and provide the information requested in the pre-contractual phase;
- in relation to the right of defense of the rights of the data controller in extrajudicial and judicial proceedings as a legitimate interest of the data controller;
- to fulfill a legal obligation to which the data controller is subject;
Retention period
The personal data of the interested party will be stored:
- for ten years from the conclusion, without prejudice to any delayed payments of the fees that justify the extension or the beginning of a dispute until the substantial definition of the same;
- In any case, for the longest time in which the data controller is subject to retention obligations for tax purposes, or for other purposes, provided for by law or regulation or concerning the limitation periods as outlined by the jurisprudence.
Recipients
In addition to what is indicated in the general section of this information relating to recipients, we inform you that personal data are also communicated to third-party IT platforms, data processors, which provide the IT tools necessary for the provision of the service indicated above and always in compliance with the privacy legislation to guarantee the rights and freedoms of the interested parties. The names of the persons appointed as data processors will be available at the headquarters of the data controller.
Consequences in case of failure to provide personal data
In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the service described above or in any case to follow up on the pre-contractual phase
Specific policy relating to video surveillance at the CoreTech headquarters
This section contains information on the processing of personal data, acquired and processed through the video surveillance systems operating at the CoreTech headquarters, in compliance with the applicable legislation on the protection of personal data.
The video surveillance areas are marked with special signs, clearly visible in all environmental lighting conditions, where the aims pursued are also recalled. The information signs are before the range of the cameras.
Type of data processed:
The types of data processed are:
-
common data
The personal data of natural persons (interested) consisting of images from the video surveillance system during access to the CoreTech headquarters.
Purpose of the processing
The personal data of the interested party will be used for:
- for security purposes, to guarantee the safety of people who, in various ways, access the company structures. Therefore, personal data and images are processed to a strictly necessary and proportionate extent to ensure security;
- for the protection of company assets;
- to possibly ascertain, exercise and defend the rights connected to the previous point of the data controller in out-of-court and judicial proceedings.
Legal basis of the processing
- the video surveillance activity is based on the pursuit of the legitimate interest of the Company as per the purposes indicated above.
Retention period
The images of the interested party will be kept
- For a period of 24 hours.
Specific policy relating to the electronic signature of contracts
This section contains information on the processing of personal data carried out by the data controller, in relation to the electronic signature generated to sign contracts by its customers, suppliers and collaborators.
As part of the initiatives aimed at innovating and improving the efficiency of its processes, we have introduced a method of signing contracts based on a process that allows you to sign documents in electronic format through the Sigillo platform, with the aim of reducing and, where possible, eliminate the use of the card over time.
The contracts, once electronically signed, will be sealed by a qualified signature compliant with the European Regulation 910/2014 (eIDAS)
Service provided
Advanced electronic signature of documents and contracts for the provision of cloud services, distribution and other IT services.
Type of data processed:
The types of data processed are:
-
common data
identification data (name, surname, tax code, VAT number, etc.), contact data (mobile phone, email, PEC, address etc.), computer data (IP etc.) and other administrative, accounting and tax data that can be directly referring to the customer himself, if a natural person, or to his collaborators as strictly necessary in order to view the documentation and proceed with the signature.
Purpose of the processing
The personal data of the interested party will be used for:
- management of the contract for the supply of the requested services, even in the pre-contractual phase, in all its contractual, administrative, fiscal aspects, including those relating to privacy aspects, or anything else required by the legal system in relation to it;
- ascertain, exercise and defend the rights connected to the previous point of the data controller in out-of-court and judicial proceedings;
- fulfill any type of obligation envisaged by laws, regulations or community regulations, or by provisions issued by Authorities legitimated by the law or by supervisory and control bodies on accounting records.
Legal basis of the processing
The legal bases for the processing of personal data have a legal basis as they are necessary:
- to fulfill the request for the provision of services or in any case as part of the pre-contractual phase for the possible stipulation of the contract;
- in relation to the right of defense of the rights of the data controller in extrajudicial and judicial proceedings as a legitimate interest of the data controller;
- to fulfill the legal obligations to which the data controller is subject in administrative accounting matters;
- Legitimate interest in being able to have contracts signed through advanced electronic signature and therefore speed up the signature processes.
Retention period
The images of the interested party will be kept
- for ten years from the termination of the contract, without prejudice to any delayed payments of the fees that justify the extension or the beginning of a dispute until the substantial definition of the same;
- in any case, for the longest time in which the data controller is subject to retention obligations for tax purposes, or for other purposes, provided for by law or regulation or in relation to the limitation periods as outlined by the jurisprudence.
Consequences in case of failure to provide personal data
In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the contract for the supply of the requested services or to provide the information requested during the pre-contractual phase.
Specific information regarding access to the CoreTech - Green Pass headquarters
This section contains information on the processing of personal data, acquired and processed at the CoreTech headquarters, in compliance with the applicable legislation on the protection of personal data. Following the publication in the Official Gazette of the Law Decree of 21 September 2021 n. 127, containing "Urgent measures to ensure the safe performance of public and private work through the extension of the application scope of the COVID-19 green certification and the strengthening of the screening system", the obligation to green pass is sanctioned starting from October 15, 2021 to December 31 (currently foreseen as the deadline for the cessation of the state of emergency determined by the pandemic from Covid-19 Sars-Cov2). Therefore, anyone who enters the CoreTech office will request and verify the validity of the Green Pass.
Who is the target:
The validity check will be made to all workers, customers and suppliers who will access the office.
Verify and control modality:
The validity check on the Green Pass will take place through automated systems with QRCode scanning.Only the persons in charge will be able to carry out random checks. The persons in charge were appointed with a formal deed which is exhibited in Bakeca.
Type of data processed:
The types of data processed are:
-
Healt Data
The data contained in the Green Pass certification or Green Pass exemption
Purpose of the processing
to possibly ascertain, exercise and defend the rights connected to the previous point of the data controller in out-of-court and judicial proceedings.
Legal basis of the processing
the control activity will be carried out pursuant to art. 13 of the same Prime Ministerial Decree, "the verification of the green COVID-19 certifications is carried out by reading the two-dimensional barcode, which only allows you to check the authenticity, validity and integrity of the certification, and to know the generalities of the holder, without making visible the information that led to the issue.
Retention period
The data relating to the Green Pass and Exemption, processed during the verification, will not be stored. The data relating to the Exemption or the lack of possession of the green certification will be stored together with the data relating to the administration of the personnel and in the same way as reported in the employee information.
Specific information relating to personnel selection
This section contains information on the processing of personal data carried out by the data controller, in relation to the personal data processed during the personnel selection process.
THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.
Personal data processed:
Personal data relating to candidates, their CVs and video presentations sent and managed by the data controller.
Type of data processed:
The types of data processed are those provided voluntarily by the candidate when sending the CV and during the evaluation interviews:
-
Common Data
The personal data (Candidates) that are processed during the selection are of a common category, such as identification data (name, surname, tax code, VAT number, etc.), contact data (telephone, email, pec, address, domicile, etc. .), qualification data (education, work experience, certificates, letters of introduction, CV, linguistic knowledge, etc.), image or video data (such as photo on the CV or video presentation when requested), Social Profile data (if included in the CV by the candidate), remuneration data and evaluation data.
-
Soft Skill data through Original Skills portal
https://hrapp.originalskills.com/privacy-policy?cbck=wrReq68371
Purpose of the processing
The personal data of the interested party will be used for:
- the management of personnel selection, privacy, possible hiring of the candidate;
- to guarantee equal opportunities in employment in accordance with the law;
- to fulfill any type of obligation required by laws, regulations or community regulations, or by provisions issued by Authorities legitimated by the law or by supervisory and control bodies;
Legal basis of the processing
The legal bases for the processing of personal data have a legal basis as they are necessary:
- for the execution of the employment contract or in any case as part of the pre-contractual phase for possible hiring;
- to fulfill the obligations and exercise the specific rights by the data controller or the interested party provided for in the field of labor law, social security and social protection, occupational medicine and assessment of the employee's work capacity, as established by law labor law;
- if necessary, to safeguard the life or physical integrity of the worker or a third party;
- to possibly ascertain, exercise and defend the rights of the data controller in court or whenever the jurisdictional authorities exercise their jurisdictional functions;
- to fulfill a legal obligation to which the data controller is subject;
Retention period
The personal data of the interested party will be stored:
- until the personnel selection process is closed;
- for another 5 years given the possible re-contact of the candidate for another role or position;
- in any case, for the longest time in which the data controller is subject to retention obligations for tax purposes, or for other purposes, provided for by law or regulation or in relation to the limitation periods as outlined by the jurisprudence.
Consequences in case of failure to provide personal data
In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the supply contract or in any case to follow up on the pre-contractual phase.
More information or Complaints
We remind you that with reference to the processing of personal data, it is always possible to request information or make complaints by writing to privacy@coretech.it or contact the Guarantor directly https://www.garanteprivacy.it/