Privacy Policy

General part - information common to all processing of personal data

Premise

This information illustrates which "Personal Data of natural persons" (henceforth the latter also referred to as interested) are collected and which treatments are carried out concerning all the Services provided by CoreTech Srl, also through this websit www.coretech.it , in compliance with regulation (EU) 2016/679 and related legislation.

Owner Of the Treatment

Unless otherwise indicated, for all the Services indicated below, the owner of the processing of personal data, i.e. the one who decides the purposes and means of the processing of personal data, is the company:

CoreTech s.r.l., Tax Code and VAT number: 03815480961, based in Viale Ortles 13, 20139 Milan, Tel: +39 02 55 23 08 93, email privacy@coretech.it

It is possible to contact the data controller to receive all further clarifications on the policies adopted by our company regarding the protection of personal data.



DPO – Data Protection Officer

Coretech Srl has appointed the DPO - Data Protection Officer as Personal Data Protection Officer, who can be contacted at the following address: privacy@coretech.it



Limits of applicability of this information

Unless otherwise specified, this policy only concerns the processing of personal data of natural persons, and does not concern the processing of data relating to companies. However, in the latter case, this policy applies to the processing of personal data relating to individuals who are their collaborators and who must use the services provided by the data controller and always to the minimum necessary to allow their use. It is the specific responsibility of companies to communicate the personal data of their collaborators, giving the indications to be able to view this policy.



Principles applied to the processing of Personal Data

The data controller adopts personal data processing policies in compliance with regulation (EU) 2016/679 and related legislation, applying the principles established on the processing of personal data such as the principle of confidentiality, lawfulness, transparency, correctness, accuracy, integrity, relevance, to the minimum necessary and through adequate security measures, in order to guarantee the rights and freedoms of the data subjects.



Methods of processing Personal Data

The processing of personal data will take place either in paper form or with other analogical forms, or in whole or in part electronic, telematic or in any case automated, in compliance with the principles indicated above. The data will not be disclosed. Further details may be indicated, if necessary, concerning the single service provided by the data controller, as specified later in this information.



Recipients of Personal Data

The recipients of the personal data to which the data controller can transmit the personal data of the interested parties are identified below, concerning the treatments covered by this information, unless further specifications are made about the type of service provided.

The personal data of the interested party will be disclosed to authorized internal staff and other external parties, only if indispensable for the purposes being processed. In particular, the recipients will be included in these categories:

The names of the persons appointed as data processors will be available at the headquarters of the data controller.



Transfer of Personal Data abroad

Always in compliance with the privacy legislation, the data controller may transfer personal data, if technically possible through encryption systems according to internationally recognized technical standards, even outside the European Economic Area (EEA) or from a country that does not have a adequacy decision by the European Commission according to art. 45 of the GDPR, respecting one of the following conditions:



Exercise of rights by the interested party

Concerning their personal data, the interested party, according to articles 12 ff. Regulation (EU) GDPR, has the following rights, which it can exercise towards the data controller, in the way indicated below:

Rights of the interested party

The rights recognized to the data subject by the GDPR include those of:

Right to lodge a complaint

In the event of disputes, the interested party has the right to lodge a complaint with the supervisory authority and specifically with the Guarantor Authority for the protection of personal data - www.garanteprivacy.it.

Exercise of rights

To exercise your rights, please send to CoreTech s.r.l. the request via: email to privacy@coretech.it or by post to Viale Ortles 13, 20139 Milan. For any further clarification, contact Coretech S.r.l. at the Tel number: +39 02 55 23 08 93 and ask to speak to the privacy contact person.

More information

Further information on the rights of data subjects can be found on the website: www.garanteprivacy.it.



Changes and additions

The data controller will take care to update and integrate this information every time this becomes necessary and in any case in the event of regulatory and organizational changes that may affect the processing of personal data of the interested parties. Any changes will always be reported on this web page: www.coretech.it/privacy , which contains the most updated information. We therefore invite you to consult this page regularly.

Specific information relating to requests for information, complaints and the exercise of privacy rights

Types of data processed

The types of data processed are:

Purpose of the processing

The personal data of the interested party will be used for:

Legal basis of the processing

The legal bases for this processing of personal data are:

Retention period

The personal data of the interested party will be kept for ten years from the request.

Consequences in case of failure to provide personal data

In case of failure to communicate personal data for the purposes mentioned above, it will be impossible to execute the requests.

Specific information to individual Services provided by the Data Controller

List of the types of Services performed and related information on treatments

List of the type of processing carried out as data controller concerning the services performed:



Specific policy relating to clients for Cloud services and other IT services

This section contains information on the processing of personal data carried out by the data controller, concerning the data of its customers as individuals and their collaborators, for the provision of cloud services and other IT services.

THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.

Service provided

Provision of cloud services and other IT services provided by the data controller, indicated on this website and related pre-contractual requests for information on the services themselves

Types of data processed

The types of data processed are:

Purpose of the processing

The personal data of the interested party will be used for:

Legal basis of the processing

The legal bases for the processing of personal data have a legal basis as they are necessary:

Retention period

The personal data of the interested party will be stored:

Consequences in case of failure to provide personal data

In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the contract for the supply of the requested services or to provide the information requested during the pre-contractual phase.



Specific information relating to suppliers

This section contains information on the processing of personal data carried out by the data controller, about the personal data of their suppliers, as natural persons or concerning their collaborators.

THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.

Personal supplier data

Personal data relating to suppliers and their collaborators in the context of supply relationships managed by the data controller

Types of data processed

The types of data processed are:

Purpose of the processing

The personal data of the interested party will be used for:

Legal basis of the processing

The legal bases for the processing of personal data have a legal basis as they are necessary:

Retention period

The personal data of the interested party will be stored:

Consequences in case of failure to provide personal data

In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the supply contract or in any case to follow up on the pre-contractual phase



Specific policy regarding webinars

This section contains information on the processing of personal data carried out by the data controller, in relation to personal data processed as part of participation in webinars managed by the data controller.

THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.

Service provided

Personal data processing of webinar participants managed by the data controller

Type of data processed:

Purpose of the processing

The personal data of the interested party will be used for:

Legal basis of the processing

The legal bases for the processing of personal data have a legal basis as they are necessary:

Retention period

The personal data of the interested party will be stored:

Recipients

In addition to what is indicated in the general section of this information relating to recipients, we inform you that personal data are also communicated to third-party IT platforms, data processors, which provide the IT tools necessary for the provision of the service indicated above and always in compliance with the privacy legislation to guarantee the rights and freedoms of the interested parties. The names of the persons appointed as data processors will be available at the headquarters of the data controller.

Consequences in case of failure to provide personal data

In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the service described above or in any case to follow up on the pre-contractual phase.


Specific information relating to online training courses

This section contains information on the processing of personal data carried out by the data controller, in relation to personal data processed in the context of participation in training courses offered by the data controller.

THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.

Service provided

Personal data processing of participants in training courses offered by the data controller

Type of data processed:

Purpose of the processing

The personal data of the interested party will be used for:

Legal basis of the processing

The legal bases for the processing of personal data have a legal basis as they are necessary:

Retention period

The personal data of the interested party will be stored:

Recipients

In addition to what is indicated in the general section of this information relating to recipients, we inform you that personal data are also communicated to third-party IT platforms, data processors, which provide the IT tools necessary for the provision of the service indicated above and always in compliance with the privacy legislation to guarantee the rights and freedoms of the interested parties. The names of the persons appointed as data processors will be available at the headquarters of the data controller.

Consequences in case of failure to provide personal data

In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the service described above or in any case to follow up on the pre-contractual phase


Specific policy relating to video surveillance at the CoreTech headquarters

This section contains information on the processing of personal data, acquired and processed through the video surveillance systems operating at the CoreTech headquarters, in compliance with the applicable legislation on the protection of personal data.
The video surveillance areas are marked with special signs, clearly visible in all environmental lighting conditions, where the aims pursued are also recalled. The information signs are before the range of the cameras.

Type of data processed:

The types of data processed are:

Purpose of the processing

The personal data of the interested party will be used for:

Legal basis of the processing

Retention period

The images of the interested party will be kept


Specific policy relating to the electronic signature of contracts

This section contains information on the processing of personal data carried out by the data controller, in relation to the electronic signature generated to sign contracts by its customers, suppliers and collaborators.
As part of the initiatives aimed at innovating and improving the efficiency of its processes, we have introduced a method of signing contracts based on a process that allows you to sign documents in electronic format through the Sigillo platform, with the aim of reducing and, where possible, eliminate the use of the card over time.
The contracts, once electronically signed, will be sealed by a qualified signature compliant with the European Regulation 910/2014 (eIDAS)

Service provided

Advanced electronic signature of documents and contracts for the provision of cloud services, distribution and other IT services.

Type of data processed:

The types of data processed are:

Purpose of the processing

The personal data of the interested party will be used for:

Legal basis of the processing

The legal bases for the processing of personal data have a legal basis as they are necessary:

Retention period

The images of the interested party will be kept

Consequences in case of failure to provide personal data

In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the contract for the supply of the requested services or to provide the information requested during the pre-contractual phase.


Specific information regarding access to the CoreTech - Green Pass headquarters

This section contains information on the processing of personal data, acquired and processed at the CoreTech headquarters, in compliance with the applicable legislation on the protection of personal data. Following the publication in the Official Gazette of the Law Decree of 21 September 2021 n. 127, containing "Urgent measures to ensure the safe performance of public and private work through the extension of the application scope of the COVID-19 green certification and the strengthening of the screening system", the obligation to green pass is sanctioned starting from October 15, 2021 to December 31 (currently foreseen as the deadline for the cessation of the state of emergency determined by the pandemic from Covid-19 Sars-Cov2). Therefore, anyone who enters the CoreTech office will request and verify the validity of the Green Pass.

Who is the target:

The validity check will be made to all workers, customers and suppliers who will access the office.

Verify and control modality:

The validity check on the Green Pass will take place through automated systems with QRCode scanning.Only the persons in charge will be able to carry out random checks. The persons in charge were appointed with a formal deed which is exhibited in Bakeca.

Type of data processed:

The types of data processed are:

Purpose of the processing

to possibly ascertain, exercise and defend the rights connected to the previous point of the data controller in out-of-court and judicial proceedings.

Legal basis of the processing

the control activity will be carried out pursuant to art. 13 of the same Prime Ministerial Decree, "the verification of the green COVID-19 certifications is carried out by reading the two-dimensional barcode, which only allows you to check the authenticity, validity and integrity of the certification, and to know the generalities of the holder, without making visible the information that led to the issue.

Retention period

The data relating to the Green Pass and Exemption, processed during the verification, will not be stored. The data relating to the Exemption or the lack of possession of the green certification will be stored together with the data relating to the administration of the personnel and in the same way as reported in the employee information.


Specific information relating to personnel selection

This section contains information on the processing of personal data carried out by the data controller, in relation to the personal data processed during the personnel selection process.

THE INFORMATION IS ALSO COMPOSED OF THE GENERAL SECTION, REPORTED ABOVE, CLICK HERE.

Personal data processed:

Personal data relating to candidates, their CVs and video presentations sent and managed by the data controller.

Type of data processed:

The types of data processed are those provided voluntarily by the candidate when sending the CV and during the evaluation interviews:

Purpose of the processing

The personal data of the interested party will be used for:

Legal basis of the processing

The legal bases for the processing of personal data have a legal basis as they are necessary:

Retention period

The personal data of the interested party will be stored:

Consequences in case of failure to provide personal data

In case of failure to communicate personal data for the aforementioned purposes, it will be impossible to execute the supply contract or in any case to follow up on the pre-contractual phase.


More information or Complaints

We remind you that with reference to the processing of personal data, it is always possible to request information or make complaints by writing to privacy@coretech.it or contact the Guarantor directly https://www.garanteprivacy.it/

Exercise of rights by the interested parties

According to art. 13.2 of Regulation (EU) 2016/679, the interested party may at any time exercise the following rights: ask the data controller for access to Personal Data, rectification, cancellation, limitation, opposition to processing, portability of the same, as well as lodge a complaint with the supervisory authority. The request must be made by email to privacy@coretech.it attaching the document CoreTech interested rights module and Identity card

Collection of evidence and assistance to the rights of interested parties

If the customer needs to collect evidence or request assistance, he can send the request to the email address supporto@coretech.it, in case the requested assistance is not within the competence of the support or for other reasons he can contact the Privacy contact at email privacy@coretech.it.

Breach of personal data

"CoreTech reports any incidents impacting personal information to the manager or owner via email provided as a Privacy email contact when activating the service. For more information, please visit the page https://www.coretech.it/en/service/chi_siamo/dpa.php

Interested Rights Form can be filled in

Document information

Document title: Privacy
Document version: V.2.3
Date of last adjustment: 23/03/2022