“Privacy” Policy: EU Regulation 2016/679 (General Data Protection Regulation)
Pursuant to the Regulation in question, dictated in the matter of “protection of physical persons with regard to the processing of personal data”, Enterprise S.p.A. (hereinafter “Company”
or “Enterprise”), as the “Holder” of the processing, is bound to provide some information regarding the use of personal data.
The following are the methods for managing the aforementioned personal data freely provided by the subject, acquired by the Company in its workplace with reference to the Employees of Customers and Suppliers, acquired by Enterprise for the organization of Sports Events, Recreational Events, other Events, data inserted through the Website and finally by the users who consult the Website. This information is also provided, pursuant to EU Regulation 2016/679 (General Data Protection Regulation) about the protection of personal data, to those who interact with the Company’s services in different ways, and also via the website:
This information, the data collection and this document also take into account the recommendations that the personal data protection European authorities have adopted to identify the minimum requirements for the collection of personal data also in online mode.
The information is provided for the data held (in any electronic form, or on paper) as well as for data acquired on the websites https://www.enterprisespa.it and http://dev.ent4bank.it and not for other websites that may have been consulted by the user via link.
The data processing related to the Company’s services and to the Website is only handled by personnel in charge of the processing. No data is communicated or disclosed to third parties for commercial purposes.
Types of data processed
The personal data held by the Company are normally collected directly from the concerned parties and, only occasionally, they may come from third parties such as schools, universities, training institutions, public and private subjects for research and / or selection of personnel, etc.
All personal data are processed in compliance with the Regulations and the obligations of confidentiality that have always been inspired by the activity of Enterprise.
It could happen that, from the curriculum vitae sent to us, or during the selection interviews, the Company may acquire data that the Regulation (Article 9) defines as “characteristic”, that is the data from which the racial and ethnic origin, religious convictions, political opinions, membership of parties, trade unions, associations of religious, philosophical or political organizations, sexual life, as well as the health status. (special data are considered for example: trade union delegations, membership in the so-called protected categories, participation in representative bodies of workers, the results of medical visits carried out under the law and contract rules, some public offices, etc.).
The eventual treatment of the particular data is allowed and it is made lawful from the article 6, letters a), b), c) and f) of the aforementioned Regulation.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the Company’s addresses, entails the subsequent acquisition of the sender’s address, needed to respond to requests, as well as any other personal data included in the message.
The use of personal data for the eventual sending of advertising material, commercial information, sale of products or services by the Company, will be possible only after the consent has been given by the sender.
For specific services on request, specific summary information can be progressively reported or displayed on the related site pages.
The use of so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow a safe and efficient browsing of the website.
The so-called session cookies used on this website avoid the use of other technologies that could compromise the privacy of users’ browsing and do not allow the acquisition of personal identification data.
The computer systems and software procedures used to operate the website acquire, during their normal operation and only for the duration of the connection, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties but which, by their very nature, through processing and association with data held by third parties, could allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file
obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct operation. They are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website;
except for this eventuality, at present, the data about web contacts do not persist for more than seven days.
Methods of processing
Personal data are processed within the scope of the Enterprise’s activity for the purposes related to the normal operation of the Company such as personnel selection, purposes of participation in Events (Sports, Recreational and other), Communication of Greetings, Others.
For some of the aforementioned purposes the consent of the interested party is not required while, if it is needed, the explicit “consent” of the interested party is requested.
The processing of personal data is done by manual, computerized and telematic tools with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data, as well as respect for the fundamental rights and freedoms of the interested parties.
Specific security measures are observed to prevent data loss, illicit or incorrect uses and unauthorized accesses.
In the event that the personal data of the interested party are not collected directly from the same, the Holder, pursuant to Article 14, letter g) of the Data Protection Regulation, informs that no automated decision-making processes are in place, including the profiling pursuant to article 22, paragraphs 1 and 4.
Categories of subjects to whom the data are known
Within the Company, the data may be known by employees of the personnel office, by employees in the secretariat, administrative office, by other employees closely connected with the specific activities, as well as subjects charged by the Company for specific activities.
The Data accessibility is guaranteed by IT tools for electronic components and, for papery information, by suitable cabinets with locks placed in controlled environments.
Holder, Person in Charge of Data Treatment and Person in charge of Personal Data Protection
We inform you that the Holder is Enterprise S.p.A., with registered office in: Viale Egeo, 55/57 – 00144 Roma.
Person in Charge of Personal Data Treatment: Raffaele Di Caterino – firstname.lastname@example.org
Duration of processing and storage of personal data
The treatments referred to in this information will be carried out until the consent is revoked by the concerned party.
Rights of the concerned parties (articles 15 to 22 of the Data Protection Regulation)
We inform, finally, that the art. from 15 to 22 of the Data Protection Regulation confer on the concerned parties the exercise of specific rights. In particular, they may obtain from the “Holder”, in relation to their personal data: the access (Article 15); the amendment (Article 16); the cancellation – oblivion (Article 17); the limitation on processing (Article 18); the notification in the event of amendment, cancellation or limitation (Article 19); the portability (Article 20); the right of opposition (Article 21) and non-submission to automated decision-making processes and profiling (Article 22).
Requests should be addressed to email@example.com or sent to Enterprise S.p.A. Viale Egeo, 55/57 – 00144 Rome.