The Data Controller Falck Next s.r.l. with registered office at Via Alberto Falck, 4-16, 20099 Sesto San Giovanni (MI), Italy, VAT no. 10420860966, Economic and Administrative Index of Milan – 2530000 (the “Controller”, “we/us”, “our”), pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 (the “Regulation”), hereby informs you that your personal data will be processed for the purposes and via the methods indicated below.
You are invited to carefully read this Policy and the additional privacy notices present on the Website, before using our services.
In accordance with the Regulation, the processing described below is governed by principles of legality, correctness, transparency, limitation of purposes and storage, as well as minimisation, precision, completeness and confidentiality of data.
2.1 Main purposes
The Controller processes your personal data for the following main reasons:
Provision of personal data for the purposes a), b) and c) is mandatory to finalise a contract with us, to allow us to provide the service/product requested or to respond to your requests, as well as to allow us to examine your CV if it was sent using the “Work with us” section or to fulfil the legal obligations connected with finalisation of the contract. In the case of a failure to provide your personal data, the Controller will be unable to establish a contract relationship with you, fulfil the contract and/or the aforementioned obligations or perform the aforementioned actions.
2.2 Main purposes
Subject to your free and optional consent, the Controller processes your personal data also for the following additional purposes:
Provision of personal data for marketing purposes and sending to third parties for marketing purposes is optional. In the case of a failure to provide the data, we will be unable to send commercial and/or promotional communications or send your personal data to Group companies or third parties as indicated above, but there will be no negative consequences for you.
In any case, if consent is provided, you may withdraw your consent for marketing purposes and sending to third parties for marketing purposes at any time and, with specific reference to marketing purposes, you may withdraw your consent for all methods of communication or just for some, using the methods indicated below or those indicated within each communication.
If you are already our customer or have already used services offered by the Controller, communicating your email address to us in the context of the sale of a service or product, we will send you commercial communications via email regarding products and services of the Controller similar to the product or service sold, on the basis of our legitimate interest in performing promotional activity. It is understood that, also in this case, you may object at any time to the sending of commercial communications via the methods indicated below or those indicated within each communication.
The Controller processes the following personal data using electronic tools, including automatic processes and manual processes with procedures and logics designed to pursue the aforementioned purposes:
The Controller does not process personal data belonging to special categories of personal data (e.g. health data). By browsing, interacting, registering or requesting services offered by the Website, you confirm that you are older than 16 years of age.
If you provide us with personal data of third parties, you are processing data in the capacity of an independent data controller and should take all necessary steps to ensure that such communication and our subsequent use for the purposes indicated in each case are compliant with applicable legislation (e.g. before providing us with personal data of third parties, you should obtain their prior informed consent, if required by applicable legislation). In any case, you undertake to release the Controller from liability in the context of any dispute, claim or request from any data subject that may arise due to provision of personal data to the Controller in breach of applicable legislation.
Regarding purposes a), b) and c) above, the Controller stores your personal data for the period of time strictly necessary for the purposes indicated above (e.g. where the user has an account, until closure of the account), observing the civil and fiscal obligations for storage of data and the limits established by law. More specifically, data processed to fulfil any contractual obligation with you may be stored for the entire duration of the contract and for 10 years following the end of the tax year following the year where tax was applicable, for the purposes of any checks and/or disputes of a fiscal nature. In the event that it is necessary to defend ourselves or take action or submit a claim in your regard or in regard to third parties, we may store personal data that we consider reasonably necessary to process for these purposes, for the period of time for which such a claim may continue.
If a CV is sent via the “Work with us” section, the data may be stored up to the end of the selection process and, in the case of cold application, for up to 12 months, with the exception of possible extension subject to your prior consent.
Regarding processing of your personal data for marketing purposes, personal data shall be stored for no longer than 24 months from when they are gathered, unless you withdraw consent beforehand or in the event of possible extension subject to your prior consent.
Browsing data will be stored at the office of the Controller for the periods of time defined by applicable legislation, in accordance with the principle of proportionality, and limited to the period necessary for the purposes for which the data was gathered.
At the end of the established period for storage, the personal data will be deleted or converted to anonymous form, except where further processing is necessary for other legitimate purposes of the Controller (e.g. resolution of pre-litigation procedures or litigation procedures launched previously, the need to follow-up on investigations by the judicial authority or other competent authorities launched prior to the expiry of the period for storage).
Personal data in the possession of the Controller are gathered directly from you. For the purposes indicated above, your personal data are accessible to the personnel of the Controller, including consultants, duly authorised and trained in the processing of personal data and to third parties (e.g. suppliers of technical, management and organisational services to which the Controller has outsourced certain activities for greater efficiency) which have signed a specific agreement with the Controller and act in the capacity of data processors. These parties are only provided with the personal data required for performance of their respective duties and they undertake to use the personal data solely for the purposes indicated above, maintain data confidentiality and act in accordance with applicable legislation.
For the purposes indicated above, it may be necessary that Controller shares your personal data with the following categories of recipients:
You may request an updated list of the data processors and recipients of your data by contacting the Controller, using the methods described below.
The Controller specifies that some of the parties indicated above may be located abroad, also in countries outside the European Economic Area which may not guarantee an adequate level of protection of personal data. In such cases, the Controller allows access to personal data for the aforementioned purposes only after adopting the necessary precautions established by the Regulation for a legitimate transfer (e.g. following signing of standard contractual clauses of the European Commission for the transfer of personal data abroad).
You may exercise the following rights at any time:
The Controller reminds you that the rights above may be limited where exercising them could lead effectively and tangibly to undermining the legitimate interests of the Controller.
Exercising these rights carries no cost but the Controller reserves the right to ask for a fee in the event that requests are evidently unfounded or excessive.
Finally, the Controller reminds you that you always have the right to lodge a complaint with the Italian Data Protection Authority according to the methods indicated on the website www.garanteprivacy.it.
To exercise the above rights or for any request regarding processing of personal data by the Controller, you may contact the Controller without procedural formalities at the following email address: firstname.lastname@example.org
As the Website may allow access to websites owned and operated by third parties, we hereby specify that the Policy does not apply to such third-party websites and the Controller is not responsible for processing of personal data by such third parties operating as independent data controllers. In such cases, we suggest carefully reading the privacy policies of the third-party websites.
The Controller reserves the right to entirely or partially change or update the contents of the Policy (also following changes to applicable regulations). Changes will be published on the Website and, if significant, communicated to you via email. The Controller therefore invites you to regularly visit this section to remain up to date on the methods employed by the Controller to process your personal data. Previous versions of the Policy may be requested from the Controller by the methods indicated above.
Version updated in November 2020.