This policy is aimed at describing the use and processing of the users’ personal data on the website, which have been acquired both by mean of the website itself and in other ways (such as social media, cookies, etc.).
This policy reports the requirements for collecting personal data online and, namely, the methods, timing, and nature of the information that the Data Controller shall provide to the users of the website regardless of the purpose of such use.
Both the users who only visit the website and those who use the customer service shall be considered as users of the website.
INTELLICARE S.R.L., with registered office in Viale dell’Oceano Atlantico n. 182 – 00144 Rome, FC and VAT number 13993881005 (hereinafter the “Data Controller”), declares to be the Data Controller of the personal data collected on the website www.intellicare.it (hereinafter, the “Website “), Pursuant to art. 24 and following modifications of the EU Regulation n. 2016/679 (hereinafter, “GDPR”). This document does not include the data processing carried out on other websites that may be accessed from the user through links which are present on the Website. The processing of personal data means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as the collection, recording, organization, structuring, storage, elaboration, selection, block, adaptation or modification, extraction, consultation, communication through transmission, spreading or any other form of disclosure, comparison or interconnection, limitation, cancellation, or destruction.
1. Identification and contact information of the Data Controller
The identification of the Data Controller, as well as all his contact information are the following:
INTELLICARE S.R.L.,with registered office in Viale dell’Oceano Atlantico n. 182 – 00144 Rome, FC, and VAT number 13993881005. In order to contact INTELLICARE S.R.L. you can call the following phone number +39 06 54278301, Fax +39 06 54278338, email to firstname.lastname@example.org or write a certified email to email@example.com. The updated list of the persons in charge for data processing is stored at the Data Controller’s premises.
2. Object of the data processing
A. Navigation data
The IT systems and software procedures relied upon to operate this website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. Such information is not collected in order to be related to identified data subjects; however, because of its very nature, it might allow the user’s identification after being processed and matched with data held by third parties. This data category includes the IP addresses or the domain names of the computers used by users connecting to this website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used for submitting a given request to the server, the size of the file returned, a numerical code relating to the server response status (success, error, etc.) as well as other parameters related to the user’s operating system and to the computer environment.
B. Data voluntarily provided by the user
The optional, explicit, and voluntary sending of e-mails to the contact addresses mentioned on this website, as well as the filling in and forwarding of any curriculum vitae through the website, entails the acquisition of the sender’s e-mail address in order to reply to any request, as well as all of his personal data contained in the e-mail and any related attachments. Specific summary information notices will be displayed on the website pages used for providing on-demand services.
3. Purpose and legal framework of the data processing
The user’s personal data are processed:
- without the user’s express consent for the following purposes and regardless of the communication method (i.e. phone, mobile phone, text message, e-mail, fax, certified email, courier):
- reply to contact requests, both explicit and voluntary;
- evaluation of the CVs sent voluntarily and without any request from the Data Controller;
- exercise the rights of the Data Controller, such as the right to defense in court.
The categories of personal data being processed are the common personal data reported above.
4. Processing methods
Personal data are processed as follows: collection, recording, organization, conservation, consultation, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction. Personal data are processed with both paper and electronic and/or automated means.
5. Data access and communication
Personal data may be made accessible for the purposes referred to in art. 3.A):
- to employees and collaborators of the Data Controller in Italy, as persons in charge and/or internal managers of the processing and/or system administrators;
- to third-party companies or other subjects (such as banks, professional firms, consultants, insurance companies for the provision of insurance services, etc.) to whom some activities are outsourced on behalf of the Data Controller, and as independent Data Controllers.
Personal data may be communicated by the Data Controller for the purposes referred to in art. 3.A), to Public Bodies and Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, and to subjects to whom the data communication is mandatory by law for the accomplishment of the aforementioned purposes, including the fulfilment of contracts by the Data Controller. These parties shall process such data as independent data controllers or as data processors, where these conditions are met. Personal data shall not be disclosed.
6. Data transfer
Personal data are stored on servers located at the company premises within the European Union.
7. Nature of the provision of data and consequences of any refusal to respond
The provision of data for the purposes referred to in art. 3.A) is mandatory. Failure to provide them will make it impossible to guarantee the services referred to in art. 3.A).
8. Rights of the interested party
Pursuant to the provisions of EU Regulation 2016/679, the User, as interested party, has the rights referred to in articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR, and namely:
Right of access by the interested party
The interested party has the right to obtain from the Data Controller confirmation as to whether or not the personal data concerning himself or herself are being processed and, in this case, to obtain access to personal data and the following information:
- the purpose of the data processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed;
- when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
- the right of the interested party to ask the data controller to correct or delete his personal data or to limit the processing of his personal data or to oppose their treatment;
- the right to file a complaint with a supervisory authority;
- if the data are not directly collected from the data subject, all available information regarding their origin;
- the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, any significant information regarding the logic applied, as well as the importance and expected consequences of such data processing for the interested party.
The data controller may provide a copy of the personal data being processed. In case further copies are required by the interested party, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request through electronic means, and unless otherwise indicated by the interested party, the information shall be provided in a common electronic format. Such right to obtain a copy shall not affect the rights and freedom of others.
Right to correction
The interested party has the right to request the Data Controller to correct any inaccurate personal data concerning him without undue delay. Considering the purposes of the data processing, the interested party has the right to have incomplete personal data integrated, also by providing an additional declaration.
Right to deletion
The interested party has the right to request the Data Controller to delete any personal data concerning him without undue delay. The Data Controller is obliged to delete such personal data without undue delay, for any of the following reasons:
- the personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- the interested party revokes the consent on which the processing is based and if there is no legitimate overriding reason for the data processing;
- the interested party opposes the processing pursuant to Article 21, paragraph 1, and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2 of the GDPR;
- the personal data have been unlawfully processed;
- personal data must be deleted to fulfill a legal obligation according to the European Union or Member State law the Data Controller is subject to.
If the data controller has made personal data public and is obliged to delete them, it shall consider the available technology and the implementation costs, and then take reasonable steps, including technical ones, to inform the data controllers who are processing the personal data upon request of the interested party to delete any link, copy or reproduction of his personal data.
The right to deletion shall not apply in the following cases:
- to exercise the right to freedom of expression and information;
- to fulfil legal obligations requiring the processing provided for by the European Union or Member State law the data controller is subject to, or to perform a task carried out in the public interest or to exercise the official authority the Data Controller is invested in;
- for reasons of public interest related to public health in accordance with Article 9, paragraph 2, letters h) and i), and Article 9, paragraph 3 of the GDPR;
- for archiving purposes related to the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, to the extent that the right referred to in paragraph 1 is likely to make it impossible or to seriously affect the purpose such processing;
- to assess, exercise or defense a right in court.
Right of limitation of the data processing
The interested party has the right to request to the data controller the limitation of the processing when one of the following hypotheses occurs:
- the interested party disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
- the processing is illegal, and the interested party opposes the deletion of personal data and requests instead their use to be limited;
- although the data controller no longer needs the data for processing purposes, the interested party needs them to ascertain, exercise or defend a right in court;
- the interested party has opposed the data processing pursuant to Article 21, paragraph 1 of the GDPR.
If the data processing is limited, such personal data shall be only processed, and not stored, only with the interested party’s consent or for ascertain, exercise or defense a legal right in court or to protect the rights of another person, or for reasons of significant public interest inside the European Union or a Member State. The interested party, upon having obtained the data processing limitation, shall be informed by the data controller before such limitation is revoked.
Right of notification in case of correction or deletion of personal data or limitation of data processing
The data controller shall communicate to each recipient to whom the personal data have been transmitted any corrections or cancellations or limitations of the data processing pursuant to Article 16, Article 17, paragraph 1, and Article 18 of the GDPR, unless this proves impossible or involves a disproportionate effort. The data controller shall communicate the data of these recipients if the involved party required them.
Right to data portability
The interested party shall have the personal data concerning him that have been provided to the Data Controller in a structured, commonly used, and readable form through an automatic device, and has the right to transmit such data to another data controller without impediments to the Data Controller to whom it has provided them, if:
- the data processing is based on consent pursuant to article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), or on a contract pursuant to article 6, paragraph 1, letter b) of the GDPR;
- the data processing is carried out by automated means.
In exercising their rights in relation to the data portability, the interested party shall have the right to request the direct transmission of personal data from one data controller to another, if technically feasible. The aforementioned right shall not apply to the data processing for the performance of a task of public interest or connected to the exercise of public authority vested by the data controller; in any case, this right shall not affect the rights and freedoms of others.
Right of opposition
The interested party has the right to object at any time, for reasons connected to specific situations, to the processing of his personal data pursuant to article 6, paragraph 1, letters e) or f) of the GDPR, including profiling on the basis of these provisions. The data controller refrains from further processing of personal data unless he demonstrates the existence of binding legitimate reasons for proceeding with the processing that prevail over the interests, rights, and freedoms of the interested party or for ascertaining, exercising, or defending a right in court. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him carried out for these purposes, including profiling, insofar as it is related to such direct marketing. If the interested party objects to the processing for direct marketing purposes, the personal data shall no longer be processed for these purposes.
If personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89, paragraph 1 of the GDPR, the interested party, for reasons connected to his particular situation, shall have the right to object to the processing of personal data. that concerns him, except if the processing is necessary for the performance of a task in the public interest.
Automated decision-making process concerning natural persons, including profiling
The interested party has the right not to be subjected to a decision based solely on the automated processing, including profiling, which has legal consequences that may affect him, or which may significantly affect him in a similar way, unless the decision:
- is necessary for signing or executing a contract between the interested party and a data controller;
- is authorized by the law of the European Union or Member State to which the data controller is subject, which also specifies adequate measures to protect the rights, freedoms, and legitimate interests of the interested party;
- is based on the explicit consent of the interested party. In the cases referred to in letters a) and c), the data controller shall apply appropriate measures to protect the rights, freedoms, and legitimate interests of the interested party.
9. How to exercise the rights
The user can exercise his right at any time by sending: – a registered letter with acknowledgement of receipt to the Data Controller, Viale dell’Oceano Atlantico n. 182 – 0144 Roma INTELLICARE S.R.L. or by sending an e-mail to the address firstname.lastname@example.org.
The rights of the interested party, referred to in point 8, may be subject to limitations as per art. 23 of the GDPR aimed at protecting the national security, the defence, the public safety, and other specific cases.
11. Duration of treatment and storage
The Data Controller shall process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the end of the agreement related to the service provision.
12. Amendments and integrations
In case of substantial modifications to this document, its updated version shall be promptly posted on the website www.intellicare.it.
The data controller shall reserve the right to communicate the aforementioned modifications to the website users in order to request his consent to the new specifications.
Therefore we ask the website users to visit this page on a regular basis.