Information pursuant to art. 13 of Legislative Decree 30 June 2033 n. 196 (“privacy code”) and EU Regulation 679/2016 GDPR
Mashfrog Group S.r.l., with registered headquarters in Via Giacomo Peroni, 400 - 00131 Rome, tax code and VAT number 02534640905 (hereafter “Owner”), as the owner of the processing of personal data, informs, pursuant to art. 13 Legislative Decree 30.6.2003 n. 196 (hereafter “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereafter “GDPR”), that the personal data provided to the company will be processed in the following manner and with the following purposes:
- Object of Treatment
The Data Controller, for the performance of its activities, may process personal data, such as name, surname, addresses, telephone numbers, email references, curriculum vitae (hereafter “personal data” or even “data”) provided by users who consult and/or interact with the site.
- Purpose of data processing
- Personal data is processed:
- Without the express consent of the interested party (Article 24 letter a), b), c) Private Code and art. 6 lett. b) , e) GDPR), for the following Service Purposes:
- Conclude contracts for the Controller’s services
- Fulfill the precontractual, contractual and tax obligations deriving from existing relations
- Fulfill the obligations established by the law, by a regulation, by community legislation or by a prescription of a public authority (such as for example, in the context of anti-money laundering)
- Exercise the rights of the owner, for example the right to defense in the court of law
2) Only subject to specific and distinct consent (articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for any other personal communication purpose
3) Methods of data processing
The processing of personal data is carried out through means of some of the operations indicated in art. 4 paragraph 2 of the GDPR (collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, communication, cancellation and destruction of data).
Personal data is subjected to both paper and electronic and/or automated processing, thereby guaranteeing the data’s security and confidentiality.
The Data Controller will process personal data for the time strictly necessary to fulfill the above mentioned purposes and for no more than 5 years for the termination of the relationship for the Service Purposes.
4. Access to Data
The data may be made accessible for the purposes referred to in articles 2.1 and 2.2:
- By employees and collaborators of the Data Controller in Italy and within the EU , in their capacity as persons in charge and/or internal managers of the processing and/or system administrators;
- By third party companies of other subjects (by way of example, professional firms, consultants, suppliers) who are involved in outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
The complete list of managers is available at the headquarters.
5. Communication of Data
Without the need for express consent (pursuant to Article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate the data for the purposes referred to in Article 2.1 to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the completion of the aforementioned purposes. These subjects will process the data in their own capacity as independent data controllers. The data will not be disclosed otherwise.
6. Provision of Data
The data is acquired mainly by commercial and administrative staff, through the transmission of CVs and subscription to services offered by the websites owned by Mashfrog S.r.l.
The provision of data for the purposes pointed out in Article 2.1 is mandatory since it is necessary for the provision of the request service. The provision of data for the purposes referred to in Article 2.2 is optional.
7. Rights of the Interested Party
The interested party can exercise the rights referred to in art. 7 of the Privacy Code and art. 15 and ss. of the GDPR, and more precisely:
- obtaining confirmation of the existence or not of personal data concerning them, even if not yet registered and their communication in an intelligible form.
- obtaining the indication a) of how their personal data was acquired; b) the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the help of electronic instruments; d) the identity of the owner, manager and the representative appointed pursuant art. 5 par. 2 of the Privacy Code and art. 3 par. 1, GDPR; e) the subjects or categories of subjects to whom the personal data can be communicated.
- obtaining: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data that does not need to be kept for the purposes for which the data was collected or subsequently processed; c) the attestation that the operation referred to in letters a) and b) have been brought to attention, also as regards their content, to those to whom the data has been communicated or disseminated, except in the case that this fulfillment proves to be impossible or involves the use of means that are manifestly disproportionate to the protected right.
- to object, in whole or in part a) for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the end of collection; b) to the processing of personal data concerning them for the purpose of sending ads or direct sales material for the fulfillment of market research or commercial communication, through the use of automated call systems without the intervention of an operator by email or through traditional marketing methods by telephone and/or mail. It should also be pointed out that the right of opposition of the interested party set out in point b) above for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition even only partially. Therefore, the interested party can decide to only receive communications using traditional methods or only automated communications or neither of the two.
The interested party, where applicable, also has the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
8. Ways to Exercise Your Rights
The interested party can exercise the aforementioned rights at any time by sending:
- a letter to Mashfrog Group S.r.l., Via Giacomo Peroni, 400 00131 Rome
- an email to privacy@Mashfrog.com
indicating as the subject “Privacy - exercise of rights pursuant to art. 7 of Legislative Decree 196/2003 and pursuant to art. 15 et seq. of the GDPR”
9. Holder of the Agreement
The data controller is Mashfrog Group S.r.l., with registered headquarters in Via Giacomo Peroni, 400 - 00131 Rome, tax code and VAT number 02534640905.