Privacy Policy on the Usage of Personal Data

In accordance with Article 13 of Regulation (EU) 2016/679 (“Privacy Policy”)

This privacy policy is pursuant to Regulation (EU) 2016/679 (hereafter “Regulation” or “GDPR”) and lays out the methods for the usage and processing of personal data of users that consult and utilize this website, accessible at the following link https://www.sfogliarina.it/en/ (hereafter “website”) or that utilize the services offered through the website. On the basis of the current European Regulation regarding the protection of personal data n. 679/2016 (“GDPR”), the collection and usage of said data will always follow principles of lawfulness, fairness, and transparency.
Personal data of the users who browse the website (referred to as “the interested party”, in that they are identified or identifiable individuals) may be processed following use of the website.

  • A. Data Controller
    The Controller of said personal data is the company Sfoglia Rina Srl, in the person of its legal representative pro tem, PI: 00599991205 ,CF: 03163590379, with legal headquarters in Via Roma 57/C, 40069 – Zola Predosa (BO), e-mail info@sfogliarina.it (hereafter “Controller”).
  • B. DATA PROTECTION OFFICER (DPO)
    The Data protection officer (DPO) is engineer Massimo Di Menna.
    For all matters relating to the handling of personal data, including the exercising of rights of the interested party acknowledged by the current legislation, the Data protection officer can be contacted at: massimo.dimenna@gruppoingegneria.it
  • C. CATEGORIES OF DATA COLLECTED, PURPOSE, LEGAL BASIS, AND RETENTION TIME
    1. Navigation Data
      Personal data can be collected autonomously by the Controller or through third parties.
      In these cases, the systems and software procedures utilized for the proper functioning of this website gather user’s technical data (for example: IP address, browser used, operating system, domain name, and websites on which users may have signed in or out of an account, etc.), whose transmission is inherent to normal internet usage.
      Purpose: this data can only be used anonymously and for statistical purposes related to the usage of this site and/or to control its proper functioning.
      Retention: this data will be immediately deleted after processing.
      Legal basis: the usage of this data is carried out on the basis of the legitimate interest of the Controller to improve the site’s accessibility and security (art. 6, par. 1 lett.f). Consent will be requested from the interested party exclusively for profiling purposes (art. 6, par. 1 lett.a).
    2. User’s Contacts via email and cell phone
      Any communication, whether optional, explicit or voluntary, by email to the email addresses indicated on this website, will result in the acquisition of data provided by the user, including their email address, and the consent to receive messages in response to any requests made.
      In these cases, providing an email address or other personal data is optional, but necessary in order to use this service and receive a reply to any requests made. Without this data, it is not possible to process the user’s request.
      Purpose: The personal data provided are utilized exclusively to satisfy or respond to the requests made and are communicated to third parties only if necessary.
      Retention: The personal data is saved for the period of time necessary to respond to the request made and in accordance with current legislation.
      Legal Basis: the use and processing of this data is carried out in order to fulfill a contractual and pre-contractual obligation taken on by the Controller through this service (art. 6, par. 1 lett.b).
    3. User Contacts for Email Submission, Phone Contact, Form Completion for CV Submission in the “Work with Us” Section of the Website.
      The provision of personal data for the indicated purposes is necessary to ensure the specific functionality present on the site to correctly send one’s application to participate in any personnel selection processes. The Candidate’s data collected by the Data Controller for this purpose includes: first name, last name, city of residence, current job position and company, email address, phone number, as well as all personal information and personal data that may be voluntarily published in the CV and cover letter uploaded by the Candidate. No other processing will be carried out by the Data Controller in relation to the personal data of the Candidates.
      Purpose: The personal data provided in this way is used for recruitment and selection purposes or to propose other job offers consistent with the candidate’s professional profile (pre-contractual obligations) and for the fulfillment of specific obligations or to perform specific tasks required by laws, regulations, or community legislation (legal obligation).
      Retention: The personal data related to potential candidates for open positions is kept for the time strictly necessary to ensure the correct execution of the selection procedures. The personal data of candidates deemed unsuitable for any position is deleted within a maximum of 14 (fourteen) days from the moment the Data Controller has considered the candidate unsuitable for the open position. The personal data of candidates deemed suitable for other open positions is kept for the time strictly necessary to ensure the correct execution of the selection procedures, and in the event of a negative outcome regarding suitability for other positions, the data is deleted within a maximum of 24 (twelve) months. This retention period is justified by the accountability of the Data Controller based on the characteristics of the territory and the limited presence of available human resources.
    4. Links to Other Websites
      The Website may include hyperlinks to other websites. By clicking on one of these links, the user may be redirected to another website or another Internet source that may collect information about the user through cookies or other technologies. The Data Controller assumes no responsibility or control authority over these other websites or Internet sources, nor over their collection, use, and disclosure of the user’s personal data. It is necessary to check the privacy statements of these other websites and Internet sources to judge whether they comply with privacy legislation.
    5. Integration of Social Media Plugins
      We have integrated social media plugins (Instagram, Facebook) on the site. This means that when you click or tap one of the buttons (for example, the Facebook “Like” button), some information is shared with the social media service providers. If you are logged into your social media account when you click or tap one of these buttons, the social media provider can link this information to your social media account. Depending on your settings, they may also show these actions on your social media profile, making them visible to other users in your network.
    6. This site uses technical, tracking, and profiling cookies. For more details, consult our cookie policy.
  • D. DATA RECIPIENTS
    The personal data gathered are handled by the Controller’s staff, which acts with previous consent and following the specific instructions given, based on the purposes and modality of the processing of said data.
    In addition, the processors or sub-processors responsible for data processing under art. 28 of GDPR, whom the Controller employs in order to provide certain services or to carry out activities under his jurisdiction, may be recipients of the data gathered after visiting the site or using its services, within the limits of the activity assigned.
    You can request the associated list from the Controller using the contact information indicated in section A.
    If and when a data processor or sub-processor becomes responsible for any personal data through the site’s services in accordance with art. 28 of GDPR, this data will be communicated to the Controller and/or other responsible parties.
  • E. DATA TRANSFER
    There shall be no international transfer of the personal data gathered.
  • F. RIGHTS OF THE INTERESTED PARTIES
    The interested parties- the identified or identifiable individuals that the data refers to- are entitled to specific rights regarding data protection, as listed below:
    • a) Right to access: the right to obtain from the Controller confirmation that their data is being utilized, and if so, to obtain access to the personal data and detailed information regarding the origin, the purposes, the category of data being processed, the recipients of communication or transfer of data, and more;
    • b) Right to rectification: the right to obtain from the Controller the correction of any incorrect personal data without unjustified delay, as well as the integration of any incomplete personal data, supplying a supplementary statement if required;
    • c) Right to elimination (“obscurity”): the right to obtain from the Controller the elimination of any personal data without unjustified delay in the following cases: i. the data that was necessary to process certain requests is no longer necessary; ii. the agreement that the data usage was based on has been revoked and there is no other legal basis for the processing of said data; iii. the personal data has been unlawfully utilized; iv. the personal data must be eliminated for a legal obligation;
    • d) Right to object to data usage: the right to object at any time to the usage of personal data that is, in a legal sense, of legitimate interest to the Controller;
    • e) Right to restriction: the right to obtain from the Controller the restriction of data usage, in the case that the accuracy of the personal data becomes disputable (for the period of time necessary for the Controller to verify the accuracy of said data), or that the usage is unlawful and/or if the interested party objects to the usage of their data;
    • f) Right to data portability: the right to receive in a structured format, easily legible and machine-readable, one’s personal data and to send said data to another data controller, if technically feasible, only in the case that the data processing is based on an agreement or contract, and only for the specific data being electronically utilized;
    • g) Right to lodge a complaint to a supervising authority: notwithstanding any other administrative or legal appeals, if the interested party believes that the usage of their data violates the Regulation, they have the right to lodge a formal complaint to the supervising authority of the government in which they reside or regularly work, that is, the country in which the violation has taken place.
    These rights can be exercised by contacting the Controller using the contact information indicated in sections A and B, repeated here:

This privacy policy has been updated on date 26/06/2024