Information on personal data processing
(pursuant to Art. 13 Legislative Decree 30.6.2003 No. 196 - “Personal Data Protection Code” and articles 13 and 14 of EU Regulation No. 2016/679 - “GDPR”)
The company L’AUTRE CHOSE SPA, based in Porto Sant’Elpidio (FM), Via Mar Egeo No. 9/13 (TAX CODE and VAT NO. 01412510446), in the person of its legal representative pro-tempore, as controller of personal data pursuant to Art. 4 letter 7) of Regulation (EU) 2016/679, pursuant to Art. 13 Legislative Decree 30.6.2003 No. 196 (hereinafter, "Personal Data Protection Code") and articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter, "GDPR"), recognises the importance of maintaining the confidentiality, integrity and security of your personal data and informs you that the Personal Data you provide to our company will be processed in compliance with current European legislation on privacy and in compliance with the principles of correctness, lawfulness, transparency, protection of confidentiality, with the procedures and for the purposes illustrated below, guaranteeing the recognition of your rights under current legislation.
1. Purposes of the processing and legal basis:
Data processing, in accordance with the provisions of Art. 6 paragraph 1 letter b) Regulation (EU) 2016/679, is undertaken to allow the Controller to evaluate your application to establish a possible working relationship/collaboration with L’AUTRE CHOSE SPA.
The controller is L’AUTRE CHOSE SPA, based in Porto Sant’Elpidio (FM), Via Mar Egeo No. 9/13 (TAX CODE and VAT No. 01412510446), in the person of its legal representative pro-tempore.
3. Obligation or right to provide data and consequences of any refusal
We also inform you that for the purposes highlighted in paragraph 1) the provision of your personal data is mandatory to allow L’AUTRE CHOSE SPA to evaluate your application in compliance with the purposes set out in paragraph 1), and that failure to provide personal data or providing partial or incorrect personal data could consequently result in the non-evaluation, partial evaluation and/or inaccurate evaluation of your application.
4. Methods and duration of processing:
The personal data you provide will be processed by the Controller, and outsourced via methods and procedures that guarantee security and confidentiality, and may be processed on paper or electronically with the aid of electronic means.
Personal data is processed in the ways indicated in Art. 4 of the Personal Data Protection Code and Art. 4 No. 2) of the GDPR and precisely: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, erasure and destruction of data.
The Controller will process personal data for the time necessary for the purposes set out in paragraph 1) and in any event for no more than 2 years following the termination of the relationship for the Purposes of Service.
To this end, the Controller has already taken steps to determine technical and organisational security measures.
5. Recipients of personal data - Communication and dissemination:
The personal data provided by you will not be "disseminated", with this term intended to mean making it known to indeterminate parties in any way, including by making it available to them or by allowing them to consult it.
Such data may instead be "communicated" by the Controller, with this term intended to mean making it known to one or more specific parties, according to the following terms:
- parties appointed by the Controller, and in particular Administration Office employees and Commercial Office employees;
- parties who can legally access the data pursuant to the law, regulations or EU legislation, within the limits set by these rules;
- parties who are consultants of the Controller, within the limits necessary to carry out their duties, following of a letter of appointment imposing on them the duty of confidentiality and security in data processing.
A detailed list of third parties to whom the Controller will communicate your personal data, in compliance with the purposes set out above, is held by the Controller and will be provided on request.
6. Rights of Data Subjects:
Pursuant to Art. 7 of Legislative Decree No. 196/2003 and Art. 15 of Regulation (EU) 679/2016 (GDPR), the data subject has the right to:
- obtain confirmation of the existence or not of personal data concerning them, even if not yet registered, and its communication in a readable form;
- obtain confirmation: a) of the source of their personal data; b) of the purposes and methods used for the processing; c) of the logic applied in case of processing carried out with the aid of electronic means; d) of the identification of the controller, processors and designated representative pursuant to Art. 5, paragraph 2 of the Personal Data Protection Code and Art. 3, paragraph 1, GDPR; e) of the parties or categories of party to which or whom the personal data can be communicated or that could become aware of the same in their role as designated representative in the State, as processors or persons in charge of the processing;
- obtain: a) the updating, rectification or, if of interest, integration of data; b) the erasure, anonymisation or blocking of the data processed in breach of the law, including data that does not need to be stored for the purposes for which they were collected or subsequently processed; c) certification that the operations described in points a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except when fulfilling this requirement proves impossible or would entail using means that are clearly disproportionate to the protected right;
- object fully or partially to the processing of personal data that concerns them, for legitimate reasons, even if they are relevant to the purpose for which they were collected;
- file a complaint with the Italian Data Protection Authority;