DISCLOSURE EX ART. 13-14 REG. EU NO. 2016/679 FOR THE PROCESSING OF PERSONAL DATA

Dear Navigator,

S.F.S. SRL™ hereby informs you that, pursuant to and in accordance with Articles 13 and 14 of European Regulation no. 2016/679 GDPR, the data acquired and/or provided by you will be processed in accordance with the above regulations.

ROLES

The Data Controller is: S.F.S. SRL™ Via della Moscova, 47 Milano 20121 Mi [email protected]

PURPOSES OF MANDATORY TREATMENTS

S.F.S. SRL™ acquires the data you provide in compliance with the rules of confidentiality and security provided by the Regulations and the law.

S.F.S. SRL™ processes data collected digitally from the website without your express consent (Art. 6 GDPR) for the following purposes:

Carry out its normal activities of responding to questions we receive through the various forms on the website;
Fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you;
Fulfilling obligations under the law, a regulation, EU legislation or an order of the Authority (for example: issuing invoices);
Exercise the Holder’s rights (e.g., treasury management, right to defense in court, etc.).

PURPOSES OF NON-MANDATORY PROCESSING

Subject to your specific and separate consent (Articles 6 and 7 GDPR), we will process your data for the following marketing purposes:

to send them via email, mail, newsletter, commercial communications and/or informative material on products and/or services offered by the Owner and satisfaction survey on the quality of services;
Send them via email, mail newsletters on products and/or services offered by third-party companies and satisfaction survey on the quality of services.

MODE OF TREATMENT

Processing consists, for example, of operations of collection, recording, organization, storage, extraction, consultation, use, communication, and deletion of personal data. It is carried out, for the above purposes, according to principles (ex art. 5 of GDPR No. 2016/679) of lawfulness, fairness, transparency, data minimization and accuracy. Data are processed by telephone, paper, computer and telematic means. The processing is carried out by means of suitable instruments, technical and organizational measures adequate to guarantee security, integrity and confidentiality, avoiding in particular the risk of loss, unauthorized access, illicit use, diffusion, in compliance with the provisions also of Art. 32 of GDPR no. 2016/679, by the subjects and in compliance with the provisions of Art. 29 of GDPR no. 2016/679 and Art. 2-quaterdecies of the Privacy Code.

NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND

Providing data for mandatory purposes does not require consent. Without such data, we will not be able to provide our services. The provision of data for other purposes is optional and requires your express consent. In the absence you will not be able to receive newsletters, informational materials, commercial communications about services offered by the Owner or third-party companies You will still continue to be entitled to our services.

DATA ACCESS

Your data may be made accessible for the above purposes:

to employees and collaborators of the Owner in their capacity as data processors and/or system administrators;
to third-party companies or other entities (by way of example: professional firms, consultants, software houses that provide the management systems, credit institutions, insurance companies, etc.) that carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.

COMMUNICATION OF DATA

The Holder may communicate your data to Public Administration, Supervisory Bodies and/or Judicial Authorities as well as to all other subjects to whom the communication is obligatory or necessary by law. Your data will not be disseminated.

DATA TRANSFER

Please note that we generally try to avoid data transfers outside the European Union. In any case, it is understood that the Data Controller will be entitled to transfer the data to countries outside the EU, should it become necessary. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by entering into agreements, if necessary, that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission and/or binding corporate rules.

DATA RETENTION

All personal data provided will be processed in accordance with the principles of lawfulness, correctness, relevance and proportionality, only in the manner, including computer and telematic, strictly necessary to pursue the purposes described above. Personal data will be kept for 6 years after the last contact occurred with the data subject or until the data subject requests deletion. In this case, data related to the legitimate interest of the owner or necessary for the fulfillment of legal obligations may still be retained. It should be noted that the information systems used to manage the information collected are configured from the outset to minimize the use of personal data.

RIGHTS OF THE DATA SUBJECT

As a data subject, you have the rights under Art. 15 ff and Art. 77 GDPR, namely the rights to:

To obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations; when possible, the period for which the personal data are expected to be retained or, if this is not possible, the criteria used to determine this period; where the data are not collected from the data subject, all available information about their origin; the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the importance and the expected consequences of such processing for the data subject.

Obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary statement.

To obtain from the data controller information regarding personal data concerning him or her without undue delay, if any of the following grounds exist: (a) personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) (a), or Article 9(2)(a) (a), and if there is no other legal basis for the treatment; (c) the data subject objects to processing under Article 21(1) and there is no overriding legitimate reason for processing, or objects to processing under Article 21(2); (d) personal data have been processed unlawfully; (e) personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;

Obtain limitation of processing from the data controller when one of the following occurs: (a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; (b) the processing is unlawful and the data subject objects to the deletion of personal data and instead requests that their use be restricted; (c) although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the data subject to establish, exercise or defend a right in court; (d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the data controller outweigh those of the data subject.

To receive in a structured, commonly used, machine-readable format personal data concerning him or her that he or she has provided to a data controller and to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided them where the processing is carried out by digital means. In exercising his or her rights with regard to data portability, the data subject has the right to obtain direct transmission of personal data from one data controller to another, if technically feasible.

To object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her in accordance with Article 6(1), subparagraphs (e) or (f), including profiling on the basis of these provisions. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it is related to such marketing.

Right not to be subjected to a decision based solely on automated processing, including profiling, that produces legal effects concerning him or her or that significantly affects him or her in a similar way.

Right to file a complaint with a supervisory authority under Art. 77.

WAYS OF EXERCISING RIGHTS

You may exercise your rights at any time by contacting the Holder at the following e-mail address: [email protected]

EXTERNAL MANAGERS AND APPOINTEES

The updated list of external data controllers and processors is kept at the registered office of the Data Controller.

MODIFICATION OF THE CURRENT DISCLOSURE

This notice was prepared on 2023-03-15 16:18:45 and may be subject to change over time, including as the relevant laws and regulations are supplemented or amended. The ‘Interested Party is encouraged to consult this page often.

Candidates for

SUSTAINABILITY ENGINEER/ARCHITECT