Privacy Policy – Cookie Policy

Subject to Articles 13 and 14 of Regulation (EU) 2016/679 (“the Regulation” or “GDPR”), we wish to inform users about the methods and purposes of processing personal data of those who interact with our website.

This notice shall not be considered valid for other websites that may be accessed through links on the data controller’s domain websites, which shall not be considered in any way responsible for third-party websites.

Data Controller
The Data Controller of the personal data collected through this website is Andriani S.p.A., headquartered at Via Niccolò Copernico s.n. – Zona PIP, 70024 – Gravina in Puglia (Ba), VAT Number: 06880780728, also referred to as “the company,” Tel: 0803255801 – Fax: 0803221304.

Data Protection Officer (DPO)
The Data Protection Officer of Andriani S.p.A. can be reached at the email address dpo@andrianispa.com or by contacting the Data Controller’s office.

Processing Purposes, Legal Basis, Nature of Providing Data
For the purposes expressed in this notice, only personal data and special categories exclusively linked to any potential membership in protected categories will be processed, should this data be relevant for hiring purposes; therefore, please DO NOT provide any special (sensitive) data not strictly necessary for the application. Personal data will be processed, in compliance with the lawfulness conditions under art. 6 of the Regulation, for:

• facilitating navigation on this website and the technical management of connections to it

The IT systems responsible for website operations acquire, during their normal operation and for the sole duration of the connection, some personal data whose transmission is implicit in the use of internet communication protocols. These are pieces of information not collected to be associated with identified individuals, but which, by their nature, could, through processing and association with data held by third parties, allow identification of users. This category of data includes, for example: IP addresses or computer names used by users connecting to websites, URI (Uniform Resource Identifier) addresses of requested resources, characteristics of the browser used for navigation, window size in which the browser is running on the device used, and other parameters related to the user’s operating system and IT environment. These data are used solely for obtaining anonymous statistical information about site usage and monitoring its correct functioning, being immediately deleted after processing. The data could be used for ascertaining responsibilities in the event of hypothetical cybercrimes against the websites. Legal basis of processing: Data Controller’s legitimate interest (art. 6, paragraph 1, letter f of the GDPR). The data required for the specified purposes are necessary to enable navigation on the website.

Responding to information or contact requests, downloading informative materials on our products, and other types of requests (e.g., “report your blog”) made by customers/users regarding services offered by the Data Controller The voluntary sending of emails to the email addresses indicated on the aforementioned websites, even through specific data collection forms, leads to the subsequent acquisition of the sender’s email address, necessary to respond to requests, as well as any other personal data entered in the message. This applies also to managing complaints forwarded by users and responding to them. Legal basis of processing: Performance of a contract of which the data subject is a party or to take pre-contractual measures upon the data subject’s request (art. 6, paragraph 1, letter b of the GDPR) and Data Controller’s legitimate interest (art. 6, paragraph 1, letter f of the GDPR). The data required for the specified purposes are necessary to respond to the requests of the data subject. Failure to provide the data results in the inability to send/receive/respond to the data subject’s requests.

Managing the selection process in the case of job applications and spontaneous submission of curriculum vitae (CV) Additionally, the user is free to provide personal and special data (exclusively for the purposes mentioned above) through online forms and contact forms to submit the CV or make specific applications. Legal basis of processing: Performance of pre-contractual or contractual obligations (art. 6, paragraph 1, letter b of the GDPR) and consent for special data (art. 9, letter a GDPR). The data required for the specified purposes are necessary to initiate the personnel selection process. Failure to provide the data results in the impossibility of considering the user in the selection process and consequently evaluating their hiring. Personal data will not be processed using automated decision-making processes referred to in art. 22 of the GDPR.

Data Processing Methods Processing will be carried out using manual, computerized, and telematic tools in compliance with current regulations and the principles of fairness, lawfulness, transparency, relevance, completeness, non-excessiveness, accuracy, and with organizational and processing logics strictly related to the pursued purposes and in a manner ensuring the security, integrity, and confidentiality of the processed data, in compliance with the organizational, physical, and logical measures provided by the current regulations.

Data Retention Period In compliance with Article 5, paragraph 1, letter e) of EU Regulation 2016/679, personal data collected will be stored in a form that allows the identification of data subjects for a period not exceeding the achievement of the purposes for which the personal data are processed. The retention period of personal data provided depends on the purpose of the processing: – Navigation on this website, refer to the cookies policy; – For contact and information requests, maximum 1 year; – Personnel selection, maximum 1 year. Upon expiration of these terms, the data will be deleted or anonymized, unless their further retention is necessary to fulfill legal obligations or comply with orders from Public Authorities and/or Supervisory Bodies.

Nature of Providing Data The user is free to provide their personal data. Failure to provide the data may result in the impossibility of obtaining what is requested or using the Data Controller’s web services.

Recipients of Data or Categories of Recipients For pursuing the described purposes, or where necessary or required by law or by authorities empowered to request it, the Data Controller reserves the right to communicate data to recipients belonging to the following categories:

Entities performing IT maintenance services or similar; Entities providing services for managing the IT system used by the Data Controller and telecommunications networks, including email and website management; Authorities and supervisory bodies and, in general, subjects, public or private, with functions of public relevance (e.g., Prefecture, Police Headquarters, Judiciary, only within the limits established by applicable regulations); Other companies of the group to which the Data Controller belongs, or controlling, controlled, or affiliated companies, pursuant to art. 2359 of the Italian Civil Code; Professional studios or companies within the scope of assistance and consultancy relationships; The data may also be known, in relation to the assigned duties, by the personnel of the Data Controller, including interns, temporary workers, consultants, employees of external companies to the Data Controller, all specifically authorized for data processing. Data Transfer Abroad The user’s data will not be transferred to countries outside the EU.

Data Disclosure The user’s data will not be disclosed.

Use of Social Networks From the website, it is possible to connect to the company pages on Social Networks through their respective icons (Facebook, Instagram, LinkedIn, YouTube). As known, Social Networks autonomously regulate privacy for users who browse, post, and communicate through them, being the main data controllers in this case. Therefore, users are invited to visit the following links for more information: [Links provided] However, when users are on the social media pages managed by Andriani S.p.A. and provide their personal data through various means (e.g., via private message, commenting on a post, leaving a review), or when the Social Networks provide statistics on page usage in a non-anonymous manner (thus attributable to the specific person’s activity on the page), Andriani S.p.A. becomes the Data Controller. The processing of the provided data occurs solely for the ordinary management of the pages (e.g., if a comment insulting other users is posted, Andriani S.p.A. might decide to remove it from the page as it is unlawful) and to respond to user queries (both public and private) about the characteristics of products by Andriani S.p.A. In such cases, the legal basis for the processing is Andriani S.p.A.’s legitimate interest in presenting and illustrating its products and their features to the user, as well as the need to respond to any user queries. The processing of user personal data will take place through tools made available by the same Social Networks. At this stage of simple contact, Andriani S.p.A. will not transfer or communicate the user’s personal data to other subjects (except for companies in the entrepreneurial group to which it belongs). Users are always free to decide when to remove a like, delete a comment or review, etc., by simply returning to the respective Social Network page and directly performing the deletion. Regarding private messages, these are stored for a maximum of 6 months from the last contact, after which they are deleted. Users are always free to provide their personal data. Failure to provide the data may result in the impossibility of obtaining what is requested or using the Data Controller’s services.

Rights of the Data Subject Articles 15, 16, 17, 18, 20, 21 of the GDPR grant the data subject the exercise of specific rights that can be exercised against the Data Controller. In particular, as a data subject, you can, under the conditions provided by the GDPR, exercise the following rights:

Right of access: the right to obtain confirmation of whether or not personal data concerning you are being processed and, if so, to access your personal data, including a copy of it; Right to rectification: the right to obtain the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data; Right to erasure (right to be forgotten): the right to obtain the erasure of personal data concerning you if they are no longer necessary for the purposes pursued by the Data Controller, in case of revocation of consent (and no other legal basis exists for processing) or your objection to processing, in case of unlawful processing, or where there is a legal obligation to delete. The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority;

Right to restriction of processing: the right to obtain restriction of processing where: a) you contest the accuracy of your personal data; b) the processing is unlawful, and you oppose the deletion of personal data and instead request the restriction of their use; c) personal data are necessary for the data subject to establish, exercise, or defend a legal claim; Right to data portability: the right to receive, in a structured, commonly used, and machine-readable format, the personal data concerning you provided to the Data Controller and the right to transmit them to another controller without hindrance, where the processing is based on consent and is carried out by automated means; Right to object: the right to object, at any time, to processing if personal data are processed for purposes other than those for which you have consented to processing. Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State where you habitually reside, work, or the place where the alleged violation occurred. Furthermore, the GDPR grants you the right to revoke the consent given at any time and with the same ease with which it was granted. Exercising your rights as a data subject is free under Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge a reasonable administrative fee, taking into account the administrative costs incurred to manage your request, or refuse to satisfy your request.

This Notice was last updated on December 21, 2018. Any updates will always be published on this page.

Data Controller ANDRIANI S.P.A.