Privacy Policy
PRIVACY POLICY – WEB GENERAL – Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”)
According to Regulation (EU) 2016/679 (General Data Protection Regulation) we provide you the due information concerning the processing of collected personal data. This notice is not to be considered valid for other websites attainable trough links and data processor shall not be held responsible for third parties web pages. This notice is provided pursuant to art. 13 of the Regulation (EU) 2016/679 (General Data Protection Regulation) and according to the provisions of the Directive 2002/58/CE, as amended by Directive 2009/136/CE on Cookies, as well as according to the Provision of the Data Protection Authority dated 08.05.2014 on cookies.
Personal data we may collect and process
Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).
Navigation data: IP addresses, domain name, URI/URL addresses, time and methot of the request, response code from server and a few information regarding the useragent (OS version, resolution, devise type).
Voluntarily provided data: The optional, explicit and voluntary transmission of messages to contact addresses or forms, entails the subsequent acquisition of sender’s address; the latter, along with any other personal information provided, will be necessary for us to reply.
Social media: For more information regarding the processing of personal data carried out by any Social Media platforms deployed on this website, please refer to their respective privacy policies. The Data Controller processes the personal data through the pages of the dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
Specific privacy statement may be furnished with regards to specific processings or services offered by the website.
COOKIES: More information available in the specific statement; please click here
DATA CONTROLLER pursuant to art. 4 and 24 of the Reg. (EU) 2016/679, is STONEX SRL – with registered office in Viale dell’Industria, 53 | 20037 – Paderno Dugnano (MI) | Italy, represented by the legal representative pro tempore.
PURPOSE OF PROCESSING | LEGAL BASIS | DATA RETENTION | DATA CONFERRAL |
---|---|---|---|
Website browsing
Activities strictly related to site operations and to platform browsing service provision. The data required to avail yourself of this website, will be processed as well in order to: • Gather statistical information (most viewed pages, number of visitors, timeline visits, geographical source of visit) • Monitor the status of services |
Legitimate interest | Data subject rights Art. 6 lett. f) and recital 47 GDPR: the processing is necessary for pursuing the legitimate interest of data controller or third parties’ | Single browsing session and up to 7 days after (except from any requests by the Judicial Authority for crime prevention needs) | Necessary in order to guarantee the navigation |
Website Analytics By means of cookies and similar technologies More information available in the cookie policy |
Cookies other than technical ones (or similar) require users’ consent in order to be deployed (art. 6.a GDPR) Whether required, the consent will be requested by means of our cookie policy and its banner | More information available in the cookie policy | More information available in the cookie policy |
Contact or information request By means of phone calls, contact forms, Whatsapp |
Legitimate interest | Data subject rights Art. 6 lett.f) and recital 47 GDPR: the processing is necessary for pursuing the legitimate interest of data controller or third parties’ | 1 year | Necessary for the legitimate interest of data controller with due regard to user’s rights and fundamental freedoms |
Direct marketing;
For promotional communication, newsletters and/or invitation to events promoted or organized by the Data Controller, by e-mail, SMS, MMS, phone call also without operator, mail, or other communication tool.
Data won’t be disclosed to third parties
The data controller shall make use of reporting systems in order to gather a few more information relating to his service (e.g. number of readers and unique clicks, devices information when opening our communication, single users activity on website. In order to compare and possibly improve the results of automated communications, the Data Controller does make use of reports. Thanks to reports, the controller will be able to discover, in eg.: the number of readers, of openings and unique "clickers"; the device and the operating systems requesting contents; details on the activity of individual users; the detail of sent, delivered or forwarded E-Mails. |
Consent Art 6.1.a) GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes; | Until consent withdrawal (opt-out) | Optional: in case of denial the data controller won’t be able to send you promotional communication |
Management of interested subjects’ requests pursuant to art. 15 and following (GDPR) | Legal obligation Art. 6.1.c) GDPR processing is necessary for compliance with a legal obligation the controller is subject to; | 5 years after its closure, except from controversy | Necessary: The provision of personal data is mandatory in order to execute legal obligations |
Recruiting staff research and selection of personnel for the purpose of establishing an employment relationship, also for any positions different from those for which the data subject is a candidate; storage of personal data also for future selections; managing applications in response to job vacancies posted on our website; interviews and any video-interviews (data processing including image / audio). | Contract Art. 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; | Up to 24 months | Necessary: The provision of personal data is mandatory where mandatory and in case of lack the Data Controller will not be able to consider your candidacy |
PURPOSE OF PROCESSING | LEGAL BASIS | DATA RETENTION | DATA CONFERRAL | |
A) | Website browsing Activities strictly related to site operations and to platform browsing service provision. The data required to avail yourself of this website, will be processed as well in order to: · Gather statistical information (most viewed pages, number of visitors, timeline visits, geographical source of visit) · Monitor the status of services | Legitimate interest | Data subject rights Art. 6 lett. f) and recital 47 GDPR: the processing is necessary for pursuing the legitimate interest of data controller or third parties’ | Single browsing session and up to 7 days after (except from any requests by the Judicial Authority for crime prevention needs) | Necessary in order to guarantee the navigation |
B) | Website Analytics By means of cookies and similar technologies More information available in the cookie policy | Cookies other than technical ones (or similar) require users’ consent in order to be deployed (art. 6.a GDPR) Whether required, the consent will be requested by means of our cookie policy and its banner | More information available in the cookie policy | More information available in the cookie policy |
C) | Contact or information request By means of phone calls, contact forms, Whatsapp | Legitimate interest | Data subject rights Art. 6 lett.f) and recital 47 GDPR: the processing is necessary for pursuing the legitimate interest of data controller or third parties’ | 1 year | Necessary for the legitimate interest of data controller with due regard to user’s rights and fundamental freedoms |
D) | Direct marketing; For promotional communication, newsletters and/or invitation to events promoted or organized by the Data Controller, by e-mail, SMS, MMS, phone call also without operator, mail, or other communication tool. Data won’t be disclosed to third parties The data controller shall make use of reporting systems in order to gather a few more information relating to his service (e.g. number of readers and unique clicks, devices information when opening our communication, single users activity on website. In order to compare and possibly improve the results of automated communications, the Data Controller does make use of reports. Thanks to reports, the controller will be able to discover, in eg.: the number of readers, of openings and unique “clickers”; the device and the operating systems requesting contents; details on the activity of individual users; the detail of sent, delivered or forwarded E-Mails.
| Consent Art 6.1.a) GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes; | Until consent withdrawal (opt-out) | Optional: in case of denial the data controller won’t be able to send you promotional communication |
E) | Management of interested subjects’ requests pursuant to art. 15 and following (GDPR) | Legal obligation Art. 6.1.c) GDPR processing is necessary for compliance with a legal obligation the controller is subject to;
| 5 years after its closure, except from controversy | Necessary: The provision of personal data is mandatory in order to execute legal obligations |
F) | Recruiting staff research and selection of personnel for the purpose of establishing an employment relationship, also for any positions different from those for which the data subject is a candidate; storage of personal data also for future selections; managing applications in response to job vacancies posted on our website; interviews and any video-interviews (data processing including image / audio). | Contract Art. 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; | Up to 24 months | Necessary: The provision of personal data is mandatory where mandatory and in case of lack the Data Controller will not be able to consider your candidacy |
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data provided by you may be communicated to recipients who will act as Processors (art. 28 of the Reg. EU 2016/679) and/or persons acting under the authority of the Controller and the Processor (art.29 of the Reg. UE 2016/679) for the purposes pointed ahead. Precisely, your data may be disclosed to recipients being part of the following categories:
- Subjects providing services for the management of the information system used by STONEX SRL and telecommunication
networks: - Studies or companies in the context of assistance and consultancy relationships;
- Subjects providing services related to the management of the above mentioned purposes (communication, brochure printing,
fliers, websites, videos); - Head-hunters agencies
- Commercial partners, upon consent;
- Competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request;
You can request a complete listing of processors writing to the abovementioned addresses.
DATA TRANSFER TO A THIRD COUNTRY AND/OR TO INTERNATIONAL ORGANISATION
Personal data provided won’t be transferred to a third Country outside the SEE. Moreover, all the data will be hosted and retained in Italy; all the third parties to whom data may be disclosed, do have registered office in Italy.
AUTOMATED-MEAN PROCESSINGS
Personal data will be manually and electronically processed, as well as by automated-mean activity. It is specified that fully automated decision-making processes are not carried out. With reference to profiling activity carried out with prior and express consent, it will be carried out through the intervention of operators who will elaborate the profile of the interested party and analyse his habits and consumption choices, in order to improve the commercial offer and data controller’s services (non-automated profiling).
DATA SUBJECT’S RIGHTS
You may freely exercise your rights at any time under Reg. EU 2016/679 –GDPR, Sections 15, 16, 17, 18, 19, 20, 21 by contacting the Data Controller – STONEX SRL in person of its legal representative sending an email to privacy@stonex.it.
You have the right, at any time, to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed, request their rectification or erasure, to oppose to personal data processing (also to profiling) without prejudice to the lawfulness of processing, to obtain the restriction of processing.
Without prejudice to any other administrative or judicial remedy, in case you consider your data processing in contrast with Reg. UE 2016/679, pursuant to article 15 lett. f) of Reg. UE 2016/679, you have the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it) and, pursuant to article 6 paragraph no. 1, lett. a) and article 9, paragraph no. 2, lett. a), you have the right to revoke your expressed consent at any time.
Exercising your right to data portability, the Data Controller may provide your personal data in a structured, commonly used and machine-readable format subject to the provisions set forth in paragraphs 3 and 4 of art. 20 of Regulation EU 2016/679.
Informative amendments: Data processor retains the right to modify, update, add or remove some parts of this informative at any time.
Date of review: 11/25/24
STONEX SRL