Information on the processing of personal data of website users pursuant to Article 13 of EU Regulation No. 2016/679 (“GDPR”)
The company Mestieri S.r.l., pays the utmost attention to the security and confidentiality of the personal data of users of the website: https://www.mestierigruppo.com/ and wishes to provide them with information on the processing of their personal data.
1. Data controller
The data controller is Mestieri S.r.l., with registered office in San Vendemiano (TV), Via Palù 30.
For any request regarding the processing of personal data, as well as to exercise the rights recognised by the GDPR and described in detail in point 7 below, you can contact the Company at the e-mail address: info@mestierigruppo.com or pec: mestieri@pec.mestierigruppo.com or telephone number (+39) 0438 4717.
2. For what purposes does the company process personal data
Through the Website, the Company collects some personal data referring to Users, either voluntarily provided by them or collected in the normal operation of the same, which are processed for the purposes described below.
The Website also makes use of cookies and other tracking tools. Please refer to the cookie policy available at the following link https://www.mestierigruppo.com/cookie-policy/ for further relevant information as well as to manage your preferences in this respect at any time.
| Purpose of processing | Categories of data processed | Legal basis and conferment | Storage period | |
| 1 | Handling of information requests submitted by the User through the appropriate section on the Site. The Company may process the User’s personal data in order to execute a contract or pre-contractual measures, to manage and respond to requests for information submitted via the section on the Site. | First and last name Telephone number Any personal data in the subject line and message sent | Fulfilment of a contractual obligation or execution of pre-contractual measures (Art. 6 (1)(c) GDPR). The provision of personal data is obligatory; failing this, the Company will not be able to respond to the User’s requests. | Up to 6 months from the feedback provided to the User. |
| 2 | Management of the User’s candidature submitted in the “Work with us” section. The Company may process the User’s personal data for the purpose of managing the User’s spontaneous application submitted by him/her in the “Work with us” section of the Site. in the “Work with us” section of the Site. | First and last name Contact details Data contained in curriculum vitae | Execution of pre-contractual measures (Art. 6 (1) (b) GDPR. | Up to 6 months. |
| 3 | Defending one’s rights. The Company may process personal data for the defence of rights in the course of judicial, administrative or extrajudicial proceedings and in the context of disputes arising in connection with the Services. | Depending on the case, personal data collected for purposes 1 to 2 will be processed. | Legitimate interest of the Company in the protection of its rights (Art. 6 (1) (f) GDPR). A new and specific contribution is not required as the Company will pursue this further purpose, where necessary, by processing the data collected for the above-mentioned purposes. | The time necessary to pursue the protection of the right. |
| 4 | Fulfilling legal obligations. The Company may process personal data in order to fulfil its obligations under laws, regulations or EU legislation, provisions/requirements of authorities empowered to do so by law and/or supervisory and control bodies. | As required, personal data collected for purposes 1 to 2 will be processed. | Fulfilment of a legal obligation (Art. 6 (1) (c) GDPR). The provision of personal data for this purpose is compulsory as failure to do so will make it impossible for the Company to fulfil specific legal obligations. | The time required to process the request. |
3. How we keep personal data secure
The Company takes appropriate security measures to ensure the protection, security, integrity and accessibility of Users’ personal data. The appropriate security measures are aimed at preventing unauthorised access, disclosure, modification or destruction of personal data.
All personal data is stored on the Company’s secure computer systems (or appropriately stored hard copies) or on those of our suppliers, and is accessible and usable in accordance with our standards and security policies (or equivalent standards for our suppliers).
4. How long we keep personal data
The Company retains the User’s personal data only for as long as is necessary to achieve the purposes for which it was collected or for any other related legitimate purpose.
Personal data that are no longer needed, or for which there is no longer a legal basis for their retention, will be irreversibly anonymised or securely destroyed.
If personal data are processed for more than one purpose, they will be deleted or anonymised as soon as the retention period for the last purpose has expired.
5. With whom we may share personal data
The personal data may be accessed by duly authorised employees of the Company, as well as by external suppliers, appointed, if necessary, as data processors, who provide support for the provision of services.
You may contact the Company at the following e-mail address info@mestierigruppo.com or pec: mestieri@pec.mestierigruppo.com, to ask to see the list of data processors and other persons to whom we disclose data.
6. Transfers to third countries
The Company informs you that your personal data will be processed exclusively within countries belonging to the European Union (EU) or the European Economic Area (EEA).
7. Personal data protection rights and the right to lodge complaints with the Supervisory Authority
Every User has the right to request the Company, subject to the existence of the legal prerequisite underlying the request:
a) access to personal data, as provided for in Article 15 of the GDPR;
b) rectification or integration of personal data in the Company’s possession that are considered inaccurate, as provided for in Article 16 of the GDPR;
c) the deletion of personal data for which the Company no longer has any legal basis for processing, as provided for in Article 17 of the GDPR;
d) the restriction of the way in which personal data is processed, if one of the cases provided for in Article 18 of the GDPR applies;
e) the copy of the personal data provided to the Company, in a structured, commonly used and machine-readable format and the transmission of such data to another data controller (so-called portability), as provided for in Article 20 of the GDPR
(f) revocation of consent, where the processing is based on such legal basis.
Right to object: in addition to the rights listed above, the User has the right to object at any time to the processing of personal data carried out by the Company in pursuit of its legitimate interest.
The exercise of these rights, which can be done through the Company’s contact details indicated in point 1, is free of charge and is not subject to formal constraints. It shall be the duty of the Company to verify that the User is legitimately entitled to exercise the relevant right and to reply, as a rule, within one month.
In the event that the User considers that the processing of his or her personal data is in breach of the provisions of the GDPR, he or she has the right to lodge a complaint with the Garante per la protezione dei dati personali, using the references available on the website www.garanteprivacy.it, or to take legal action
Last updated: September 2023
