1.Who we are and applicable legislation

With this, Dataflow Security S.r.l. with registered office in Via Vittorelli no. 3, 36061 Bassano del Grappa (VI) Italia – as Data Controller (hereinafter “Dataflow” or “Data Controller”) – wishes to inform you how it processes the personal data in the meaning set forth in Article 4  EU REG. 2016/679 (“EU REG”) and in section 2 below (hereinafter “Personal Data”) you provide when you browse its website https://www.dfsec.com/.

For any further explanations or information, or if you wish to enforce the rights indicated by our Privacy Policy, please write to us via email address: [email protected].
address for registered letters with acknowledgement of receipt: Via Vittorelli no. 3, 36061 Bassano del Grappa (VI) Italia.

The Italian Legislative Decree no. 196/2003 and EU REG. 2016/679 set forth the rules to protect individuals when their Personal Data are processed; this Privacy Policy is drawn up in compliance with this new legislation. The legal basis for the processing of Personal Data is the Treaty on the Functioning of the European Union and, in particular, art. 16 of the same text.

It may be necessary to amend our Privacy Policy when new laws are introduced, and we therefore ask you to visit this area periodically for updates.

This Privacy Policy is applicable only to the website https://www.dfsec.com/ so that Dataflow therefore declines all and any liability for the way Personal Data are processed by third party websites linked through the Cookie section or any other links that may be present on the website. No cookies are being served on the website at this time.

According to the applicable law, Personal Data should be processed pursuant to principles of fairness, legality and transparency in order to protect the privacy of the user and the rights thereof.

Dataflow undertakes to comply with the above principles and accordingly hereby informs you that – other than in the case of processing for which, by law, your consent is expressly required – when you browse this website, download or provide your personal details, you accept the terms and conditions of this Privacy Policy. You may however revoke your consent to the processing of your Personal Data at any time by contacting us on the above addresses.

If you are under 16 years of age, you may not give your consent without the authorization of your parent(s) or legal guardian. For data subjects who are on Italian territory, consent is also legitimate, under the same conditions as above, if the subject is at least 14 years old.

The following information are in any case provided on the concept of processing of Personal Data, and the persons who process the same.

2. Definitions

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. By browsing this website your Personal Data collected could be – for example – your first name, last name, your email, your IP address, your interactions with social networks, information about your behavior or your interests if collected through tracking technologies.

In the various sections of the website, you will be asked to submit information such as your name, phone/ mobile numbers, e-mail address, country of residence and address etc.

Dataflow could process other Personal Data: location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.

The processing of Personal Data is intended as any operation or set of operations performed with or without the use of automated processes, and applied to Personal Data or sets of Personal Data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of distribution, comparison or interconnection, limitation, deletion or modification, extraction or destruction thereof.

The data controller is the natural person or legal entity, public authority, service or any other entity that, individually or together with others, decides the scope of processing and method used to process Personal Data. The data controller is also responsible for the security aspects.
The data controller of this website is Dataflow as indicated above; should you require any further explanations or wish to enforce any of your rights, please contact the same on the following e-mail addresses: [email protected]

The data processor is the natural person or legal entity, public authority, service or other body that processes Personal Data on behalf of the data controller.

On this website, data is collected electronically and processed by means of operations performed mainly with the aid of electronic tools, ensuring the use of suitable measures for the security of the data processed and guaranteeing their confidentiality. Data processing is carried out by minimizing the use of sensitive Personal Data. Your Personal Data will be processed by collaborators and/or employees of Dataflow in their capacity as data processors or authorized person, within the scope of their respective functions and in accordance with the instructions given by the Dataflow.

The processing of Personal Data relating to the website’s services is handled only by authorized person.

Your Personal Data may be communicated to Judicial Authorities and Police Forces if required by the applicable law and used by Dataflow for the purpose of defending its rights in court, where strictly necessary.

The data collected will not be disseminated. However, to provide the service requested, some data will be shared with external companies, appointed as data processors pursuant to Art. 28 EU Reg. 2016/679, called upon to perform specific tasks on behalf of Dataflow (e.g.: Web agencies, professionals, etc.). Dataflow undertakes to ensure the security of Personal Data by taking all the necessary IT and physical measures to protect the Personal Data you provide. No security system can however guarantee full and certain protection; therefore, without prejudice to any liability due to negligence of the Data Controller, Dataflow declines all and any liability for the actions carried out by third parties who abusively access systems without the necessary authorizations.

4.Purposes of the processing

Dataflow intends to use your Personal Data, collected through the website, for the following purposes:

• To reply to your requests for information related to the Dataflow’s activities or the services displayed on the website, to allow you any info you may ask for, any other services which you may request. This processing also includes providing the information requested if you decide to apply for a job position through the website (“Recruiting activities”).  In this case, for the processing of your Personal Data in the context of the application please refer to the specific notice you may find https://www.dfsec.com/  (“Service Provision”);

• For compliance with laws which impose upon Dataflow the collection and/or further processing of certain kinds of Personal Data (“Compliance”);

• To prevent and detect any misuse of the website, or any fraudulent activities carried out through the website (“Misuse/Fraud”).

5. Legal basis and nature of the processing

Dataflow’s legal bases for processing your Personal Data, according to the purposes identified in Section 4, are as follows:

• Service Provision: processing for these purposes is necessary to provide the services and, therefore, is necessary for the performance of a contract with you or precontractual measures or provide the requested information. It is not mandatory for you to give Dataflow your Personal Data for these purposes; however, if you do not, Dataflow will not be able to provide any services and requested information to you.
• Recruiting: manage your application, call you for an interview or request further information about your career. Processing for these purposes is necessary for the performance of a contract with you or precontractual measures.
• Compliance: processing for this purpose is necessary for Dataflow to comply with its legal obligations. When you provide any Personal Data to Dataflow, Dataflow must process it in accordance with the laws applicable to it, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations.
• Misuse/Fraud: Information collected for this purpose is used exclusively to prevent and detect fraudulent activities or misuse of the website (for potentially criminal purposes).

6. Recipients of your Personal Data

Your Personal Data may be shared with the following list of persons / entities (“Recipients”):

• Persons, companies or professional firms providing Dataflow with advice and consultancy regarding accounting, administrative, legal, tax, HR, financial and collection matters related to the provision of the services and which act typically as data processors on behalf of Dataflow;
• Entities engaged in order to provide the services (e.g., hosting providers or e-mail platform providers);
• Persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
• Persons authorised by Dataflow to process Personal Data needed to carry out activities strictly related to the provision of the services, who have undertaken an obligation of confidentiality (e.g., employees of Dataflow);

Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities

7. Transfer of Personal Data

Your Personal Data may be stored, accessed, used, processed, and disclosed outside your jurisdiction, including within the European Union, the United States of America, or any other country where our service providers, data processors and sub-processors are located, or where their servers or cloud computing infrastructures may be hosted. We take steps to ensure that the processing of your Personal Data by our Recipients is compliant with the applicable data protection laws, including EU and Italian law to which we are subject. Where required by EU data protection law, transfers of your Personal Data to Recipients outside of the EU will be subject to adequate safeguards (such as the relevant EU standard contractual clauses for data transfers between EU and non-EU countries), and/or other legal basis according to the EU legislation.

There may be social network plugins on the website (e.g. Pinterest, Facebook, Instagram, LinkedIn etc.) that allow/permit the sharing of content on your social profiles if you decide to share by clicking on the relevant plugin.

8. How you can control your Data

Anytime you can ask for:

• access your Data: we will provide you with the Data we have on you and, where applicable, the source of your Data (if, for example, we received your “Data collected from HR Partners”);
• make your Data portable: where applicable, we will provide you with an excel file containing the Data we have on you.
• rectify your Data: for example, you can ask us to modify the e-mail, telephone number or professional experience you have provided us with, if you believe they are not correct or should be updated;
• limit the processing of your Data: for example, if you believe that our processing is unlawful and/or that certain processing operations carried out on the basis of our legitimate interest are inappropriate;
• delete your Data: for example, and where applicable, if you are no longer interested in a job and would like us to no longer store your Data.

The response time required by European legislation to which we are subject is 1 month from your request (extendable up to a further 2 months in case of complexity).

You can exercise any of the rights listed above towards:

• Dataflow by writing to [email protected];

At any time you can also contact the competent Supervisory Authority or the one of your country whose contact details are available here https://edpb.europa.eu/about-edpb/board/members_en

Personal Data processed for Service Provision will be kept for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of the services, Dataflow may continue to store this Personal Data for a longer period, as may be necessary to protect its interests related to potential liability related to the provision of the services.

Personal Data processed for Recruiting purposes are stored for five years after receipt of your CV. Once this year has passed, we may ask you to update your CV and stored it for a further year. Please refer to the HR/recruiting privacy policy found in the application section.

Personal Data processed for Compliance will be kept for the period required by the specific legal obligation or by the applicable law.

Personal Data processed for preventing Misuse/Fraud will be kept for as long as deemed strictly necessary to fulfil the purposes for which it was collected.

.

.

10. User rights in accordance with EU.REG. 2016/679

Article 13, paragraph 2 of EU. REG. 2016/679 lists the user’s rights.
Dataflow hereby informs you that:

– the data subject has the right to ask the data controller for access to its Personal Data (article 15 EU.REG.) and to modify (article 16 EU. REG) or delete such data (article 17 EU. REG.) or limit any processing involving the same (art. 18 EU. REG.) or oppose processing of such data (art. 21 EU. REG.), and the right to transfer the data (art. 20 EU. REG.);

-if processing is performed pursuant to clause 6 paragraph 1, (a) – express consent for use – or clause 9 paragraph 2, (a) – express consent for the use of genetic, biometric, health-related data, that disclose religious or philosophical beliefs or membership to trade unions, which disclose a racial or ethnic origin, and political opinions – the data subject shall have the right to revoke consent at any time without prejudice to the fact that any data processed pursuant to the consent thereof granted prior to revocation, is intended as legal;

– the data subject has the right to file a complaint with the Italia Data Protection Authority, as the authority who is responsible for monitoring the processing of Personal Data in Italy.

For more detailed information on your rights, please see art. 15 et sequitur of EU. REG. 2016/679.

In order to enforce any of the above rights, please contact us on the following email address:  [email protected].

If you are an active Dataflow customer or have a contractual relationship with Dataflow that ended less than 30 days ago, we would like to remind you that you may withdraw your consent to commercial communications by writing to [email protected].

We take reasonable precautions from a physical, technological and organizational point of view to prevent the loss, misuse, or modification of Personal Data under our control.

11. Changes to the Notice