Last Updated: 2024-07-02

With this Privacy Policy, Data Flow Security S.r.l. with registered office in Via Vittorelli no. 3, 36061 Bassano del Grappa (VI) Italia – as Data Controller (hereinafter “Data Flow” or “Data Controller”) – wishes to inform you how it processes the personal data you provide when you browse its website https://www.dfsec.com/.

For any further explanations or information, or if you wish to enforce the rights indicated by our Privacy Policy, please write to us via email address: [email protected].
address for registered letters with acknowledgement of receipt: Via Vittorelli no. 3, 36061 Bassano del Grappa (VI) Italia.

The Italian Legislative Decree no. 196/2003 and EU REG. 2016/679 set forth the rules to protect individuals when their personal details are processed; this privacy policy is drawn up in compliance with this new legislation. The legal basis for the processing of personal data is the Treaty on the Functioning of the European Union and, in particular, art. 16 of the same text.

It may be necessary to amend our Privacy Policy when new laws are introduced, and we therefore ask you to visit this area periodically for updates.

This Privacy Policy is applicable only to the website web https://www.dfsec.com/ so that Data Flow therefore declines all and any liability for the way personal data are processed by third party websites linked through the Cookie section or any other links that may be present on the website. No cookies are being served on the website at this time.

According to the applicable law, personal data should be processed pursuant to principles of fairness, legality and transparency in order to protect the privacy of the user and the rights thereof.

Data Flow undertakes to comply with the above principles and accordingly hereby informs you that – other than in the case of processing for which, by law, your consent is expressly required – when you browse this website, download or provide your personal details, you accept the terms and conditions of this privacy policy. You may however revoke your consent to the processing of your personal data at any time by contacting us on the above addresses.

If you are under 16 years of age, you may not give your consent without the authorization of your parent(s) or legal guardian. For data subjects who are on Italian territory, consent is also legitimate, under the same conditions as above, if the subject is at least 14 years old.

The following information are in any case provided on the concept of processing of personal details, and the persons who process the same.

  

SUMMARY

1. Definitions
2. How we process your personal data
3. Purposes of the processing
4. Lawful basis and nature of the processing
5. Recipients
6. Transfer of Personal data
7. Retention of Personal data
8. User rights in accordance with EU.REG. 2016/679
9. How we protect your data

 

1. Definitions

 

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. By browsing this website your personal data collected could be – for example – your first name, last name, your email, your IP address, your interactions with social networks, information about your behavior or your interests if collected through tracking technologies.

In the various sections of the website, you will be asked to submit information such as your name, phone / mobile numbers, e-mail address, country of residence and address etc.

Data Flow could process other Personal data: location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.

The processing of personal data is intended as any operation or set of operations performed with or without the use of automated processes, and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of distribution, comparison or interconnection, limitation, deletion or modification, extraction or destruction thereof.

The data controller is the natural person or legal entity, public authority, service or any other entity that, individually or together with others, decides the scope of processing and method used to process personal data. The data controller is also responsible for the security aspects.
The data controller of this website is Data Flow as indicated above; should you require any further explanations or wish to enforce any of your rights, please contact the same on the following e-mail addresses: [email protected]

The data processor is the natural person or legal entity, public authority, service or other body that processes personal data on behalf of the data controller.

 

2. How we process your personal data

 

On this website, data is collected electronically and processed by means of operations performed mainly with the aid of electronic tools, ensuring the use of suitable measures for the security of the data processed and guaranteeing their confidentiality. Data processing is carried out by minimizing the use of sensitive personal data. Your personal data will be processed by collaborators and/or employees of Data Flow in their capacity as data processors or authorized person, within the scope of their respective functions and in accordance with the instructions given by the Data Flow.

The processing of personal data relating to the website’s services is handled only by authorized person.

Your personal data may be communicated to Judicial Authorities and Police Forces if required by the applicable law and used by Data Flow for the purpose of defending its rights in court, where strictly necessary.

The data collected will not be disseminated. However, to provide the service requested, some data will be shared with external companies, appointed as data processors pursuant to Art. 28 EU Reg. 2016/679, called upon to perform specific tasks on behalf of Data Flow (e.g.: Web agencies, professionals, etc.). Data Flow undertakes to ensure the security of personal data by taking all the necessary IT and physical measures to protect the personal data you provide. No security system can however guarantee full and certain protection; therefore, without prejudice to any liability due to negligence of the Data Controller, Data Flow declines all and any liability for the actions carried out by third parties who abusively access systems without the necessary authorizations.

 

3. Purposes of the processing

 

Data Flow intends to use your Personal data, collected through the website, for the following purposes:

• To reply to your requests for information related to the Data Flow’s activities or the services displayed on the website, to allow you any info you may ask for, any other services which you may request. This processing also includes providing the information requested if you decide to apply for a job position through the site (“Recruiting activities”).  In this case, for the processing of your personal data in the context of the application please refer to the specific notice you may find here (“Service Provision”);

• For compliance with laws which impose upon Data Flow the collection and/or further processing of certain kinds of personal data (“Compliance”);

• To prevent and detect any misuse of the website, or any fraudulent activities carried out through the Website (“Misuse/Fraud”).

 

4. Legal basis and nature of the processing

 

Data Flow’s legal bases for processing your personal data, according to the purposes identified in Section 4, are as follows:

• Service Provision: processing for these purposes is necessary to provide the services and, therefore, is necessary for the performance of a contract with you or precontractual measures or provide the requested information. It is not mandatory for you to give Data Flow your personal data for these purposes; however, if you do not, Data Flow will not be able to provide any services and requested information to you.

• Recruiting: manage your application, call you for an interview or request further information about your career. Processing for these purposes is necessary for the performance of a contract with you or precontractual measures.

• Compliance: processing for this purpose is necessary for Data Flow to comply with its legal obligations. When you provide any personal data to Data Flow, Data Flow must process it in accordance with the laws applicable to it, which may include retaining and reporting your personal data to official authorities for compliance with tax, customs or other legal obligations.

• Misuse/Fraud: Information collected for this purpose is used exclusively to prevent and detect fraudulent activities or misuse of the website (for potentially criminal purposes).

 

5. Recipients of your Personal data

 

Your personal data may be shared with the following list of persons / entities (“Recipients”):

• Persons, companies or professional firms providing Data Flow with advice and consultancy regarding accounting, administrative, legal, tax, HR, financial and collection matters related to the provision of the services and which act typically as data processors on behalf of Data Flow;
• Entities engaged in order to provide the services (e.g., hosting providers or e-mail platform providers);
• Persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
• Persons authorised by Data Flow to process personal data needed to carry out activities strictly related to the provision of the services, who have undertaken an obligation of confidentiality (e.g., employees of Data Flow);
• Public entities, bodies or authorities to whom your personal data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities.

 

6. Transfer of Personal data

 

Your personal data may be stored, accessed, used, processed, and disclosed outside your jurisdiction, including within the European Union, the United States of America, or any other country where our service providers, data processors and sub-processors are located, or where their servers or cloud computing infrastructures may be hosted. We take steps to ensure that the processing of your personal data by our Recipients is compliant with the applicable data protection laws, including EU and Italian law to which we are subject. Where required by EU data protection law, transfers of your personal data to Recipients outside of the EU will be subject to adequate safeguards (such as the relevant EU standard contractual clauses for data transfers between EU and non-EU countries), and/or other legal basis according to the EU legislation.

There may be social network plugins on the website (e.g. Pinterest, Facebook, Instagram, LinkedIn etc.) that allow/permit the sharing of content on your social profiles if you decide to share by clicking on the relevant plugin.

 

7. Retention of Personal data

 

Personal data processed for Service Provision will be kept for the period deemed strictly necessary to fulfil such purposes – in any case, as these personal data are processed for the provision of the services, Data Flow may continue to store this personal data for a longer period, as may be necessary to protect its interests related to potential liability related to the provision of the services.

Personal data processed for Recruiting purposes are stored for one year after receipt of your CV. Once this year has passed, we may ask you to update your CV and stored it for a further year.

Personal data processed for Compliance will be kept for the period required by the specific legal obligation or by the applicable law.

Personal data processed for preventing Misuse/Fraud will be kept for as long as deemed strictly necessary to fulfil the purposes for which it was collected.

 

8. User rights in accordance with EU.REG. 2016/679

 

Article 13, paragraph 2 of EU. REG. 2016/679 lists the user’s rights.
Data Flow hereby informs you that:

– the data subject has the right to ask the data controller for access to its personal data (article 15 EU.REG.) and to modify (article 16 UE. REG) or delete such data (article 17 UE. REG.) or limit any processing involving the same (art. 18 EU. REG.) or oppose processing of such data (art. 21 EU. REG.), and the right to transfer the data (art. 20 EU. REG.);

-if processing is performed pursuant to clause 6 paragraph 1, (a) – express consent for use – or clause 9 paragraph 2, (a) – express consent for the use of genetic, biometric, health-related data, that disclose religious or philosophical beliefs or membership to trade unions, which disclose a racial or ethnic origin, and political opinions – the data subject shall have the right to revoke consent at any time without prejudice to the fact that any data processed pursuant to the consent thereof granted prior to revocation, is intended as legal;

– the data subject has the right to file a complaint with the Italia Data Protection Authority, as the authority who is responsible for monitoring the processing of personal data in Italy.

For more detailed information on your rights, please see art. 15 et sequitur of EU. REG. 2016/679.

In order to enforce any of the above rights, please contact us on the following email address:  [email protected].

If you are an active Data Flow customer or have a contractual relationship with Data Flow that ended less than 30 days ago, we would like to remind you that you may withdraw your consent to commercial communications by writing to [email protected].

 

9. How we protect your Personal data

 

We take reasonable precautions from a physical, technological and organizational point of view to prevent the loss, misuse, or modification of personal data under our control.