The Data Controller is AorticLab Srl, with registered office in Colleretto Giacosa (TO), via Ribes n. 5.
The policy is issued solely for the service offered by AorticLab Srl, and not for other sites or web apps eventually visited by the user through link and that might indirectly mention the company.
The present policy has been drawn up based upon the principles of lawfulness, fairness, transparency, proportionality and pertinence, as well as in compliance with the GDPR.
PURPOSE OF DATA PROCESSING
The data provided by You will be processed for the purposes by You required, with specific regard to:
– management of the “contact us” option;
– management of the “newsletter” option;
– management of the “career opportunity” option: the data provided will be used to evaluate the user’s candidacy towards professional opportunities within the organisation of the holder’s company.
The provision of personal data for the purposes abovementioned is always optional, albeit mandatory for the purposes listed above. The user’s access to part of the services offered by the website might be denied if the information requested is not provided.
The consent to the data processing will be revoked at any time sending an email to [email protected]
For all the purposes listed above the Data Controller will be able to hire external suppliers, who will receive solely and exclusively the data strictly essential in order to execute the task.
The suppliers will act as Data Processors, appointed pursuant to article 28 GDPR;
The list is available explicitly requesting it to the Data Controller, through the contacts indicated in the present policy.
The collected personal data will never be broadcast for services other than the ones requested.
PLACE OF DATA PROCESSING
The processing pertaining the web services of this site takes place at the premises of AorticLab, and is supervised only by the Data Controller and/or the Processor and or/ by the appointed personnel for the processing.
DATA PROCESSING METHODS
The processing will be carried out through the operations referred to in article 4 GDPR and specifically: collection, registration, organisation, structuring, conservation, adaptation or modification, extraction, consultation, usage, communication through broadcast, distribution, comparison or interconnection, limitation, cancellation or destruction of the data.
The processing will be executed, with regard to the purposes indicated previously, via both hard copy and computer facilities by the Data Controller, Data Processors and/or by the appointed party/parties in compliance with the precautionary measures guaranteeing its security and confidentiality.
The Data Controller and Data Processor will process users’ personal data adopting the appropriate safety measures in order to prevent unauthorised access, broadcast, modification or destruction of data.
Personal data of the users will be stored for as long as they will be necessary to pursue the end uses for which they were acquired in the first place.
Storage period of the data will depend upon the purposes they will be used towards and might therefore vary.
The data collected will be stored for a maximum period of ten years since the user gives their consent. If the user does not consent to the purposes at the expiry of the deadline, the data concerned will be deleted.
Regardless, since the collection, data gathering’s management has been set up in order to minimise the use of data.
- Browsing data
Computer facilities and software procedures set up towards the functioning of this website acquire, during the ordinary use, some personal data. The broadcast of this same data is implicit in Internet’s communication protocols usage. This information is not collected to be associated to identified interests, but might allow the user’s identification through matching with data held by third parties.
IP addresses of the users are always anonymous and personal computer’s domain names belonging to the users are not registered.
Addresses in URI notation (Uniform Resource Identifier) of the resources requested, the methods used in submitting the request to the server, the resulting file’s dimension, the numeric code indicating the status of the answer from the server (success, error, etc.) and other standards concerning the operating system of the user. These data are solely used to obtain anonymous statistics on the site’s use and to control its correct functioning, and is deleted immediately after the processing. The data might be used in order to ascertain the responsibility in the case of hypothetical computer crimes which threaten to damage the site: notwithstanding this outcome, data on web contacts shall expire within 24 months.
- Data voluntarily provided by the user
The discretionary, explicit and voluntary submitting of requests through forms and e-mail to the addresses indicated by the Site implies the consequent acquisition of the sender’s address, essential in order to respond to the request. All other hypothetical personal data input in the specific summary policies will also feature and/or will be visualised on the website’s pages set up for peculiar services on request.
None of the user’s personal data will be deliberately acquired by the site. No cookies will be used to broadcast personal information, nor will the so-called “persistent cookies” of any kind, nor means to track the user. The use of session cookies (which are not memorised permanently on the user’s computer and disappear with the closing of the browser) is strictly limited to the broadcast of identification session (constituted by random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. The so-called session cookies used in this site avoid using other practices potentially detrimental to the confidentiality of the navigation of the users and do not allow the acquisition of personal data identifying the user.
In order not to receive any further communications from AorticLab Srl, send an e-mail to [email protected] specifying in the subject line “delete from the list of e-mail addresses”.
RIGHTS OF DATA SUBJECTS
Subjects whose personal data are concerned have at any time, pursuant to articles 15-22 GDPR, the following rights:
- obtain from the data controller the confirmation that a processing of their personal data is currently taking place and, if so, gain access to it;
- obtain information about the purposes and methods of processing, the categories of personal data provided, the recipient and/or the categories of recipients who have received or will receive them and, if possible, the storage period;
- obtain the amendment, supplementation and deletion of the data;
- obtain the limitation of the processing;
- obtain data portability, which means receiving them from the Data cCntroller, pursuant to art. 20 GDPR 679/2016, “in a structured, commonly used and machine-readable format” and transmit them to another data controller without impediments.
- oppose the processing at any time, including processing towards direct marketing;
- revoke the consent at any time, without threatening the processing based on the consent given prior to the revocation request;
- file a complaint to the Data Protection Authority, whether they sustain the processing of their personal data on this website occurs in violation of the provisions of the regulation.