Privacy Policy

Privacy Policy

This page describes how the site is managed with reference to the processing of personal data of users who consult it. This is an informative notice that is also made pursuant to art. 13 of Regulation (EU) 679/2016 – to those who interact with the web services of Comdata S.p.A. accessible electronically from the address: https://www.comdatagroup.com corresponding to the home page of the official website of the Comdata Group. The information notice is provided only for the Comdata Group website and not for other websites that may be consulted by the user through links. The information notice is also inspired by Recommendation No. 2/2001 that the European authorities for the protection of personal data – gathered in the working group so-called Article 29 of Directive No. 95/46 / EC, adopted on May 17, 2001 – to identify the minimum requirements for the collection of personal data online and, in particular, the methods, times and nature of the information that the data controllers must provide to users when they link to web pages, regardless of the purpose of the link.

Data controller and data processor

The Controller for the personal data collected through this website is Comdata S.p.A. (hereinafter “Comdata” or “Controller”), with registered office at Via Caboto 1 Corsico (MI), Italy, the company that designed the website, manages it and decides its configuration and development including on the basis of its business activity and services.  

The personal data collected through the website may also be processed by third parties, including Companies within the Comdata Group or service providers acting on behalf of Comdata as Data Processors, who shall process the data in compliance with the purpose for which they were collected.  

Necessary and essential data

Through this website we collect and store personal data only when this is essential to attain the purposes declared in the Policy or in the single policies published on the website in connection to data collection forms.  Users can navigate the website without registering or being identified.  The website is designed so as to respect the users’ anonymity. Our policy is to avoid collecting personal data when the purposes pursued in each single case can be attained by using anonymous data (such as, for instance, in conducting statistical aggregate analyses of website navigation, through web analytics tools, without analysing single users’ navigation traces).

Methods of processing and security measures

Users’ personal data shall be processed through automated means for the time and to the extent necessary to attain the single purposes for which they are collected.  

The Comdata website is protected from potential cyber-attacks and unauthorised accesses by appropriate security measures, aimed at ensuring the integrity, confidentiality, and availability of the data of the users who navigate the website. 

In spite of the steps taken to ensure an appropriate level of security, Comdata cannot guarantee to its users that the measures adopted to protect its website and the transmission of data and information will completely exclude every risk of unauthorised access or loss of data.  Users are invited to verify that their computer or other device (e.g., smartphone or tablet) is equipped with appropriate technological tools to protect the transmission of data over the Internet, including outgoing and incoming data (e.g., by using updated antivirus systems), and that their Internet provider has adopted appropriate security measures to protect the transmission of data over the Internet. 

Purposes of processing

The personal data shall be processed to:

  1. reply to the users’ requests for information and materials; in relation to this purpose, it is specified that the controllership for the data processing belongs to the Comdata Group Company to which the request was made, if this request is not addressed to Comdata S.p.A., the latter will only communicate to this Company the request and the data necessary for its management;
  2. enable the newsletter service requested by users;
  3. allow users to contact the Group’s Companies sale departments; in relation to this purpose, it is specified that the controllership for the data processing belongs to the Comdata Group Company to which the request was made, if this request is not addressed to Comdata S.p.A., the latter will only communicate to this Company the request and the data necessary for its management;
  4. enable the assessment of job applications submitted by users, and contact said users where necessary. As to this last purpose, please be aware that for the processing of the applicants’ data, the Controller is the Comdata Group company with registered offices in the country where the position applied for is offered; if this request is not addressed to Comdata S.p.A., the latter will simply communicate to this Company the request and the data necessary for its management;
  5. comply with obligations of law. 

The collection of identification and contact data – where necessary for single functions – shall be preceded by an appropriate privacy policy that will illustrate the purpose of collection of said data. 

Legal basis and mandatory or discretionary nature of the provision of data

For the purposes No. 1), 3) and 4), processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract, pursuant to Article 6, paragraph 1), letter b) of Regulation EU 2016/679 (hereinafter, “GDPR”). The provision of said data by users is discretionary, but without said provision the user’s requests to receive information or materials, to be contacted and to have their possible applications assessed, cannot be carried out. 

Purpose number 2) finds its legal basis in Article 6, c.1 par. f) of the GDPR, the processing is based on a legitimate interest of the sending Data Controller to send its newsletter to users who request it, the newsletter is sent by email and the user can unsubscribe at any time using the appropriate button at the bottom of the mail.

The legal basis for the purpose under number 5) is found in Article 6, paragraph 1, letter c) of the GDPR, and the processing of said data, where provided, is necessary to comply with a legal obligation.

The communication by Comdata S.p.A to the other Group Companies of the personal data collected for the purposes referred to in numbers 1), 3) and 4) takes place by virtue of a legitimate interest common to all Group Companies.

Categories of data

The personal data of the users who write to Comdata are contact data (such as e-mail address and phone numbers, the data relating to the messaging sent by filling in the forms on the site, data relating to professional qualification and the data contained in the Resumes if they apply through the site).  

Browsing data are data that only enable an indirect identification of a data subject and only when necessary, such as in case of a request by an authorised judge or by the police forces (e.g., data that enable to associate an anonymous user’s activities and navigation on the website to an IP address, meaning the Internet Protocol that identifies the single computer or device (i.e., a smartphone or tablet) from which the website navigation or activities were carried out).

For any details relating to the use of cookies within the site, please refer to the Cookie Policy available here.

Categories of data recipients

For the above purposes, the personal data concerning users may be shared with the following categories of recipients:

  • Data Processors duly appointed by the Controller, such as persons providing services to the Controller with respect to administrative, legal, technological or other issues.
  • employees and associates of the Controller, subject to confidentiality obligations;
  • Group Companies to which the requests made by users for the purposes referred to in numbers 1), 3) and 4) refer;
  • other entities to whom the data must be disclosed by law (such as the Public Authority).

Transfer of personal data to third countries

The users’ personal data may be disclosed to entities outside the European Economic Area.

Comdata ensures that the transfer shall be based on compliance with an adequacy decision by the European Commission, on Standard Contractual Clauses approved by the European Commission, or under the exemption referred to in Article 49, paragraph 1., lett. b) of the Regulation[1], adopting adequate guarantees of confidentiality and security.

Data storage period

As to the purposes under numbers 1) and 2)the personal data shall be retained for the time strictly necessary to attain such purposes, and to enable Comdata to protect its rights and interest in legal proceedings, for a period not exceeding the maximum retention time provided for under applicable legislation, which coincides with the period of limitation established for the legal actions available by law.

In relation to the purpose number 3) personal data will be kept for 3 years.

The data collected for the purpose under number 4) may be retained for a period strictly necessary to consider the candidates’ application.

In relation to the purpose number 1), 2) and 4) if the request is managed by Companies of the Comdata Group other than Comdata S.p.A., the retention times will be determined by the latter which, as an independent Data Controller, will process the personal data of users in the time strictly necessary for the pursuit of the aforementioned purposes.

With respect to the data collected for the purpose under number 5), they shall be retained for the period established for each specific obligation or provision of law applicable.

Links to third party sites

Links to other sites are not managed by Comdata which, therefore, will not be responsible in any way for the content of such sites or links. Comdata only provides links that can support the user. This does not establish any link between Comdata and the redirected site.

Access to data and exercise of data protection rights

Pursuant to Regulation (EU) 2016/679, data subjects have to right, which they may exercise at any time, to obtain confirmation of the existence of data and learn their content and origin, check whether the data are correct or request to have incomplete data completed, or to have said data updated or rectified. Data subjects also have the right to request their data to be erased, or to obtain restriction of processing; they have the right to data portability by receiving their data in a commonly used and machine-readable format, and in any case object to the processing of data concerning them.

Personal Data Protection Officer (DPO)

Anyone wishing to exercise the aforementioned rights, can write to the Data Protection Officer (DPO) designated by Comdata S.p.A. to the address of the registered office of Comdata S.p.A., or send an email to the address dpo@comdatagroup.com. Users who have made requests addressed to Comdata Group Companies other than Comdata S.p.A., for the exercise of their rights must refer to the address of the company to which their request was addressed.

Protection

Should you become aware of any violation to your rights, you may contact the competent Supervisory Authority pursuant to Article 77 of Regulation (EU) 2016/679. You shall in any case have the right to lodge a complaint before the competent courts.

 

(1)Article 49, paragraph 1., lett. b) of the Regulation provides that “In the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions: … (b) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request…”.

Contact section

Dear User,

your personal data will be processed to manage your request by the Comdata Group company to which your request is addressed, which will process them as Data Controller.

If the request is made to Comdata S.p.A., with registered office at Via Caboto 1, Corsico, your personal data will be processed by this company as the sole Data Controller. If the request is made to a Comdata Group company other than Comdata S.p.A., the latter with the support of its suppliers will limit itself to communicating your request to the relevant Comdata Group company.

Details of the Controller’s company name and contact details are available on this site on the appropriate pages. The legal basis of the processing is the performance of a contract to which the data subject is a party, or the performance of pre-contractual measures taken at the request of the same (Art. 6 c.1 lett. b) of EU Reg. 679/2016). Your personal data will not be disclosed and may be communicated to third parties in cases where this is necessary for the management of your request or in cases provided for by law. If your request is addressed to a Comdata Group Company located outside the European Economic Area, the transfer of personal data will take place based on your consent. Providing consent is optional, however without it, we may not be able to handle your request if it is addressed to a Comdata Group company outside the European Economic Area. Consent can be revoked at any time by writing to the DPO of the individual company, without prejudice to the lawfulness of the processing before revocation.

Your personal data will be kept for the time strictly necessary to process your request.

You are entitled to the rights set out in Articles 15 et seq. of EU Reg. 679/2016. To exercise these rights, you may write to the DPO of the individual Comdata Group Company contacted.

If you believe that your rights have been infringed, you may apply to the competent supervisory authority according to Article 77 of EU Regulation 679/2016. This is without prejudice to the possibility of appealing to the Judicial Authority. Further details on the processing of your personal data and your rights are available by clicking here.

 “Work with us” section (Art. 13 EU Reg. no. 679/2016 – or “GDPR”)

Dear Candidate,

your personal data will be processed to manage your request by the Comdata Group Company, to which your request is addressed, which will process them as Data Controller.

If the request is made to the Italian company of the Comdata Group S.p.A., with registered office at Via Caboto 1, Corsico, your personal data will be processed by this company as the sole Data Controller. If the request is made to a Comdata Group company other than Comdata S.p.A., the latter with the support of its suppliers will only forward your request to the relevant Comdata Group company.

Details of the Controller’s company name and contact details are available on this site on the appropriate pages. These data are processed for personnel selection purposes only, with the support of Suppliers and service companies that act as Data Processors of Comdata S.p.A. (for example, IT service providers, as may be the case of the operator of the website you are browsing to propose your application).

You may register in this database and enter a personal CV, thus providing your profile using the appropriate forms and the “upload” function. You may register your CV by applying for a specific job based on an advertisement published by us, but you may also simply register your CV without referring to a particular job position. Applications addressed to Comdata S.p.A. will be kept for a reasonable time, which varies from company to company, but never more than 3 years. If the application is handled by a Comdata Group company other than Comdata S.p.A., your personal data will be processed for the time strictly necessary to consider your application. Even if your application is not taken into consideration for the job offer you have responded to, the Data Controller may always contact you for further requests relating to different positions.

The Controller collects various types of information: a) contact data by which you can be identified, for example, your name, address, e-mail, and telephone; b) a description of your work experience, skills, and education; c) other qualifying information, for example, various certificates of attendance at courses, master’s degrees, etc.; d) a description of your work experience, skills, and education.

If you apply for several positions at the same time or if you reapply for a different position, we will be able to record all your applications.

The data you provide may be shared by the Company, for example, with members of the board of directors as well as company personnel who will be involved in the selection process, including concerning other companies that are part of the same “Business Group”, due to a legitimate interest of the Company, as defined in Recital 48 of the GDPR.

Your data may also be communicated, as mentioned above, to any “qualified” parties that provide the Company with services instrumental to the purposes indicated in this information notice, including (i) subsidiaries, investees, and/or associated companies; (ii) IT service providers (e.g. CV management systems in use at the Company; (iii) suppliers and/or other qualified parties who provide the Company with services or facilities instrumental to the management of the personnel selection process (e.g. employment consultants); (iv) consultants who assist the Company in various ways with particular reference to legal, tax, social security, accounting, organizational aspects; (v) any other party to whom your data must be communicated based on an express provision of law.

If the company to which the application is addressed is located outside the European Economic Area, the transfer of personal data will take place, within the framework of the derogation set out in Article 49(1)(b) of the Regulation [1][1], adopting adequate guarantees of confidentiality and security.

The provision of your data is optional, however, failure to provide such data will not allow us to consider your application.

If you provide us with sensitive data (falling under the list in Article 9 of the European Regulation No. 679/2016) to process your application, this data will only be processed, according to Article 9(2)(b), if national law allows us to process it.

You will always be able to update or delete the data you have shared with us. In order to have full clarity on the operations we have reported to you and to obtain the cancellation, transformation into anonymous form and blocking of data processed in violation of the law, to request updating or rectification or integration, to oppose their use and to exercise the other rights provided for in Articles 15 et seq. of EU Regulation 679/2016, you may contact the Data Protection Officer (DPO) designated by Comdata S.p.A., by writing to the address of the registered office of Comdata S.p.A., or by sending an email to dpo@comdatagroup.com. Users who have made requests addressed to companies of the Comdata Group other than Comdata S.p.A., for the exercise of their rights must refer to the address of the company to which their request was sent.

Should you detect a violation of your personal data, you may apply to the competent supervisory authority under Article 77 of European Regulation no. 679/2016, without prejudice to the possibility of appealing to the judicial authorities.

Further details on the processing of your personal data and your rights are available by clicking here.

[1] Article 49, paragraph 1., lett. b) of the Regulation provides that “In the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions: … (b) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request…”.

 

Newsletter section

Comdata S.p.A, with registered office at Via Caboto 1, Corsico (MI), as Data Controller, will process the personal data you enter in the specific form to send you, its newsletter. To send the newsletter Comdata S.p.A. may use suppliers specifically appointed as Data Processors. The legal basis for the processing is the legitimate interest of Comdata S.p.A. to inform interested users about the main news regarding the Comdata Group. Your personal data will not be disclosed and may be communicated to third parties only in cases provided for by law. Your data will be kept as long as the newsletter service remains active or until you cancel it, which you can request by clicking on the appropriate button at the bottom of the email containing the newsletter. You are entitled to the rights outlined in Art. 15 et seq. of EU Reg. 679/2016, which you can exercise by writing to dpo@comdatagroup.com. If you believe that your rights have been infringed, you may contact the competent supervisory authority according to Article 77 of EU Regulation 679/2016. This is without prejudice to the possibility of appealing to the judicial authorities. Further details on the processing of your personal data and your rights are available by clicking here.

 

Scroll to Top