This page describes how the site is managed with reference to the processing of personal data of users who consult it. This is an informative notice that is also made pursuant to art. 13 of Regulation (EU) 679/2016 – to those who interact with the web services of Comdata S.p.A. accessible electronically from the address: https://www.comdatagroup.com corresponding to the home page of the official website of the Comdata Group. The information notice is provided only for the Comdata Group website and not for other websites that may be consulted by the user through links. The information notice is also inspired by Recommendation No. 2/2001 that the European authorities for the protection of personal data – gathered in the working group so-called Article 29 of Directive No. 95/46 / EC, adopted on May 17, 2001 – to identify the minimum requirements for the collection of personal data online and, in particular, the methods, times and nature of the information that the data controllers must provide to users when they link to web pages, regardless of the purpose of the link.
Data controller and data processor
The Controller for the personal data collected through this website is Comdata S.p.A. (hereinafter “Comdata” or “Controller”), with registered office at Via Caboto 1 Corsico (MI), Italy, the company that designed the website, manages it and decides its configuration and development including on the basis of its business activity and services.
The personal data collected through the website may also be processed by third parties, including Companies within the Comdata Group or service providers acting on behalf of Comdata as Data Processors, who shall process the data in compliance with the purpose for which they were collected.
Necessary and essential data
Through this website we collect and store personal data only when this is essential to attain the purposes declared in the Policy or in the single policies published on the website in connection to data collection forms. Users can navigate the website without registering or being identified. The website is designed so as to respect the users’ anonymity. Our policy is to avoid collecting personal data when the purposes pursued in each single case can be attained by using anonymous data (such as, for instance, in conducting statistical aggregate analyses of website navigation, through web analytics tools, without analysing single users’ navigation traces).
Methods of processing and security measures
Users’ personal data shall be processed through automated means for the time and to the extent necessary to attain the single purposes for which they are collected.
The Comdata website is protected from potential cyber-attacks and unauthorised accesses by appropriate security measures, aimed at ensuring the integrity, confidentiality, and availability of the data of the users who navigate the website.
In spite of the steps taken to ensure an appropriate level of security, Comdata cannot guarantee to its users that the measures adopted to protect its website and the transmission of data and information will completely exclude every risk of unauthorised access or loss of data. Users are invited to verify that their computer or other device (e.g., smartphone or tablet) is equipped with appropriate technological tools to protect the transmission of data over the Internet, including outgoing and incoming data (e.g., by using updated antivirus systems), and that their Internet provider has adopted appropriate security measures to protect the transmission of data over the Internet.
Purposes of processing
The personal data shall be processed to:
- reply to the users’ requests for information and materials; in relation to this purpose, it is specified that the controllership for the data processing belongs to the Comdata Group Company to which the request was made, if this request is not addressed to Comdata S.p.A., the latter will only communicate to this Company the request and the data necessary for its management;
- enable the newsletter service requested by users;
- allow users to contact the Group’s Companies sale departments; in relation to this purpose, it is specified that the controllership for the data processing belongs to the Comdata Group Company to which the request was made, if this request is not addressed to Comdata S.p.A., the latter will only communicate to this Company the request and the data necessary for its management;
- enable the assessment of job applications submitted by users, and contact said users where necessary. As to this last purpose, please be aware that for the processing of the applicants’ data, the Controller is the Comdata Group company with registered offices in the country where the position applied for is offered; if this request is not addressed to Comdata S.p.A., the latter will simply communicate to this Company the request and the data necessary for its management;
- comply with obligations of law.
Legal basis and mandatory or discretionary nature of the provision of data
For the purposes No. 1), 3) and 4), processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract, pursuant to Article 6, paragraph 1), letter b) of Regulation EU 2016/679 (hereinafter, “GDPR”). The provision of said data by users is discretionary, but without said provision the user’s requests to receive information or materials, to be contacted and to have their possible applications assessed, cannot be carried out.
Purpose number 2) finds its legal basis in Article 6, c.1 par. f) of the GDPR, the processing is based on a legitimate interest of the sending Data Controller to send its newsletter to users who request it, the newsletter is sent by email and the user can unsubscribe at any time using the appropriate button at the bottom of the mail.
The legal basis for the purpose under number 5) is found in Article 6, paragraph 1, letter c) of the GDPR, and the processing of said data, where provided, is necessary to comply with a legal obligation.
The communication by Comdata S.p.A to the other Group Companies of the personal data collected for the purposes referred to in numbers 1), 3) and 4) takes place by virtue of a legitimate interest common to all Group Companies.
Categories of data
The personal data of the users who write to Comdata are contact data (such as e-mail address and phone numbers, the data relating to the messaging sent by filling in the forms on the site, data relating to professional qualification and the data contained in the Resumes if they apply through the site).
Browsing data are data that only enable an indirect identification of a data subject and only when necessary, such as in case of a request by an authorised judge or by the police forces (e.g., data that enable to associate an anonymous user’s activities and navigation on the website to an IP address, meaning the Internet Protocol that identifies the single computer or device (i.e., a smartphone or tablet) from which the website navigation or activities were carried out).
Categories of data recipients
For the above purposes, the personal data concerning users may be shared with the following categories of recipients:
- Data Processors duly appointed by the Controller, such as persons providing services to the Controller with respect to administrative, legal, technological or other issues.
- employees and associates of the Controller, subject to confidentiality obligations;
- Group Companies to which the requests made by users for the purposes referred to in numbers 1), 3) and 4) refer;
- other entities to whom the data must be disclosed by law (such as the Public Authority).
Transfer of personal data to third countries
The users’ personal data may be disclosed to entities outside the European Economic Area.
Comdata ensures that the transfer shall be based on compliance with an adequacy decision by the European Commission, on Standard Contractual Clauses approved by the European Commission, or under the exemption referred to in Article 49, paragraph 1., lett. b) of the Regulation, adopting adequate guarantees of confidentiality and security.
Data storage period
As to the purposes under numbers 1) and 2)the personal data shall be retained for the time strictly necessary to attain such purposes, and to enable Comdata to protect its rights and interest in legal proceedings, for a period not exceeding the maximum retention time provided for under applicable legislation, which coincides with the period of limitation established for the legal actions available by law.
In relation to the purpose number 3) personal data will be kept for 3 years.
The data collected for the purpose under number 4) may be retained for a period strictly necessary to consider the candidates’ application.
In relation to the purpose number 1), 2) and 4) if the request is managed by Companies of the Comdata Group other than Comdata S.p.A., the retention times will be determined by the latter which, as an independent Data Controller, will process the personal data of users in the time strictly necessary for the pursuit of the aforementioned purposes.
With respect to the data collected for the purpose under number 5), they shall be retained for the period established for each specific obligation or provision of law applicable.
Links to third party sites
Links to other sites are not managed by Comdata which, therefore, will not be responsible in any way for the content of such sites or links. Comdata only provides links that can support the user. This does not establish any link between Comdata and the redirected site.
Access to data and exercise of data protection rights
Pursuant to Regulation (EU) 2016/679, data subjects have to right, which they may exercise at any time, to obtain confirmation of the existence of data and learn their content and origin, check whether the data are correct or request to have incomplete data completed, or to have said data updated or rectified. Data subjects also have the right to request their data to be erased, or to obtain restriction of processing; they have the right to data portability by receiving their data in a commonly used and machine-readable format, and in any case object to the processing of data concerning them.
Personal Data Protection Officer (DPO)
Anyone wishing to exercise the aforementioned rights, can write to the Data Protection Officer (DPO) designated by Comdata S.p.A. to the address of the registered office of Comdata S.p.A., or send an email to the address email@example.com. Users who have made requests addressed to Comdata Group Companies other than Comdata S.p.A., for the exercise of their rights must refer to the address of the company to which their request was addressed.
Should you become aware of any violation to your rights, you may contact the competent Supervisory Authority pursuant to Article 77 of Regulation (EU) 2016/679. You shall in any case have the right to lodge a complaint before the competent courts.
(1)Article 49, paragraph 1., lett. b) of the Regulation provides that “In the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions: … (b) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request…”.