Privacy Policy: Data Protection and Users’ Rights with GDPR

Dear User,

According to Article 13 of EU Regulation No. 2016/679 (hereinafter “GDPR”), we inform you that the processing of the data you provide will be carried out in a manner and according to procedures aimed at ensuring that the processing of personal data is done in compliance with the fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality and security, personal identity, and the right to the protection of personal data.

Please note that “processing” refers to any operation or set of operations, carried out with or without the aid of automated processes, applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, communication through transmission, dissemination, or any other form of making available, comparison or interconnection, restriction, erasure, or destruction (Article 4 GDPR).

1. Object of the Processing

The data processed by Cooperjob S.p.A. refers to:

• Automatically Collected Data: The IT systems and applications dedicated to the operation of this website detect, during their regular operation, some data (the transmission of which is implicit in the use of internet communication protocols) potentially associated with identifiable users. The collected data includes IP addresses and domain names of computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters regarding the operating system, browser, and the IT environment used by the user. This data is processed for the time strictly necessary, solely to obtain statistical information on the website’s usage and ensure its proper functioning. Providing such data is mandatory as it is directly linked to the browsing experience.

• Data Provided Voluntarily by the User: The processing of data provided by you through the completion of collection forms is subject to your explicit and unequivocal consent. On the contrary, the voluntary submission of emails to our email addresses does not require additional notifications or consent requests.

• Cookies: The site uses first-party technical cookies; for third-party cookies, please refer to the specific policy, which may collect users’ browsing data. The provision of this data is optional and occurs through the expression of free and informed consent. Cookies are used to analyze the effectiveness of the site and make it more intuitive and user-friendly over time. For more information, a dedicated cookie policy is available.

2. Legal Basis for Processing

The legal basis for this processing is (i) your explicit and unequivocal consent (under Article 6.1(a) of the GDPR) and (ii) the legitimate interest of the Data Controller (under Article 6.1(f) of the GDPR).

3. Purpose of the Processing

Personal data is processed solely to improve your browsing experience.

4. Processing Methods

The personal data you provide will be processed in compliance with the above-mentioned regulations and the confidentiality obligations to which the Data Controller’s activity is inspired. The data will be processed both with IT tools and on paper supports, and other suitable types of media, by the adequate security measures as per Article 5, paragraph 1, letter F of the GDPR.

The processing is limited to the following operations and methods:

• Collection of data from the data subject;
• Registration and processing on computerized support;
• Organization of archives in predominantly automated form.

The data in question will not be subject to dissemination but may be communicated to public or private entities operating within the scope of the purposes described above.

5. Data Retention

The collected navigation data will only be processed for the duration of the browsing session (“data retention limitation principle,” Article 5, GDPR).

6. Access to the Processing

The data will be made accessible for the purposes described in point 3:

• To employees/collaborators in their capacity as authorized to process the data, upon suitable appointment;
• To third parties in contractual relationships with the Data Controller.

7. Data Communication

The data will not be communicated to unauthorized third parties or disseminated in any way. For this purpose, the processing is carried out using appropriate security measures to prevent unauthorized access by third parties and ensure confidentiality.

Without the need for explicit consent, the Data Controller may communicate your data for the purposes of point 2 to collaborators and external parties responsible for carrying out processing operations.

8. Data Transfer

The management and storage of personal data will take place on servers located within the European Economic Area of the Data Controller and/or third-party companies duly appointed as Data Processors.

The data will not be transferred outside the European Economic Area.

9. Nature of Data Provision and Consequences of Refusal

The provision of data for point 3 is mandatory. Without it, it will not be possible to proceed with browsing this site.

10. Rights of the Data Subject

According to the provisions of the GDPR, the data subject has the following rights against the Data Controller:

• To obtain confirmation whether personal data concerning them are being processed and, if so, to access the personal data (Right of access Article 15);
• To obtain the rectification of inaccurate personal data concerning them without undue delay (Right to Rectification Article 16);
• To obtain the erasure of personal data concerning them without undue delay, the Data Controller is obliged to erase personal data without undue delay if certain conditions are met (Right to be Forgotten Article 17);
• To obtain restriction of processing in certain circumstances (Right to restriction of processing Article 18);
• To receive the personal data concerning them in a structured, commonly used, and machine-readable format and have the right to transmit these data to another Data Controller without hindrance from the original Data Controller, in certain cases (Right to data portability Article 20);
• To object at any time, for reasons related to their particular situation, to the processing of personal data concerning them (Right to object Article 21);
• To receive without undue delay communication of any personal data breach suffered by the Data Controller (Article 34);
• To withdraw their consent at any time (Conditions for consent Article 7).

Where applicable, the data subject also has the rights under Articles 16-21 of the GDPR (Right to Rectification, Right to be Forgotten, Right to Restriction of Processing, Right to Data Portability, Right to Object), as well as the right to complain with the Supervisory Authority.

11. Exercise of the Rights

Send an email to the dedicated address privacy@cooperjob.eu.

12. Data Controller and Data Protection Officer

The Data Controller is Cooperjob S.p.A. – VAT No. 02558070211 – Via Ermanno Barigozzi, 24, Milan.

The list of Data Processors and those authorized to process data can be consulted at the above-mentioned Data Controller’s office.

The Data Protection Officer (DPO) is the company Frareg S.r.l. – Viale Jenner 38 – 20159 Milan, reachable via the following contact details:

• Email: dpo@frareg.com
• Phone: 0269010030

13. Update of this Notice

This notice may be subject to changes. Any substantial modifications will be communicated to the data subjects through notice or publication on the company’s website.