1. Data Controller and contact details
The Data Controller is IRON LYNX S.R.L, with registered office in Via Civinelli, 950 – 47522, Cesena (FC), P.IVA 04345820403, hereinafter also “Data Controller” or just “Controller”.
2. Personal data subject to processing
b. Data provided on a voluntary base:
- personal data provided by the User in e-mails sent to the e-mail addresses that he/she can find on the “Contact Us” section of the Website (email@example.com and firstname.lastname@example.org), and/or provided for any requests for information and/or clarifications;
- e-mail address provided by the User for marketing purposes, and typed in the designated box on the “Stay Updated” section, which is present on each page of the Website;
- personal data provided by the User (i.e., name, surname, e-mail address, CV, and telephone number) while fulfilling the form “Send your application” that he/she can find on the “Work with us” section.
3. Purposes and legal basis of the processing
The following table provides the purposes and legal basis concerning the processing of the above-mentioned personal data:
|Providing feedbacks to any requests for information sent and/or clarifications functional also to any requests to exercise the rights of the User.||The implementation of pre-contractual measures taken at the User’s request and/or the contract to which the User is a party [art. 6 (1)( b), of the GDPR].|
|Complying with legal obligations to which the Data Controller is bound, included to respond to any requests to exercise the User’s rights as a data subject under current data protection legislation.||The compliance with legal obligations to which the Data Controller is bound [Article 6(1)(c) of the GDPR].|
|Pursuing marketing purposes, notably to send the User promotional newsletters, commercial or advertising communications. Marketing activities are carried out only through e-mails and the personal data of the User will not be profiled and/or communicated to third parties for marketing purposes.||The data subject’s consent to process the User’s personal data [art. 130 of Legislative Decree No. 196/2003 (so-called “Italian Privacy Code”) – art. 6, (1)(a), of the GDPR].|
|Verifying any fraudulent or illegal use of the Website in general and ensure its security and functionality in the interest of the Users and the Data Controller.||The legitimate interest of the Data Controller and the Users themselves to prevent or identify any fraudulent or otherwise illegal use of the Website.|
|Carrying out research/statistical analysis on aggregate or anonymous data, without therefore being able to identify the User, to measure traffic and assess usability and interest with respect to the Website.||The legitimate interest of the Controller to verify the usability and appeal of the Website.|
|Ascertaining, exercising, or defending legal claims or whenever courts are acting in their judicial capacity.||The legitimate interest to ascertain, exercise, or defend legal claims or whenever the courts are acting in their judicial capacity [art. 6(1)(f) of the GDPR].|
4. Consequences of failure to provide personal data
Failure to provide the personal data, in whole or in part, may determine the impossibility to respond to any requests for information and/or clarification and/or requests to exercise the rights of the User.
5. Methods of personal data processing
Personal data are processed with manual and/or paper-based and/or computer-based and/or telematic instruments and/or supports, in any case in such a way as to guarantee their security and confidentiality.
To this end, the Data Controller has adopted and implements security measures, both technical and organisational, appropriate to the level of risk related to the processing of personal data carried out.
In particular, the Website functionality is provided on HTTPS encrypted connection and personal data are collected, filed, and stored on secure servers, protected by firewalls, and physically located within the European Union.
6. Recipients of personal data
The personal data of the User may be shared, for the purposes set out in paragraph 3 above, with:
- employees or other types of collaborators of the company authorized by the Data Controller to process those personal data pursuant to and for the purposes of Article 29 of the GDPR and Article 2-quaterdecies of the Italian Privacy Code and who have received specific instructions on how to process the data in accordance with the Applicable Law;
- companies, consultants or professionals who may be entrusted with the maintenance and updating of the Website (i.e., web agencies or marketing agencies) and, in general, management of the Data Controller’s hardware and software, including providers of cloud computing services and who typically act as data controllers pursuant to and for the purposes of Article 28 of the GDPR;
- Public Authorities to whom, in their capacity as independent data controllers, it is mandatory to disclose the personal data of the User by virtue of legal provisions or orders of the authorities;
- law firms, associated firms, consultants, or professionals (e.g., legal, administrative and/or tax consultancies) who may be appointed to support the Data Controller in order to ensure the correct fulfilment of the legal obligations with which he is required to comply; the ascertainment, exercise or defence of a right in court or whenever the jurisdictional authorities exercise their jurisdictional functions.
7. Transfers to non-EU countries and/or organisations
The Data Controller’s hosting provider’s servers are located within the European Union. Some of the Data Controller’s suppliers or the servers of such suppliers, however, may be located in countries outside the EU. In particular, one of the Data Controller’s suppliers is Mailchimp, which is located in the United States of America. Mailchimp contractually commits to transfer and process all its users’ European data in compliance with the latest version of Standard Contractual Clauses (the “SCCs”). The SCCs automatically apply in accordance with Mailchimp’s Data Processing Addendum.
For more information about how Mailchimp transfers European data, visit https://mailchimp.com/help/mailchimp-european-data-transfers/.
For more information the User can contact the Data Controller at the following e-mail address email@example.com.
8. Period of retention of personal data
The personal data of the User will be retained for a period not exceeding the fulfilment of the above-mentioned purposes for which they are processed.
With regard to the processing of personal data for marketing purposes, these data will be kept for a period of 24 months from the moment the User provided the consent to process his/her personal data for marketing purposes.
9. Rights of the data subject
We inform the User that, as the data subject, he/she is entitled:
- to receive confirmation as to whether or not his/her personal data are being processed and, if so, to obtain access to them and to a range of relevant information, including, by way of example, information concerning : a) the purposes of the processing; b) the categories of personal data that are subject to processing; c) the entities or categories of entities to whom or which the personal data have been or will be communicated; d) the storage period of the data or, if that is not possible, the criteria used to determine that period; e) the source of the personal data, if they have not been provided by you;
- to request and obtain the updating of personal data, the rectification of inaccurate data or, when needed, the integration of incomplete data;
- to request and obtain the erasure of personal data if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the User objects to the processing carried out on the basis of a legitimate interest of the Controller and there is no overriding legitimate reason to continue the processing; c) the personal data have been processed unlawfully; d) the personal data must be erased by the Controller in compliance with a legal obligation;
- to request and obtain the restriction of processing in the event of: (a) contestation of the accuracy of his/her personal data for the time necessary for the Data Controller to carry out the requested verifications; (b) unlawful processing of data by the Data Controller, if the User objects to the deletion of the data and instead requests the restriction of its use; (c) ascertainment, exercise or defence of a right of the User in court, although the Data Controller no longer needs the data for the purposes of processing; (d) awaiting the outcome of the verification as to whether the Data Controller’s legitimate reasons prevail over those of the data subject;
- in cases where the processing of personal data is based on a contract and is carried out by automated means, to request and receive in a structured, commonly used and machine-readable format his/her personal data and, if technically feasible, to obtain the direct transmission of them by the Controller to another controller;
- to object, in whole or in part, on legitimate grounds relating to the User’s particular situation, to the processing of personal data concerning the User, even though they are relevant to the purpose of collection;
- in cases where the processing of personal data is based on the consent, to withdraw, at any time, the consent given; the withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal;
- to file a complaint with the Italian Data Protection Authority pursuant to Article 77 of the GDPR and Articles 140-bis et seq. of the Italian Privacy Code.
10. Ways of exercising rights of the data subject
As data subject, the User may exercise the above-mentioned rights at any time by sending an e-mail to the following e-mail address: firstname.lastname@example.org.
If the User wishes to lodge a complaint, he/she may use the forms available on the website of the Italian Data Protection Authority.
Last Update: 27/10/2022