EASYHOUR SRL ( hereinafter, the "Owner"), as the Data Controller, pursuant to art. 13 of EU Regulation 679/2016 (hereinafter, the " Privacy Regulation "), and subsequent amendments and additions, collects and subsequently processes personal data of its Customers and Suppliers (hereinafter, the " Data Subject ").
1. Purposes and methods of processing.
The personal data of the interested party are processed within the normal activity of the Data Controller, for the pursuit of the following purposes:
correct and complete execution of the obligations of the contractual relationship put in place (hereinafter, the " Contract ");
administrative and accounting obligations strictly connected to the Contract;
fulfillment of specific obligations established by law, by a regulation or by community legislation (for example, those envisaged in the field of "anti-money laundering");
updating of the interested party on promotional and marketing initiatives, including by sending advertising and / or promotional material (for example, newsletters), using automated tools and / or traditional methods of contact.
The processing of personal data takes place, under the authority of the Data Controller, by persons specifically appointed, authorized and instructed in the processing pursuant to art. 29 of the Privacy Regulation, using manual, IT or telematic tools, with logic strictly related to the purposes and in any case in order to guarantee the confidentiality and security of personal data. The processing of personal data may also take place, on behalf of the Data Controller, by specifically designated Data Processors pursuant to art. 28 of the Privacy Regulation.
Personal data will be kept for a determined period on the basis of criteria based on the nature and duration of the Contract and on the needs to protect the interests of the interested party.
2. Legal basis of the processing, nature of the provision and consequences of any refusal, consent of the interested party.
2.1) Purposes referred to in paragraph 1, points 1., 2. and 3 above.
With reference to the purposes referred to in paragraph 1, points 1., 2. and 3. above, the provision of personal data is mandatory and is a necessary requirement for the execution of the Contract; in fact, failure to provide it determines the impossibility of receiving the service covered by the Contract itself and, therefore, the legal basis of the related processing is the correct execution and management of the Contract.
2.2) Purposes referred to in paragraph 1, point 4 above.
With reference to the purpose referred to in paragraph 1, point 4 above, the provision is optional and failure to provide the relative consent only makes it impossible to receive updates on promotional and marketing initiatives, including by sending advertising material and / or promotional (for example, newsletters).
3. Subjects or categories of subjects to whom the personal data may be communicated and scope of communication.
In relation to the purposes of the processing indicated above, and within the limits strictly pertinent to the same, the personal data of the interested party will be or may be communicated to the following categories of subjects:
(i) to the financial administration and other public authorities, where required by law or at their request;
(ii) to credit institutions for payment orders or other financial activities instrumental to the execution of the Contract;
(iii) to the structures and / or external companies of which the Data Controller uses, responsible for carrying out activities connected, instrumental or consequent to the execution of the Contract
(iv) to external consultants (for example, for the management of tax obligations), if not designated in writing as Data Processors;
(v) to external subjects who exercise control activities, such as auditing company, board of statutory auditors, supervisory body;
(vi) to factoring companies and / or specialized companies or law firms for credit recovery and / or for the protection of their interests / rights;
The aforementioned subjects, to whom the personal data of the interested party will be or may be communicated (as they have not been designated in writing as Data Processors), will process the personal data as Data Controllers pursuant to the Privacy Regulation, in full autonomy, being unrelated to the original processing performed by the Data Controller.
The updated list of the indicated subjects and the data processors can be provided upon request by the interested party.
The data of the interested party will not be disseminated.
If this is necessary for the performance of the Contract, the personal data of the interested party may be transferred to countries belonging to the EU and / or to countries not belonging to the EU, in full compliance with the provisions of the Privacy Regulation, the provisions and decisions of the Privacy Guarantor on the subject, as well as by community legislation. In particular, the Data Controller undertakes to comply with the provisions set forth, respectively, by the decisions 2001/497 / EC, 2004/915 / EC and 2010/87 / EU (depending on the specific case), which require the signing of so-called . "Standard contractual clauses" between the legal entities involved in the processing of data outside the EU.
4. Rights of the interested party.
Articles 15 and ss. of the Privacy Regulation give the interested party the right to obtain:
confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form;
the indication of the origin of personal data, of the purposes and methods of treatment, of the logic applied in case of treatment carried out with the aid of electronic instruments, of the identification details of the owner;
the updating, rectification, integration, cancellation, transformation into anonymous form or blocking of data processed in violation of the law (including those that do not need to be kept for the purposes for which the data are collected or subsequently processed). The attestation that these operations have been brought to the attention of those to whom the data have been communicated or disseminated (also as regards their content), except in the case in which this fulfillment proves impossible or involves a manifestly disproportionate use of means with respect to the protected right.
The interested party also has the right:
to revoke at any time the consent given to the processing of personal data, where provided (without prejudice to the lawfulness of the processing based on the consent given before the revocation);
to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
to object, in whole or in part, to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
to lodge a complaint with the Guarantor for the protection of personal data in the cases provided for by the Privacy Regulation;
to the portability of personal data within the limits of art. 20 of the Privacy Regulation.
5. Levels of access
The data entered in the system will be visible to other users of the same company based on their access level. Specifically, the following roles are distinguished:
Administrator: Has full read and write access to the system
Reporter: has read-only access to all data
Project Manager (PM): has access to time management and absences (excluding details of the type of absence), limited to employees working on managed projects
HR Manager (HR): has access to absences (including details of the type of absence, such as "law 104 permit" or "sickness"), limited to the people for whom he or she is directly superior.
As per the Regulations, the accuracy and updating of the data will be checked, including their timely cancellation of those that may be inaccurate with respect to the purposes of the processing; the retention of the aforementioned data is to be considered limited only to the time necessary for the purposes for which the processing was carried out, i.e. the duration of the EasyHour license purchased.
To know the detailed and constantly updated list of the subjects to whom the personal data of the interested party may be communicated and to exercise the rights referred to in Articles. 15 and ss. of the Privacy Regulation, the same can contact the Data Controller:
Via Aurora Fornaciari, 10
41043 Formigine (MO)
Pursuant to art. 4 of the Privacy Regulation, "personal data" means: "any information concerning an identified or identifiable natural person (" interested party "); the natural person is considered identifiable who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social ".