This information is provided pursuant to article 13 of Regulation EU 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2018 to data subjects (hereinafter referred to as Users) who interact with the Novation Tech spa website, which can be assessed electronically at https://novationtech.com, the website’s home page.
This Privacy Policy describes how the company’s official website is managed and no other external websites which may be consulted by Users through links.
Additional information may be provided within different access channels, divided on the basis of the topics covered. Other Privacy Policies may be published on the website in relation to specific services.
Data controller:
The data controller is
Novation Tech spa,
VAT no. IT 04339720262,
with registered office in Via Feltrina Sud 172
31044 – Montebelluna (TV), Italy
Contact details: gdpr@novationtech.com / novationtech@pec.it
| Purposes of the processing | Legal basis for processing | Data retention period |
| Administrative and accounting activities in general and to fulfil legal obligations, regulations and applicable national and supranational legislation | Fulfilment of legal obligations | Duration of the contract and for a period of 10 years after termination |
| If necessary, for the establishment, exercise or defence of legal claims against the Data Controller in court; | Legitimate interest | For the entire duration of the same, until expiration of the term for enforcing appeal actions |
| To contact and send you information you requested | Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (article 6(1)(b) of the Regulation GDPR) | Time needed to provide feedback |
| Recruitment in the “Careers” section | Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (article 6(1)(b) of the Regulation GDPR)
Article 9 paragraph 2 GDPR or (where the CV also contains special categories of data – formerly sensitive data) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the Controller or of the data subject in the field of employment and social security and social protection law |
Data collected in this section may be retained for a period ranging from one (“basic” profiles) to two years (“top” profiles) |
| Sending, by email, information (“newsletters”) about the company to those who explicitly request it by entering the data requested in the data collection form. Registration will allow the Controller to manage the information and answer any requests you may make, including cancellation | Performance of a contract to which the data subject is party | The collected data will be retained until you unsubscribe from the newsletter. After this period has expired, your data will be destroyed or rendered anonymous in accordance with the technical procedures for data erasure and backup |
| After the aforesaid detention periods have expired, your data will be destroyed, erased or rendered anonymous in accordance with the technical procedures for data erasure and backup. | ||
Type of data processed and methods of collection
Navigation data – log files
The Data Controller would like to inform Users that the Google Chrome browser has an incognito browsing mode which does not save the Chrome browsing history of the sites visited or cookies on the device after all the incognito browsing windows have been closed.
It is therefore possible to access the website without the User being asked to provide any personal data.
During their normal operations, the IT systems and applications used to operate this website acquire some data (whose transmission is implicit in the use of Internet communication protocols) which are not associated with directly identifiable users. The data collected include the IP addresses of users who connect to the site, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request and the numerical code indicating the status of the response provided by the server (successful outcome, error, etc.) and other parameters relating to the user’s operating system and IT environment.
This information does not include the User’s personal data and
- is not collected to be associated with identified individuals but is of a technical and IT nature. It is collected and used in an aggregate and anonymous manner to verify the site is working correctly and monitor security;
- helps improve the quality of the service and provide statistics on website use;
- may be used to ascertain liability in the case of hypothetical IT crimes against the website
The Controller would also like to inform Users that the site uses Google Maps to help any Users who may wish to visit its headquarters and/or production sites. This function can use NID cookies, which expire after 6 months, and PREF cookies, which expire after 2 years (to find out more, click here: https://policies.google.com/technologies/product-privacy?hl=it&gl=uk). Lastly, the Controller would like to point out that the site automatically anonymizes IP addresses for Google Analytics (to find out more, click here: https://support.google.com/analytics/#topic=9143232 and to disable the cookies, click here: https://tools.google.com/dlpage/gaoptout).
The site offers the User the option of selecting which cookies to accept on his first access using special flags on the banner on the landing page (and the possibility of changing consent given).
Data provided voluntarily by the user
The optional, explicit and voluntary sending of messages to the contact addresses, as well as the filling in and submission of forms on the Controller’s site, entails the acquisition of the sender’s contact details, as well as all personal information in the communications, which are needed to reply to enquires and/or provide the requested service. The Controller undertakes to process the data according to the principles of fairness, lawfulness and transparency and to ensure that confidentiality is protected as indicated in the GDPR. In any case, before activating a certain service, appropriate information will be provided and, where necessary, consent acquired to the processing of personal data. Users may withdraw their consent at any time and will therefore no longer be able to use the service in question.
Failure to give consent or withdrawal of consent will have no consequences, except that Users will be unable to use the site, receive the service requested or obtain more detailed information about the company’s activities.
In any case, personal data may be processed, if necessary, to pursue a legitimate interest of the Controller or to fulfil a legal obligations. Consent to the processing of the navigation and log data referred to in the previous section is not necessary, as this data is processed in response to a legitimate interest (recital 47 of the GDPR).
Data provision
In addition to the information given for navigation data, provision of the data subject’s personal data for the purposes described in the previous paragraph is optional. Failure to provide such data may result in not being able to use certain services provided by the website.
Methods of data processing
Personal data are processed by automated means for the time strictly necessary to achieve the purposes for which they were collected, in accordance with the principles of lawfulness, restriction of the purposes of processing and data minimization, pursuant to article 5 of the GDPR and within the mandatory times prescribed by law. Specific security measures are put into place to prevent any loss of data, unlawful or incorrect use of the data or unauthorised access to the data.
Communication and/or disclosure of the data
In compliance and within the limits of the GDPR, personal data will not be disclosed but may be communicated to companies contractually linked to the company. Personal data are stored on servers located within the European Union. It is understood that, if necessary, the Controller shall be entitled to move the servers to non-EU countries. In this case, the Controller forthwith ensures that should personal data be transferred outside the EU, this will be done in compliance with applicable laws after entering into standard contracts as envisaged by the European Commission and the User will be informed.
Data may be disclosed to third parties belonging to the following categories:
- service providers for the management of the IT system and telecommunication networks used by the company (including email services);
- firms or companies that provide assistance and consultancy services;
- competent authorities for the fulfilment of legal obligations and/or public regulations, on request;
- companies which manage marketing platforms;
- companies which offer maintenance services for websites and IT systems.
The entities belonging to the above categories perform the function of Data Processor or may operate independently as separate Data Controllers. The list of Data Processors is constantly updated and available at company headquarters.
Any further communication or disclosure of personal data shall take place only with your explicit consent.
Existence of an automated decision-making process and interaction with social media
The Controller would like to inform data subjects that this website does not feature an automated decision-making process, therefore there is no profiling system. User activity on Novation Tech’s social media platforms may be analysed by using Facebook pixel for a better understanding of the effectiveness of advertising (to find out more, click here: https://www.facebook.com/business/help/742478679120153?id=1205376682832142) and to enable advanced analysis by using LinkedIn pixel of LinkedIn Recruiter for anyone who applies for a job at Novation Tech spa (to find out more, click here: https://www.linkedin.com/help/recruiter/answer/a416364/il-pixel-di-conversione-di-linkedin-jobs-domande-frequenti?lang=it)
Minors
This website and the services provided by the Controller are not intended for minors under the age of 16 and the Controller does not intentionally collect personal information about minors. Should information about minors be accidentally recorded, the Controller shall promptly erase it at the request of the User.
Data subject rights
Data subjects have the right to receive information from the company regarding the processing of their personal data by email to: gdpr@novationtech.com / novationtech@pec.it.
- Right of access: we are fully transparent as to the data we collect and how we use them. You may contact us at any time and access your personal data we have collected by sending us an email.
- Right to rectification: you have the right to obtain the rectification of inaccurate or incomplete information and have it updated and changed.
- Right to erasure: you may send a request to have all your personal data erased and we will process your request within 30 days.
- Right to restriction of processing: you have the right to ask the Controller to restrict the processing of your data.
- Right to data portability: at your request, we will export your data so they can be transferred to third parties in a structured, commonly used and machine-readable format.
- Right to object: you may unsubscribe at any time and thus object to specific uses that we make of your personal data (newsletters, automatic emails etc.).
- Right to lodge a complaint: if you feel your rights have not been respected, you may lodge a complaint with the supervisory authority following the instructions on the site www.garanteprivacy.it or by email to urp@gpdp.it.
Users may write to the following email address for any request or to receive further information about the data processing carried out by the Controller on the website gdpr@novationtech.com / novationtech@pec.it.