The data supplied to Bugnion S.p.A., via the website at (www.bugnion.eu) hereafter the “Website”) when using services supplied by Bugnion S.p.a. (hereafter “Services”), shall be processed in compliance with personal data protection legislation. Bugnion informs users of the following.

1. Data Controller

1.1. The Data Controller of personal data is Bugnion S.p.a (hereafter “Bugnion” or “Data Controller”), VAT number and tax code no. 00850400151 with its registered office in Milan via Lancetti 19, registered with the Chamber of Commerce of Milan, no. 780133, e-mail [email protected], fax. +39 0432510784 , tel.+39 0432510779.

2. Nature of the data processed and purposes of the processing

2.1. The personal data processed are exclusively of user who has reached the age of majority, where personal data is defined as any information on a physical person who is identified or may be identified, either directly or indirectly through reference to any other information.

The data processed are i) the data provided by the user to the Data Controller through the compilation of forms prepared for this purpose, such as name, e-mail address, residence address, phone, fiscal code, as well as data that the user will provide voluntarily in the information request ii) the data collected by Bugnion when browsing the Website, such as  IP address, information obtained through cookies iii) the data provided by the user to the Data Controller when submitting his/her application for employment opportunities offered by Bugnion itself on the relevant section of the Website, such as biographical data (name, surname, sex, date of birth, nationality, postal address, telephone number, e-mail address), data regarding user’s education, professional experience, IT skills and knowledge of languages iv) the data provided by the user in other occasions of contact with the Data Controller.

2.2 The data will be used for the following purposes:

A) for the performance of the Services requested, for the conclusion of agreements, for the fulfilment of obligations under the law and EU regulations or legislation, as well as for exercising rights before the Courts;

B) for the promotion, via e-mail and paper-based mail, telephone calls with an operator, sms, mms of commercial proposals related and/or connected to Bugnion;

3. Obligatory/optional nature of providing data

3.1 Providing the data requested at the time of activation of Services for the purposes identified in the sections 2.2A above is mandatory, as it is strictly functional for providing the Services requested, concluding agreements and meeting legal obligations. Refusal to supply data will make it impossible for Bugnion to complete the process of providing the Services requested and/or concluding agreements and/or meeting legal obligations.

3.2 Providing the data requested at the time of activation of the Services for the purposes identified in section 2.2B above is optional.

Refusal to consent to the purposes of section 2.2B will have no effect on the providing of Services. Users will be able to use Bugnion’s Services anyway.

Users may object to processing for the purposes identified in section 2.2B either right away, by not giving their consent while activating the newsletter Service or at a later time, by sending an e-mail to [email protected].

4. Processing methods

4.1 Users’ data will be collected on line during the activation of the Services requested, by comparing items of parts of items of information, or through use of the e-mail service.

4.2 Users’ data will be processed through registration, consultation, communication, storage and deletion operations conducted primarily using electronic tools and manually, ensuring that appropriate measures are taken to protect the security and guarantee the confidentiality of the data processed.

4.3 Users’ data, stored in electronic/magnetic/digital form, are stored and filed on a server located in Italy; personal data stored in paper form shall be filed in specific registers and/or records whose conservation shall be guaranteed by placing the latter in specific containers, stored in suitable premises. Bugnion declares that data registered on its server and/or in suitable premises are protected against the risk of intrusion and unauthorized access, and that it has taken appropriate security measures to ensure the integrity and availability of data and protect areas and places for data storage and accessibility.

4.4 Personal data will be processed by Bugnion employees and/or collaborators acting as data processors or persons in charge of the processing, in the context of their respective functions and in accordance with the instructions given by Bugnion.

5. Data disclosure

5.1 Users’ personal data may be disclosed to certain parties appointed by Bugnion to provide the Services requested  and to meet legal obligations.

Data may be disclosed to:

a) people delegated or instructed by Bugnion to carry out activities or part of activities related to the provision of the requested Services and any other external collaborator whose communication is necessary for the correct completion of the Services;

b) Public Authorities in the performance of their institutional functions, within the limits set by laws and regulations.

Users’ data will not be disseminated.

6. Users’ rights

6.1 User (hereafter “data subject”) is entitled to obtain confirmation of the presence of his personal data and the purposes for which the data are processed at any time. User is also entitled to request updating, correction, deletion or blocking of data and to refuse its use, entirely or in part.

6.2 Users’ rights are listed below. Specifically:

6.2.1 A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information.

6.2.2 A data subject shall have the right to be informed of:

a) the identity and the contact details of the controller and, where applicable, of the controller’s representative;

b) the contact details of the data protection officer, where applicable;

c) the categories of personal data, their source, the purposes of the processing for which the personal data are intended, as well as the legal basis for the processing;

d) the legitimate interests, if any, pursued by the controller or by a third party;

e) the recipients or categories of recipients of the personal data, if any;

f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organization and the existence or absence of an adequacy decision by the Commission, or reference to the appropriate or suitable protections and the means by which to obtain a copy of them or where they have been made available.

6.2.3 In addition to the previous information, the controller shall provide the data subject with the following further information:

a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

b) the existence of the right to request from the controller access to and rectification or deletion of personal data or restriction of processing concerning the data subject or to refuse the processing as well as the right to data portability;

c) where the processing is based on the users’ consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

d) the right to lodge a complaint with a supervisory authority (data protection Authority);

e) whether the communication of personal data is a legal or a contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data;

f) the existence of automated decision-making, including profiling, and, in those cases where the latter automated decision-making process produces legal effects concerning him/her or similarly significantly affects him/her, relevant information about the logic involved, as well as the significance and the consequences of such processing for the data subject.

6.2.4 The data subject shall have the right to object, at any time, to processing of personal data concerning him or her:

a) on grounds relating to his or her particular situation, including profiling;

b) where personal data are processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

6.2.5 The data subject shall have the right to:

a) obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement;

b) receive the personal data concerning him or her, which he or she has provided to Bugnion, in a commonly used electronic form and in an easily legible manner, and have the right to transmit those data to another controller without interferences;

c) obtain from the controller the deletion of personal data concerning him or her and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

– the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

– the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

– the personal data have been unlawfully processed;

– the personal data have to be erased in order to comply with a legal obligation under European Union law or Member State law to which the controller is subject;

d) obtain from the controller restriction of processing.

6.3 To exercise the above mentioned rights and receive information on parties to whom the data are disclosed, or parties who may become aware of data while acting as data processors or persons in charge of the processing, the users may contact Bugnion, by sending a request using the contact details provided above.

The controller shall provide the information related to the action taken on a data subject’s request without undue delay and no later than one month after having received the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any extension within one month after having received the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

7. Duration of processing

7.1 Personal data will be processed with regard to the purposes mentioned in sections 2.2.A, for no longer than the period necessary for the performance of Services required, and for the time necessary for the fulfilment of current civil, fiscal and tax obligations.

7.2 Personal data will be processed with regard to the purposes mentioned in section 2.2.B (marketing/promotional activities) for no longer than 24 months starting from the date in which the consent to the processing of personal data was given.

7.3 At the end of the data processing period, the data will be deleted or permanently rendered anonymous.

8. Legal basis for the processing

8.1 The legal basis for the processing shall be constituted in accordance with the user’s consent, the compliance with a contractual requirement and the legal provisions.

9. Updating of Privacy Policy

9.1 This Privacy Policy is subject to occasional revision. Bugnion will notify users when changes are made to data processing conditions by publishing the amendments on the Website. If required under current legislation, users will have the option to consent to any new data processing. If the user refuses, his or her data will not be processed according to the changes of the new privacy policy.

10. Transfer to non-EU countries

10.1 Personal data shall not be transferred to non-EU countries.