logo GMA
logo GMA
logo GMA

Privacy policy

Pursuant to Regulation (EU) 2016/679 (“GDPR”) GMA S.r.l (“Company” or “The Controller”) provides you with the following information regarding the processing of your personal data in connection with the navigation of the website www.gma-tech.com (“Website”).

 

1. DATA CONTROLLER

We inform you that your personal data will be processed by GMA S.r.l., with registered office in via RosaAgazzi 7, Staranzano (GO), as data controller pursuant to Article 13 of the GDPR, which can be contacted atthe email address info@gma-tech.com.

 

2. PURPOSE OF PROCESSING AND LEGAL BASIS

Your personal data shall be processed by the Data Controller for the following purposes and on the followinglegal basis.

Privacy

3. CATEGORIES AND TYPES OF PERSONAL DATA SUBJECT TO PROCESSING

The personal data subject to processing belong to the following categories.

  • (I) Identification and contact details: first name, surname, age, sex, place and date of birth, nationality, address, tax code, identity documents, email, telephone number;
  • (II) Common employment data: current and previous employment, job qualifications, curriculum vitae

 

4. NATURE OF DATA PROVISION

In relation to point (vi), para. 2 of this notice, your data will be processed solely and exclusively after documenting any of your consent, if provided. In relation to points (i), (ii), (iii) and (iv), para. 2 of this notice, failure to provide the requested data may result in the Company being unable to fulfil your requests.

 

5. RECIPIENTS OF PERSONAL DATA

Within the limits relevant to the purposes mentioned above, your personal data may be disclosed to the following categories of recipients.

  • (I) Companies that provide maintenance and support services in the IT field;
  • (II) clients and suppliers, where necessary in relation to the management of the contractual relationship withthem;
  • (III) public and private bodies to which your personal data must be disclosed by virtue of regulatory provisions or pursuant to orders by the authorities;
  • (IV) authorities and/or persons to whom the right to access such data is granted by law or secondary or EU regulations;
  • (V) natural persons authorised by the Data Controller pursuant to Articles 29 of the GDPR and 2- quaterdecies of Leg. Dec. 196/2003, by reason of the performance of their work duties;
  • (VI) other parties whose intervention is necessary for the achievement of the above purposes, also in their capacity as Data Processors pursuant to Art. 28 GDPR.

 

6. DATA PROCESSING METHODS

Your data are processed lawfully and fairly in pursuit of the above-mentioned purposes and in accordance with the essential principles laid down in the applicable legislation. Personal data may be processed using manual, computerised or telematic means, but in all cases in accordance with technical and organisational measures able to guarantee security and confidentiality, above all in order to reduce
the risks of destruction or loss, even accidental, of data, unauthorised access, or processing that is not permitted or infringes the purpose of collection.

All persons who are part of the corporate structure who carry out processing activities under the authority of the Data Controller are duly designated pursuant to Art. 29 GDPR and Art. 2-quaterdecies of Leg. Dec. 196/2003, while any person outside the organisation who carries out processing activities on behalf of the Data Controller is appointed as a Data Processor pursuant to Art. 28 GDPR.

Each person acting under the authority of the Data Controller and each Data Processor shall receive appropriate security measures from the Data Controller in order to be able to guarantee the security of personal data and the assumption by such persons of appropriate obligations of confidentiality.

 

7. STORAGE OF PERSONAL DATA

Your personal data shall be kept for as long as strictly necessary to achieve the purposes for which they are collected, in compliance with the principle of storage limitation under Art. 5, para. 1(e) GDPR and will subsequently be deleted. In particular, we hereby inform you that your personal and demographic data for the purposes set out under (vi), para. 2 of this notice, shall be retained for 24 months from the time you give your consent. Furthermore, data processed for the purposes referred to in (iii), para. 2 of this notice, shall be retained for a maximum period of 6 months

 

8. RIGHTS OF THE DATA SUBJECT

We inform you that you may exercise the following rights.

  • Access to your personal data, the right to obtain confirmation from the Data Controller that personal data are or are not being processed and thus receipt of information on i. the purposes of the processing, ii . the categories of personal data processed, iii. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients from third countries or international organisations, iv . the applicable retention periods or the criteria for determining the retention periods, v . the right to lodge a complaint with a supervisory authority, vi. if the data are not collected from you, all available information on their origin, vi. the existence of an automated decision-making process, including profiling,
    as well as information on the logic used and the expected consequences of such processing, pursuant to Art. 15 GDPR;
  • the right to obtain without delay the rectification and/or integration of inaccurate personal data concerning you, pursuant to Art. 16 GDPR;
  • (III) the right to obtain the deletion of personal data concerning you if i . the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, ii. the data are processed unlawfully, iii . You have revoked the consent on the basis of which the Data Controller was entitled to process the data and there is no other legal basis for the Data Controller to process the data, iv. You have objected to the processing and there is no overriding legitimate reason to proceed with the processing, v . the personal data must be deleted to fulfil a legal obligation. The Company, however, has the right to disregard the request to exercise the aforementioned rights to erasure if this is necessary for the exercise of a legal obligation or the performance of a task carried out in the public interest or to defend its own right in court, pursuant to Art. 17 GDPR;
  • (IV) the right to obtain the restriction of processing of your personal data i. You have contested the accuracy of personal data concerning you, for the period necessary for the Data Controller to verify the accuracy of such personal data, ii . in case of unlawful processing of personal data, if you object to their deletion, iii. in the event they are necessary for the establishment, exercise or defence of a legal claim, iv. for the period necessary to verify whether the legitimate reasons of the Data Controller prevail over your request to object to the processing, pursuant to Art. 18 GDPR;
  • (V) the right to request the portability of the data that you have provided to the Data Controller, i.e., to receive them in a structured, commonly used and machine-readable format, including for the purpose of transmitting such data to another data controller, without hindrance from the Data Controller itself, pursuant to Art. 20 GDPR;
  • (VI) to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on the legitimate interests of the Data Controller. In this case, the Data Controller shall refrain from further processing your personal data unless it demonstrates the existence of compelling legitimate grounds for processing that override your interests, rights and freedoms or for the establishment, exercise or defence of a legal claim, pursuant to Art. 21 GDPR;
  • (VII) the right to withdraw any consent given at any time

 

To exercise these rights, you may contact the Data Controller using the contact details provided in para. 1 above.

Moreover, if you believe that the processing of your personal data by the Data Controller is in breach of the provisions of the Data Protection Act, you have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it), pursuant to Art. 77 GDPR, or to take appropriate legal action pursuant to Art. 79 GDPR.