PRIVACY POLICY

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

The management methods of the website www.xeniaodoc.it (hereinafter “Site”) are described here with reference to the processing of personal data of users who consult it.

This document, of a general nature, informs about the criteria for the correct processing of personal data carried out on or through the Site. The information relating to the individual services that the user will benefit from, drawn up pursuant to Article 13 of Regulation 679/2016 /EU on data protection (hereinafter “Regulation”), are available at the offices of the owner.

This information is provided pursuant to Article 13 of the General Data Protection Regulation (Regulation) to all those who interact with the web services of the Site. It does not include processing carried out on other sites possibly consulted by the user via links on the Site itself. Users are therefore invited to read this information carefully before forwarding any type of personal information.

The owner of the processing of personal data

Following consultation of this site, data relating to identified or identifiable persons (data subject from now on “user”) may be processed. The data controller of personal data is Xenia Sviluppo Documentale S.r.l. (hereinafter “data controller”). As of today, any information relating to the data controller, together with the updated list of designated managers and system administrators, can be found at the headquarters of

1. Purpose, lawfulness of processing, types of data and criteria used to determine the retention period of personal data

1.1 Browsing data

Browsing the Site involves the acquisition of some personal data whose transmission is implicit in the use of Internet communication protocols (browsing data). This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server on which the site is located, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of users. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.

The user’s personal data will be processed for the following purposes:

use of the site;

  • any statistics (e.g. most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.)
  • any checks on the correct functioning of the services offered.

The user’s personal browsing data are kept for the period necessary to achieve the purposes for which they are collected, for a period not exceeding 12 months, without prejudice to the time necessary to satisfy requests received from the Judicial Authority for defense purposes and/or state security and/or prevention, detection or repression of crimes or to satisfy requests received from the Guarantor Authority for the protection of personal data.

The lawfulness of the processing of personal data is based on the need to pursue the legitimate interest of the owner (article 6.1 letter f) of the Regulation). The provision of personal data is necessary for the correct functioning of the Site. Failure to provide them could make it impossible for the user to easily use the services offered by the owner.

1.2 Contact/information request section

The personal data provided by the user who accesses the “CONTACTS” section by sending a request in the specific form will be used for the sole purpose of performing the requested service. The optional, explicit and voluntary sending of e-mails to the addresses indicated on the Site, by its very nature, involves the subsequent acquisition of the sender’s e-mail address, necessary to respond to requests, as well as any other personal data included in the message.

The lawfulness of the processing of personal data is based on the need to execute a contract of which the user is a party or on the execution of pre-contractual measures adopted at the request of the same (art. 6.1 letter b) of the Regulation) and on the need to pursue the legitimate interest of the owner (article 6.1 letter f) of the Regulation) in responding to the requests received. The provision of personal data is optional. Failure to provide them will make it impossible for the owner to respond to the user’s requests.

1.3 Personnel search

The user’s personal data contained in the curriculum vitae, in the cover letter and possibly in the letter sent to the dedicated email address info@xeniadoc.it can be used for the search and selection of personnel for the purposes of a possible collaboration with the holder. The lawfulness of the processing of personal data derives from the execution of a contract of which the user is a party or from the execution of pre-contractual measures adopted at the request of the same and from the need to fulfill a legal obligation (State laws and regulations, legislation community) to which the owner is subject (art. 6.1 letter b) and c) of the Regulation). Any particular personal data sent on this occasion to the owner are processed to fulfill the obligations and exercise the specific rights of the data controller or the interested party in matters of employment law (art. 9.2 letter b) of the Regulation). The provision of personal data is optional. Failure to provide them will make it impossible for the owner to respond to the user and participate in the selection.

The user’s personal data are kept for the time necessary for the search/selection of personnel, or for the time necessary to manage any appeals or disputes.

2. Methods of processing personal data

The processing of the user’s personal data takes place at the headquarters of the owner, or if necessary, at the headquarters of any external managers specifically designated pursuant to art. 28 of the Regulation or to the subjects indicated in the paragraph “Communication and dissemination of personal data”. Personal data is processed with automated tools. Specific security measures are observed to prevent the loss, illicit and/or incorrect use, unauthorized access of data. The processing of personal data is carried out within the limits of what is strictly necessary for the performance of the functions for which the service is requested, excluding processing when the purposes pursued can be achieved using anonymous data or methods that allow the user to be identified only in case of necessity.

3. Communication and dissemination of personal data

Personal data, if necessary, can be communicated (with this term meaning giving knowledge of it to one or more specific subjects) to comply with the obligations established by laws, regulations or community legislation or imposed by the Authorities, who will process them in their capacity as independent data controllers. They may also be communicated to the employees/collaborators of the data for carrying out activities instrumental to the services requested and the aforementioned purposes. In the case of communication of data to the suppliers of the chosen services, they operate through data centers located in the European Union. In the event that the data is transferred outside the European Economic Area (EEA), also for the purposes of technical management of the collected data, this will take place exclusively in full compliance with the GDPR, to companies adhering to the Privacy Shield (USA) or third countries with specific guarantees of adequacy recognized by the European Commission.

In any case, personal data will not be disclosed, this term meaning making it known in any way to a plurality of indeterminate subjects.

4. Rights of the interested party (user)

At any time, the user can exercise the following rights:

  • Right to receive the personal data concerning you provided to a data controller in a structured, commonly used and machine-readable format and have the right to transmit such data to another data controller without impediments on the part of the data controller to whom he provided them;
  • Right to obtain access to your personal data;
  • Right to obtain rectification of your personal data where this does not conflict with current legislation on data retention;
  • Right to obtain the deletion of your personal data where this does not conflict with current legislation on data retention;
  • Right to obtain the limitation of processing of your personal data;
  • Right to object at any time, for reasons related to your particular situation, to the processing of your personal data.

The user can exercise the above rights with a request addressed without formalities to the data controller by hand delivery, traditional mail, registered letter, fax or by e-mail to the following address: Castle (CT).

To facilitate the exercise of these rights, the Italian Personal Data Protection Authority has prepared a specific form that can be downloaded from the website www.garanteprivacy.it.

6.Right to lodge a complaint

The user has the right to lodge a complaint with a supervisory authority (in particular the Italian Authority for the Protection of Personal Data www.garanteprivacy.it).

7. Update of the information

Xenia Document Management s.r.l. will keep this information constantly updated and will publish the updated information on the websites concerned.