Privacy Policy
This privacy policy aims to provide all the information regarding the processing of personal data carried out by Sun-TIMES srl when the User browses the Website (as better specified below).
1. INTRODUCTION – WHO ARE WE?
Sun-TIMES S.r.l., with registered offices in Via Giosuè Borsi, 9, 20143 Milan MI, Tax Code/VAT No. 01231370113 (hereinafter the “Controller”), owner of the website https://www.suntimes.it/ (hereinafter the “Website”), as the controller of personal data of the users who browse on the Website (hereinafter the “Users”) provides the following privacy policy according to Article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).
2. HOW TO CONTACT US?
The Controller takes the utmost account of its Users’ right to privacy and protection of personal data. For any information related to this privacy policy, Users may contact the Controller at any time, using the following methods:
- sending a registered letter with return receipt to the registered offices of the Controller, as indicated in par. 1 of this Privacy Policy;
- sending an electronic mail message to the address contabilita@sun-times.it
The Users may also contact the Data Protection Officer (DPO) appointed by the Controller at the following e-mail address: dpo@suntimes.it.
3. WHAT DO WE DO? – PROCESSING PURPOSES
By browsing the Website, the User can:
- be kept up to date on the services and activities developed by the Controller (hereinafter, the “Service”);
- send job applications, in accordance with the provisions of the “Become a Suntimer” section (https://careers.suntimes.it/) of the Website;
- communicate to the Controller his/her willingness to receive, for marketing purposes, commercial communications containing promotional material through which the Controller proposes the purchase of products and/or services offered by the Controller and/or third-party companies;
- register for events organized by the Controller;
- contact the Controller by e-mail to the address indicated on the Website.
In connection with the activities that may be carried out through the Website, the Controller collects personal data relating to the Users.
The services offered through the Website indicated above are reserved to subjects over the age of 18 years old. Hereby, the Controller does not collect personal data pertaining to subjects under the age of 18 years old. At request of the Users, the Controller will promptly delete all the personal data, involuntary collected, pertaining to subjects under the age of 18 years old.
The personal data of the Users will be processed lawfully by the Controller for the following processing purposes:
a) as regards the activity carried out by the User indicated under lett. a) above:
1. supply of the Service: to allow surfing of the Website by the User. The User’s data collected by the Controller to this end include all personal data whose transmission is implicit in the use of Internet communication protocols, that the computer systems and software procedures used to operate the Website acquire during their normal functioning: the IP addresses or domain names of the computers used by the Users, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.) and other parameters relating to the operating system and the User's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to allow its correct operation. Without prejudice to what is stipulated elsewhere in this privacy policy, under no circumstances the Controller will make the personal data accessible to other Users and/or third parties;
2. legal obligations, i.e., to fulfil obligations provided by law, an authority, a regulation or European legislation;
b) as regards the activity carried out by the User indicated under lett. b) above:
- processing the User’s request: the personal data of the Users are collected and processed by the Controller for the sole purpose of processing their request. The User’s data collected by the Controller for this purpose include name, contacts, other elements of personal identification, data relating to current job, curriculum vitae of studies and employment, as well as any other data that the User may have voluntarily communicate to the Controller, including his/her image and voice that may be inferred from his/her video presentation recording. No other processing will be carried out by the Controller in relation to the Users’ personal data. Without prejudice to what is provided elsewhere in this privacy policy, in no case will the Controller make the personal data of the Users accessible to other Users and/or third parties;
- administrative and accounting purposes, i.e., to carry out activities of an organizational, administrative, financial and accounting nature, such as internal organizational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
- legal obligations, i.e., to fulfil obligations provided by law, an authority, a regulation or European legislation;
c) as regards the activity carried out by the User indicated under lett. c) above:
- marketing (sending of advertising material, direct sales, commercial communication and newsletters): Users’ personal data are collected and processed by the Controller for marketing purposes (sending of advertising material, direct sales and commercial communication), i.e. so that the Controller can contact the User by e-mail to propose to the User the purchase of products and/or services offered by the Controller itself and/or by third party companies, to present offers, promotions and commercial opportunities. The User data collected by the Controller for this purpose include e-mail address;
- legal obligations, i.e., to fulfil obligations provided by law, an authority, a regulation or European legislation;
d) as regards the activity carried out by the User indicated under lett. d) above:
- processing the Users’ request for registration to the event: the Users’ personal data are collected and processed by the Controller for the sole purpose of processing their request for registration to the event. The User’s data collected by the Controller for this purpose include name, contacts, Company and any other data that the User may have voluntarily communicate to the Controller. No other processing will be carried out by the Controller in relation to the Users’ personal data. Without prejudice to what is provided elsewhere in this privacy policy, in no case will the Controller make the personal data of the Users accessible to other Users and/or third parties;
- legal obligations, i.e., to fulfil obligations provided by law, an authority, a regulation or European legislation.
e) as regards the activity carried out by the User indicated under lett. e) above:
- processing the User’s request: the Users’ personal data are collected and processed by the Controller for the sole purpose of processing their request. The User’s data collected by the Controller for this purpose include e-mail address. No other processing will be carried out by the Controller in relation to the Users’ personal data. Without prejudice to what is provided elsewhere in this privacy policy, in no case will the Controller make the personal data of the Users accessible to other Users and/or third parties. The User may easily oppose further sending of promotional communications by clicking on the appropriate link in each e-mail. Once the request has been made, the Controller will send the User an e-mail message to confirm that what the User has requested has been carried out.
The Controller informs that, following the exercise of the right to object to the sending of promotional communications by e-mail, it is possible that, for technical and operational reasons (i.e., the formation of contact lists already completed shortly before the receipt by the Controller of the request for objection) the User will continue to receive some further promotional messages. If the User continues to receive promotional messages after 24 hours of exercising your right to object, he can report the problem to the Controller using the contact details set out in paragraph 7 below. - administrative and accounting purposes, i.e., to carry out activities of an organizational, administrative, financial and accounting nature, such as internal organizational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
- legal obligations, i.e., to fulfil obligations provided by law, an authority, a regulation or European legislation.
The provision of personal data for the above processing purposes is optional but necessary, as failure to provide such data will make it impossible for the User to:
- with regard to the purposes indicated under lett. a) above, access the Website and to use the Service;
- with regard to the purposes indicated under lett. b) above, apply to be part of the Controller’s team;
- with regard to the purposes indicated under lett. c) above, receive promotional e-mails from the Controller;
- with regard to the purposes indicated under lett. d) above, register for the events organized by the Controller;
- with regard to the purposes indicated under lett. e) above, make their request to the Controller.
4. LEGAL BASIS
a.1)Supply of the service (as described in par. 3, lett. a.1) above): the legal basis consists of art. 6, par. 1, letter b) of the Regulation, since the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract;
a.2-b.3-c.2-d.2-e.3) legal obligations (as described in par. 3, lett. a.2), b.3), c.2), d.2) and e.3) above): the legal basis consists of art. 6, paragraph 1, letter c) of the Regulation, since the processing is necessary for compliance with a legal obligation to which the Controller is subject.
b.1) processing the User’s request (as described in par. 3, lett. b.1) above): the legal basis consists of art. 6, par. 1, lett. b) of the Regulations, since the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the data subject prior to entering into a contract;
b.2-e.2) administrative and accounting purposes (as described in par. 3, lett. b.2 and e.2 above): the legal basis consists of art. 6, par. 1, lett. b) of the Regulation, since the processing is necessary for performance of a contract to which the User is party or in order to take steps at the request of the data subject prior to entering into a contract;
c.1) marketing (as described in par. 3, lett. c.1) above): the legal basis consists of art. 6, par. 1, lett. a) of the Regulation, namely, the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Controller asks the User to provide a specific free and optional consent, in order to pursue such processing purpose;
d.1) processing the Users’ request for registration to the event (as described in par. 3, lett. d.1) above): the legal basis consists of art. 6, par. 1, lett. a) of the Regulation, namely, the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Controller asks the User to provide a specific free and optional consent, in order to pursue such processing purpose;
e.1) processing the User’s request (as described in par. 3, lett. e.1) above): the legal basis consists of art. 6, par. 1, lett. b) of the Regulation, since the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the data subject prior to entering into a contract.
5. PROCESSING METHODS AND DATA RETENTION PERIOD
The Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
As regards the purposes described in par. 3, lett. a), c.2), d.2) and e) above, the Users’ personal data will be retained for the time strictly necessary to carry out the purposes described therein and, in any case, as necessary for the protection in civil law of the interests of both the Users and the Controller.
As regards the purposes described in par. 3, lett. b) above, the Users’ personal data will be retained for the time strictly necessary to carry out the purposes described therein and, in any case, no later than 2 years after their collection, except for the possible establishment of the employment and/or collaboration relationship between the User and the Controller, and, in any case, as necessary for the protection in civil law of the interests of both the Users and the Controller.
As regards the purpose described in par. 3, lett. c.1) and d.1) above, Users’ personal data will be retained for the time strictly necessary to fulfil the purposes described therein and, in any case, until Users withdraw their consent.
In any case, this is without prejudice to possible retention periods provided for by laws or regulations.
6. TRANSMISSION AND DISSEMINATION OF DATA
The User’s personal data may be transferred outside the European Union and, in this case, the Controller will ensure that the transfer is carried out in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.
The employees and/or collaborators of the Controller who are in charge of carrying out Website maintenance may become aware of the personal data of the Users. These subjects, who have been instructed by the Controller accordingly to article 29 of the Regulation, will process the User's data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Controller as “Data Processors”, such as, for example, IT and logistic service providers functional to the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller, making a request to the Controller in the manner indicated in paragraph 7 below.
7. RIGHTS OF THE DATA SUBJECTS
Users may exercise their rights granted by the Applicable Law by contacting the Controller as follows:
- sending a registered letter with return receipt to the registered offices of the Controller, as indicated in par. 1 of this Privacy Policy;
- sending an electronic mail message to the address ….
The Users may also contact the Data Protection Officer (DPO) appointed by the Controller at the following e-mail address: dpo@suntimes.it.
Pursuant to the Applicable Law, Users have:
- the right to withdraw consent at any time, if the processing is based on their consent;
- the right of access to personal data;
- (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure (“right to be forgotten”);
- the right to object:
- in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
- in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
- if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, located in Piazza Venezia n. 11, 00187 - Rome (http://www.garanteprivacy.it/).
***
The Controller is not responsible for updating all links viewed in this Privacy Policy, therefore, whenever a link does not work and/or is not updated, the Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.