Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of EU Regulation No. 679/2016.

In order to conduct a fair and transparent treatment, SCE Project S.r.l. renders the following information – drafted pursuant to Article 13 of EU Regulation 679/2016 on the “Protection of Individuals with regard to the Processing of Personal Data” (“GDPR“) and Legislative Decree 196/2003 (“Privacy Code“), as amended by Legislative Decree 101/2018 – regarding the personal data of the data subjects collected and processed in the context of the use of the website accessible at www.sceproject.it (“Site“).

  1. Data controller and Data Protection Officer (DPO) -Who processes personal data?

The entity that determines the means and purposes of the processing of your personal data, i.e. the data controller, is SCE Project S.r.l., with registered office in Milan (MI), Viale Sarca, 336/F, 20126, C.F. and P.IVA 05170530967 (“DataController“).

Any request relating to the processing operations referred to in this policy and concerning your personal data may be addressed to the Data Controller, by mail at the registered office or by sending an e-mail to info@sceproject.it, or by contacting the Data Protection Officer (DPO) designated by the Data Controller, pursuant to Article 37 of the GDPR. The DPO may be contacted by e-mail at dpo@sceproject.it or by mail at the address of the Holder’s registered office, addressing the communication to the attention of the DPO.

  1. Purpose of processing, how we collect, origin of data, and manner of processing – What personal data do we process? How do we collect it?

The Controller processes the following categories of personal data of data subjects (collectively, “Personal Data“):

  1. identification and contact data: first name, last name, e-mail address and any other personal data contained in the curriculum vitae and cover letter voluntarily submitted by the data subject through the form in the “Work with us” section or provided by the data subject for newsletter subscription through the appropriate form on the Site;
  2. browsing data: IP address, type of browser used, browsing log;

The Personal Data of data subjects are collected:

  1. directly by the data subject: by filling out the contact form in the “Work with us” section of the Site or by filling out the newsletter subscription form on the Site;
  2. through automated tools: during the use of the Site, some Personal Data (such as IP address, type of browser used and navigation logs ) may be collected automatically through cookies and other similar technologies, as specified in the cookie policy accessible from the Site footer.

The processing of Personal Data is carried out by means of computer and telematic tools, with logics strictly related to the indicated purposes and in such a way as to guarantee the security and confidentiality of the data, in compliance with the principles set forth in Article 5 of the GDPR. The Data Controller has implemented specific technical and organizational security measures to protect Personal Data from unauthorized access, ensuring that they can only be processed by duly authorized and adequately trained personnel (as better specified in point 3 below). The computer systems used are equipped with advanced protection mechanisms, including periodic backup systems and secure data transmission protocols, in order to preserve their integrity and prevent their loss.

3. Recipients of personal data – To whom are personal data disclosed?

Data subjects’ Personal Data will be processed exclusively by:

  1. Personnel authorized by the Data Controller: employees and collaborators of the Data Controller who need access to Personal Data for the performance of their duties, duly authorized and instructed in the protection of personal data in accordance with Article 29 of the GDPR and Article 2-quaterdecies of the Privacy Code;
  2. Data Processors: third parties that the Data Controller uses for the provision of specific services, appointed as data processors pursuant to Article 28 of the GDPR, such as (i) IT and hosting service providers ; (ii) Site maintenance and development service providers; (iii) technical support service providers.
    A complete and up-to-date list of data processors can be obtained from the Data Controller at the contact details given in section 1.
  3. Authorities and public bodies: in cases provided for by law and for the fulfillment of regulatory obligations.

The Data Subjects’ Personal Data will not be disseminated under any circumstances, i.e., it will not be disclosed to unspecified parties, in any form, including by simply making it available or consulting it.

4. Legal basis and purpose of processing – Why do we process personal data?

In accordance with the principles of lawfulness, fairness, transparency, appropriateness, relevance and necessity set forth in Article 5(1) of the GDPR, the Data Controller will process the Personal Data of data subjects for the following purposes:

  1. Allow navigation on the Site [legitimate interest/consent].
    This purpose includes the collection and processing of browsing data in order to enable the proper functioning of the Site, monitor its performance and improve the browsing experience. The legal basis for this processing is the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) in ensuring the proper functioning of the Site. The provision of data for this purpose is necessary and, without it, the navigation and functionality of the Site may be impaired. In addition, the Data Controller performs statistical analysis on the use of the Site by collecting information in aggregate form. This processing is based on the consent of the data subject (Art. 6(1)(a) GDPR), which can be freely managed through the cookie settings. The provision of data for this sub-purpose is optional and failure to provide consent will in no way affect the ability to browse the Site.
  2. Manage applications received through the “Work with Us” section [execution of pre-contractual measures].
    This purpose includes the processing of the Personal Data provided by the data subject (identification and contact data, as well as all data included in the CV and cover letter) for the evaluation of the professional profile for the purpose of a possible establishment of an employment or collaboration relationship. The legal basis for this processing is the need to execute pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) of the GDPR), in accordance with the provisions also of Art. 111-bis of the Privacy Code. The provision of data for this purpose is necessary. Without it, it will not be possible for the Holder to evaluate the submitted application.
  3. Send promotional and informational communications via newsletter [consent]
    This purpose includes the sending of periodic informative and promotional communications related to the activities, services and initiatives of the Owner, via email. The processing also includes the analysis of the data subject’s interactions with the communications sent (opening of emails, clicks on links) to improve the quality of the service offered. The legal basis for this processing is the consent of the data subject (Art. 6(1)(a) GDPR). Providing data for this purpose is optional and failure to provide consent will in no way affect the ability to browse the Site and use its features.
  4. Ensuring the security of the Site and preventing fraudulent activities [legitimate interest].
    This purpose includes processing the Personal Data of data subjects to monitor and prevent unauthorized access to and misuse of the Site. The processing includes the analysis of access logs and IP addresses. The legal basis for this processing is the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) in protecting the security of the Site and the integrity of the data it contains. The provision of data for this purpose is necessary to ensure security in the use of the Site.
  5. Fulfilling legal obligations [legal obligation]
    This purpose includes the processing of Personal Data necessary to fulfill obligations under laws, regulations and EU legislation. The legal basis for this processing is the need to fulfill a legal obligation to which the Data Controller is subject (Art. 6(1)(c) GDPR). The provision of data for this purpose is necessary.
  6. Protecting the rights of the Holder[legitimate interest].
    This purpose includes the processing of Personal Data to establish, exercise or defend a right of the Data Controller in or out of court. The legal basis for this processing is the legitimate interest of the Controller (Art. 6(1)(f) GDPR) in protecting its rights, based on the constitutionally guaranteed right to defense. The provision of data for this purpose is necessary.

5. Data retention period – How long do we keep personal data?

The Data Subject’s Personal Data will be kept for as long as is strictly necessary to pursue the purposes for which it was collected, in accordance with the principles of minimization and limitation of storage set forth in Article 5(1)(e) of the GDPR.

Specifically, the Data Subject’s Personal Data will be retained for the following periods:

  1. Navigation on the Site: navigation data, if not anonymous, will be kept for a maximum period of 12 months after collection. Anonymous browsing data used for statistical purposes may be retained for a longer period, as they are excluded from the scope of personal data protection legislation.
  2. Application management: the Personal Data provided for application purposes will be kept for a maximum period of 24 months from their receipt, in order to allow the Holder to evaluate the candidate also for any positions that may open up in the future, without prejudice to the possible establishment of the employment relationship.
  3. Newsletter: Personal Data provided for newsletter subscription will be retained until the data subject withdraws consent or voluntarily unsubscribes from the list of subscribers. In the event of prolonged inactivity of the data subject (failure to open communications for a period of more than 24 consecutive months), the Data Controller may proceed to the automatic deletion of the data upon notice to the data subject.
  4. Site Security: the Data Subject’s Personal Data processed for security purposes will be retained for up to 24 months after the Data Subject’s last activity on the Site.
  5. Fulfillment of legal obligations and protection of the Controller’s rights: Personal Data will be retained for as long as necessary to fulfill legal obligations and in any case no longer than the statute of limitations provided by the applicable legislation for the protection of rights.

At the end of the above periods, the Personal Data will be deleted or anonymized, without prejudice to any further retention necessary to comply with regulatory obligations or to enable the Data Controller to establish, exercise or defend its rights in court.

6. Data transfer – Where are data transferred to?

In general, the Data Controller does not transfer Data Subjects’ Personal Data to countries outside the European Union or to international organizations. Should this occur, the Data Controller guarantees that all transfers will be subject to the safeguards set forth in Article 45 of the GDPR and/or the appropriate protections described in Article 46 of the GDPR, such as the Standard Contractual Clauses adopted by the European Commission.

7. Rights of the data subject – What are your rights?

We would like to inform you that, pursuant to and for the purposes of the GDPR, for the periods referred to in Article 5 of this notice, you have the right to:

  1. request from the Controlleraccess to the Personal Data and information of the related processing and possible copy in electronic format, unless specifically requested otherwise (Art. 15 of the GDPR);
  2. request rectification and/orintegration of Personal Data, without undue delay (Art. 16 of the GDPR);
  3. for specific reasons (e.g., unlawful processing, absence of the purpose of processing), request deletion of Personal Data, without undue delay (Art. 17 of the GDPR);
  4. in the occurrence of specific cases (e.g., inaccuracy of Personal Data, unlawfulness of processing, exercise of a right in court), request restriction of processing (Art. 18 of the GDPR);
  5. in case of automated processing, to receive the Personal Data in a readable format, for the purpose of its communication to a third party, or, where technically feasible, to request the transmission of the Personal Data by the Controller directly to such third party (so-called right to personal data portability – Art. 20 of the GDPR);
  6. object at any time to the processing of Personal Data that has as its legal basis the legitimate interest of the Data Controller (Article 21 of the GDPR). In the event that the right to object is exercised, the Data Controller will refrain from further processing of Personal Data, unless it demonstrates the existence of compelling legitimate grounds for processing that override the interests, fundamental rights and freedoms of the data subject, or for the establishment, exercise or defense of a right in court;
  7. to revoke consent at any time, limited to cases where processing is based on consent for one or more specific purposes, without affecting the lawfulness of processing based on consent given before revocation (ex Art. 13(2)(c) GDPR). In particular, with regard to the newsletter, the data subject may revoke consent at any time by using the unsubscribe link in any communication sent or by contacting the Controller directly.
  8. be informed by the Controller, without undue delay, of any breach or unauthorized access by third parties to its systems containing Personal Data (so-called data breach – Article 34 of the GDPR);
  9. to lodge a complaint with the supervisory authority of the EU country where he/she normally resides, works or where he/she believes a violation of his/her rights has occurred (Art. 77 of the GDPR).

For further information regarding the terms and conditions for the exercise of your rights, you may consult the text of the GDPR published on the website of the Guarantor for the Protection of Personal Data (www.garanteprivacy.it), or contact the Data Controller in the forms provided for in point 1 of this notice. Pursuant to Article 12 of the GDPR, the Data Controller will provide data subjects with information about the actions taken in relation to a request to exercise rights without undue delay and, in any case, within one month of receipt of the request. This period may be extended up to three months in cases of particular complexity; in the latter case, the Controller will inform the data subjects of the extension and the reasons for the delay within one month of receipt of the request.

Search
Do you want to work with us?

Submit your application for the position Privacy Policy

Candidati Ora
Contact us!

Fill out the contact form below or call us at +39 0123456789

  • Milan
  • Rome
  • Tirana
  • Ho Chi Minh
  • Singapore
Scrivici Form

Do you want to work with us?

See open positions