PRIVACY POLICY
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
Art. 1 Data controller, internal and third party managers and categories of appointees
With reference to the EU regulation. 2016/679 of 27 April 2016 "concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46 / EC (general regulation on data protection)", Studio Leone CdL with registered office in Milan viale Lodovico Scarampo 19, as "data controller" is required to provide some information regarding the processing of personal data contained in the database of our affiliated software HR Infinity Global Solution. present in the software database are collected, according to specific legal provisions and for the exclusive purposes of payroll and contribution processing. In addition to the specifically identified and authorized employees, these data are processed, in the role of "manager", by the company "HR Infinity Global Solution, owned by Zucchetti SPA" which carries out the management of the pay processing system. Some processing operations could be carried out also by other third parties, to which Zucchetti SPA could entrust certain activities, or part of them, as they are functional to the provision of the service. In this case, these subjects will be designated as Data Processors or Trustees based on the role they will be called upon to perform. Studio Leone CdL together with Zucchetti SPA will issue adequate operating instructions to the Managers or Officers who will be designated '' adoption of minimum security measures, in order to guarantee the confidentiality and security of the data.The data may also be communicated, in case of request, to the competent authorities, in fulfillment of obligations deriving from mandatory provisions of law.
Art. 2 Place of data processing
The treatments connected to the web services of the "HR Infinity Global Solution" portal will take place in Italy. No data deriving from the web service will be communicated or disseminated, except in cases expressly provided for by law or as a result of specific agreements. The personal data provided by users are used only to perform the service or provision requested and are communicated to third parties only in the event that this is necessary for this purpose. Among these subjects, national bodies can be identified such as: INPS, INAIL and Casse Edili, Provincia and others that carry out data processing or acquisition services or that provide complementary services.
Art. 3 Types of data processed
Navigation data computer systems and software procedures used to operate the services acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties but which, by their very nature, could, through processing and association with other data held - including by third parties - allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the request, the method used to submit the request. to the server, the size of the file obtained in response, the numerical code indicating the status of the response data from the server (successful, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site. Data provided voluntarily by the user The personal data and the details of the identification document provided as well as the telephone numbers and the e-mail message are collected in the computer archives and in any paper evidence at Studio Leone CdL and / or from third parties identified and authorized by the "Data Controller". The aforementioned data and contact details can be used for service or information communications. Temporary or permanent session files (cookies) Cookies are not used to transmit information of a personal nature. The so-called session cookies are limited to the transmission of session identifiers, generated by the serving system (server), necessary to allow safe and efficient exploration of the site. The so-called session cookies used avoid the use of other IT techniques and could be harmful to the confidentiality of users' browsing and not the acquisition of the user's personal identification data.
Data provision: Failure to provide data makes it impossible to access and obtain the telematic service.
Art. 4 Purpose of the Treatment
The personal data collected by the companies are processed by Studio Leone CdL for the accomplishment of institutional purposes in the field of work connected to the obligations established by laws, regulations and community and regional legislation as well as by provisions issued by Authorities legitimated by the law. In particular, the data is collected for all activities related to pay processing management.
Art. 5 Processing methods
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.In relation to the aforementioned purposes, the processing of personal data takes place using manual, IT and telematic tools, with logic strictly related to the purposes. and, in any case, in order to guarantee the security of the data. In any case, all these data are processed in compliance with the aforementioned legislation and confidentiality obligations.
Art. 6 Rights of interest of the parties
Interested parties may exercise the rights provided for by the Privacy Code at any time, including that of obtaining confirmation of the existence of data concerning them and requesting its origin; know the updated list of Managers; verify the accuracy of the data, request their correction, updating or integration or the cancellation or blocking for those processed in violation of the law or oppose their use for legitimate reasons to be highlighted in the request, by contacting the Data Controller .
As a subject authorized to access HR Infinity Global Solution through our portal of Studio Leone CdL, in accordance with the requirements for the Data Processor, I undertake to:
- comply with the obligations relating to confidentiality and I declare that I have the necessary training in the field of personal and / or sensitive data protection. I also undertake to respect the scope of the treatment allowed by complying with the following.
Operating Instructions
All the provisions contained in the European Regulation 679/2016 must be strictly observed with particular reference to the following fundamental points:
- the obligation to maintain due confidentiality with regard to the information they become aware of during the course of the assignment which must remain in any case, even when the assignment itself has ceased (Article 326 of the Criminal Code);
- purpose of the processing: the processing of personal data is allowed only for the fulfillment of legal obligations or for the performance of services entrusted by the interested party to whom the data refer, in compliance with the provisions of Article 6 of the Regulation;
- processing methods: data processing can be carried out manually, using IT, telematic tools or other media. In compliance with the provisions of Article 5 of the regulation, the processing must be carried out in compliance with the principle of relevance and not excess with respect to the purposes of the processing itself; therefore, the acquisition of only personal and sensitive data strictly indispensable to fulfill legal obligations or for the purposes requested by the interested party is permitted;
- each acquisition of data must be preceded by specific information to the interested party in compliance with the principles set out in Article 12 of the Regulation, taking care, in the case of documents deemed potentially classified as sensitive or personal, to make express reference to the legislation that provides for obligations or tasks on the basis of which the processing is carried out or the assignment given by the interested party to whom the data refer;
- the data must be processed lawfully and fairly;
- any form of dissemination and communication of the personal data processed that is not functional to the performance of their obligations or the tasks entrusted by the person to whom the data refers is prohibited.
- for the processing, the laws on the protection of the confidentiality of personal data must be observed and the protection measures provided for by Article 25 of the Regulation must be applied; for the methods of processing sensitive and personal data, without prejudice to compliance with the provisions of Article 25, the application of the provisions in force on the subject and the instructions given by the Data Controller and the Data Processor, the documents processing and not definitive) and the supports bearing sensitive or personal data must be stored in furniture elements equipped with locks and must not be left unattended in the absence of the person in charge;
- for the processing of data relating to health: the supports and documents bearing such data must be stored separately in containers fitted with a lock.
In particular, the authorized subject:
- will always use their authentication credentials, avoiding operating on the terminals of others and / or leaving a work session open, after having identified themselves with their login and password in case of removal, even temporarily from the workplace, in order avoid unauthorized treatments and always allow the identification of the author of the treatment;
- choose a password that cannot be easily reconstructed from your personal data, which is different from the login name;
- strictly keep your password that allows access to the application and avoid communicating it to third parties;
- do not communicate the results of the application queries to third parties;
- keep computer and / or paper supports containing personal and sensitive data in order to prevent said documents from being accessible to persons not authorized to process such data;
- in the event of a security incident being ascertained or suspected, immediate notice must be given to the Data Controller and to the Data Processor; meaning the Studio Leone CdL.