Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

of users consulting this website pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)

This page describes, in accordance with Regulation (EU) 2016/679, the methods for processing users' Personal Data collected during browsing of this Site www.birth.it or provided directly by the data subject by filling in forms and contact addresses.

This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the site but which refer to resources outside this site.

1. Data Controller

The Data Controller is Original Birth S.p.A., with registered office in Pignataro Maggiore (Caserta), at Strada Statale Appia Km 192.500 Zona ASI - VAT reg. no. 01539491215 - Email birth@birth.it.

2. Types of data collected - Purposes - Legal basis
   1. “CONTACT” FORM- Data provided directly by the data subject by filling in and sending the contact forms. The explicit and voluntary sending of messages to the contact addresses, as well as the filling in and forwarding of the forms on the site, entail the acquisition of the sender's contact data, as well as all personal data included in the communications.

These data are processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which they were collected and processed.

1. 1. 1. Purpose: to respond to requests sent by the data subject.

Legal basis: legitimate interest, processing is necessary to respond to requests; for the execution of pre-contractual measures taken at the request of the data subject.

1. 1. 2. Purpose: to send promotional information for marketing purposes. These communications may be by e-mail (such as the sending of newsletters) or through other channels such as telephone calls, regular mail, fax, text messages and social media.

Legal basis: consent of the data subject

1. 2. “NEWSLETTER” FORM - Data provided directly by the data subject by filling in and sending the form to subscribe to the newsletter. The optional, explicit and voluntary subscription to the newsletter on this site involves the acquisition of the sender's contact data.

These data are processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which they were collected and processed.

1. 1. 1. Purpose: to send promotional information for marketing purposes.

Legal basis: consent of the data subject - Opt out: Possibility to withdraw consent in each newsletter communication.

The platform MailUp is used for the management of the newsletter, and the data are transferred to the operator of the service for the provision of the service with the processing taking place in the manner specified by the privacy policy of the service:

https://www.mailup.it/informativa-privacy/

1. 3. “E-COMMERCE” FORM - Data provided directly by the data subject by filling in and sending the registration forms or authentication for the purchase of goods and/or services offered by the website. The explicit and voluntarily filling in of the registration form or the sending of the form for authentication to purchase goods and/or services involves the acquisition of the sender's contact details and identification of the sender, in order to enable the desired purchases, as well as data for the selected payment, the information about the orders placed and pre-filling out of checkout information for the shipping and invoicing.

These data are processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which they were collected and processed.

1. 1. 1. Purpose: to provide the service of purchasing the goods and/or services offered on the website.

Legal basis: the performance of a contract.

1. 4. “WORK WITH US” FORM - Data provided directly by the data subject by filling in the self-application form and sending their CV. Filling in and submitting the form on the website entails the acquisition of the sender's contact details, as well as all the personal data included in the attached CV.

Although the unsolicited sending of a curriculum vitae does not require consent to the processing of "common data", it remains necessary to consent to the processing of data belonging to the special categories referred to in article 9 of Regulation (EU) 2016/679 (i.e. personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade-union character, as well as personal data disclosing health and sex life), which may be contained in the Curriculum Vitae. The candidate is informed that such collection will concern only “special categories of personal data" which are relevant for the purposes of assessing the professional aptitude of the data subject, within the limits in which the acquisition of such information is strictly indispensable for the establishment of the employment relationship or partnership and does not conflict with the provisions of Law no. 300/1970 (known as the Statute of Workers), of Law No. 135/1990 and with the rules on equal opportunities or aimed at preventing discrimination. These data are processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which they were collected and processed. The data subject is informed that by sending the form and his/her Curriculum Vitae attached to it on an unsolicited basis, he/she gives his/her consent for the Data Controller to process the data and communicate the common and special personal data to the subjects and for the purposes indicated in this information notice.

1. 1. 1. Purpose: to respond to requests sent by the data subject via the self-candidacy form, assessment of the profile, aptitudes and professional skills, recruitment and selection of personnel aimed at establishing a working relationship or partnership with the Data Controller.

Legal Basis: legitimate interest, processing is necessary to evaluate and respond to the application; for the performance of pre-contractual measures taken at the request of the data subject.

1. 5. Website browsing data

In order to operate correctly, this site acquires certain personal data during normal browsing, including IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. Browsing data are not collected for the purpose of identifying users, but for the sole purpose of collecting, in an anonymous form, statistical information on the use of the site and its services.

1. 6. Cookies

Cookies are short text strings which the sites visited by the user sends to his or her terminal (usually to the browser), where they are stored and then re-transmitted to the same sites when the user visits them again in the future. While navigating on the website, the user may also receive cookies on his or her terminal sent from different sites or web servers (known as “third parties”), which may house certain elements (such as, for example, images, maps, sounds, specific links to pages in other domains) found on the website being visited. Cookies, which are usually present in a very high number in users' browsers and sometimes also have long-lasting characteristics, are used for different purposes: performing computer authentication, monitoring sessions, storing information on specific configurations concerning users accessing the server, etc. In this regard, and for the purposes of this provision, two macro-categories are therefore identified: 'technical' cookies and 'profiling' cookies. See Cookie Policy for more details

3. Categories of recipients of personal data

The following categories of persons may become aware of your data: The data controller and the persons authorised to process data, appointed in writing by the undersigned company, such as partners, accounting and invoicing staff, sales staff as well as consultants, in their position as external data processors, to the extent necessary to carry out their duties within our organisation, subject to a letter of appointment and/or the stipulation of a contract imposing a duty of confidentiality and security, as well as persons who need access to the data for legal advice, for purposes ancillary to the relationship between the parties, such as the execution of contracts in place, to the extent strictly necessary to carry out the ancillary tasks entrusted to them.

In addition to the Data Controller, in some cases, other parties involved in the organisation of this website (administrative, sales, marketing or legal staff or system administrators) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data. The list of Data Processors can be requested from the Data Controller at any time.

4. Data processing procedures

The data is processed using instruments and procedures that guarantee security and confidentiality and that may be carried out either on paper or by automated computerised means for storing, managing and transmitting the data.

The Data will be processed by the Data Controller at its own operational headquarters or within the territory of the European Union and the European Economic Area. Should it be necessary, for technical, organisational and/or operational reasons, to make use of parties (among those indicated in the above list) located outside the European Union or the European Economic Area, please note that the Company will ensure that the processing of data by these parties takes place in compliance with the applicable legislation. Therefore, transfers will be made by means of appropriate safeguards, such as adequacy decisions, model Standard Contract Clauses approved by the European Commission or other safeguards deemed appropriate. The data subject may request further information by writing to the following e-mail address: birth@birth.it.

5. Disclosure and Dissemination

The data will not be disclosed to unspecified parties by being made available or by consultation.

The data may be communicated, as far as their respective and specific competence is concerned, to Bodies and in general to any public or private party with respect to whom there is an obligation (or authority recognised by legal norms or secondary or community regulations) or a need for communication.

6. Rights of data subjects

Articles 15 to 22 of the GDPR EU 2016/679 give data subjects specific rights. In particular, the right to obtain confirmation as to whether or not personal data exist, access to and rectification or erasure of personal data or the restriction of processing concerning him or her, or to object to the processing of personal data, as well as the right to data portability, communication of such data and the purposes for which the processing is based. In addition, data subjects have the right to withdraw their consent at any time without prejudice to the lawfulness of processing based on the consent given before withdrawal, the transformation into an anonymous form or the blocking of data processed in breach of the law, as well as the updating or, where there is an interest therein, the right to have the data completed. Data subjects have the right to object, on legitimate grounds, to such processing.

Notifications of any changes in personal data must be sent promptly to the Data Processor in order to comply with Article 16 of the aforementioned legislation, which requires that the data collected be accurate and, therefore, up-to-date.

Data subjects who consider that the processing of their personal data carried out through this website is in breach of the provisions of the Regulation have the right to lodge a complaint with a supervisory authority (for Italy: Garante per la protezione dei dati personali (Data Protection Supervisory Authority) www.garanteprivacy.it), as provided for in Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).