Privacy Policy

This privacy policy is to provide all the information on the processing of personal data carried out by STOREIS s.r.l. when the User accesses and navigates this site (as indicated below).

  1. 1. INTRODUCTION – WHO WE ARE?

STOREIS s.r.l. with registered office in Padua – Via Carlo Leoni, No. 7, VAT No. and Fiscal Code No. 05113300288 and registration number in the Italian trade Register of Padua under number 05113300288 (hereinafter, “Controller” or “Data Controller”), manager of the internet website www.store.is (hereinafter, the “Website”), in its capacity as data controller in relation to personal data pertaining to the users using the Website (hereinafter, the “Users”) hereby provides the privacy policy pursuant to art. 13 of the Regulation EU 2016/679 of the Council of 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).

  1. 2. HOW TO CONTACT US?

The Data Controller takes into the utmost consideration the right to privacy and protection of personal data of its Users. For any information in relation to this privacy policy, Users may contact the Data Controller at any time, using the following methods:

  • By sending a registered letter with return receipt to the registered office of the Data Controller in Padua, Via Carlo Leoni, No. 7 (Italy);
  • By sending an e-mail to: privacy@store.is.

The Data Controller has not identified a Data Protection Officer (DPO), as it is not subject to the designation obligation provided for in art. 37 of the Regulation.

  1. 3. WHAT DO WE DO? – PROCESSING PURPOSES

By browsing the Website, the User can keep up to date with the services and activities developed and/or promoted by the Data Controller, request information from the Data Controller, send requests and/or applications to become part of the Data Controller’s team, subscribe to events and to the Data Controller’s newsletter service.

In connection with the activities that may be carried out through the Website, the Data Controller collects personal data relating to Users.

This Website and the services eventually offered through the Website are reserved to subjects over the age of 18 years old. Hereby, the Data Controller does not collect personal data pertaining to subjects under the age of 18 years old. At request of the Users, the Data Controller will promptly delete all the personal data, involuntarily collected, pertaining to subjects under the age of 18 years old.

Particularly, the personal data of the Users will be lawfully processed for the following purposes:

  1. a) contractual obligations and provision of the requested service, i.e., to allow the navigation of the Website and to execute the specific requests of the User, including generic, commercial and press requests, sending of CV and registration to events, received by the Data Controller through the Website. 

The user data collected by the Data Controller for these purposes include:

  CV’s section: name, surname, e-mail address, application role, country, LinkedIn profile as well as all information and personal data voluntarily entered by the User in the curriculum vitae and cover letter attached by the User to the application. The data provided by the User will be processed in order to ascertain the identity of the User (also by validating the e-mail address), thus avoiding possible fraud or abuse and to process the User’s request regarding the possibility of establishing a business/collaboration activity with the Data Controller and, in particular, to i) send the User any information relating to the Data Controller’s sector of activity (reports, case studies, etc.) or to the Data Controller itself (logistical information such as the location of the interview, interview procedures, etc.), which is necessary or even only useful for the User with a view to any interview to which the User may be invited by the Data Controller; ii) communicate with the User solely for reasons related to the selection process (communication of the dates of any interviews, communication of the outcome of the selection, etc.);

  info request section (commercial – press – proposal as supplier – generic): name, surname, e-mail address, company and role, application role, type of request, country, as well as all the information and personal data voluntarily entered by the User in the “Request description” field. The User’s personal data will be processed by the Data Controller for the exclusive purpose of ascertaining the User’s identity (also by validating the email address), thus avoiding possible fraud or abuse, and contacting the User for service reasons only in order to follow up on the User’s request;

  Section Thesis / Project Work: name, surname, e-mail address, type of request, country, as well as all information and personal data voluntarily entered by the User in the “Request description” field. The User’s personal data will be processed by the Data Controller for the exclusive purpose of ascertaining the User’s identity (also by validating the email address), thus avoiding possible fraud or abuse, and contacting the User for service reasons only in order to follow up on the User’s request;

  event registration section: name, surname, e-mail address, company and role, application role, country. The User’s personal data will be processed by the Data Controller for the exclusive purpose of ascertaining the User’s identity (also by validating the e-mail address), thus avoiding possible fraud or abuse, and contacting the User solely for service reasons related to the User’s participation in the event (sending confirmation of the date and place of the event, sending material related to participation in the event, etc.).

  1. b) administrative and accounting purposes, i.e., to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
  1. c) legal obligations, i.e., to comply with obligations imposed by law, an authority, a regulation or European legislation.

Unless the User gives the Data Controller a specific and optional consent to the processing of his/her data for the further purpose provided for in paragraph 4 below, the User’s personal data will be used by the Data Controller for the exclusive purpose of contacting the User solely for service reasons based on the User’s request (e.g., to send the information requested by the User), as better specified above. Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances will the Data Controller make Users personal data accessible to other Users and/or third parties.

The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to contact the Data Controller for the purposes indicated on the Website through the appropriate sections provided by the Data Controller on the Website.

The personal data that are necessary for the pursuit of the processing purposes described in this paragraph 3 are indicated with an asterisk in the forms provided by the Controller on the Website.

  1. 4. FURTHER PROCESSING PURPOSES

Marketing (sending information and advertising material, direct sales and commercial communication)

Some of the User’s personal data may also be processed by the Data Controller for marketing purposes (sending of informative and advertising material, direct sales and commercial communications), or so that the Data Controller may contact the User by e-mail, to propose to the User the purchase of products and/or services offered by the Data Controller and/or third party companies, to present offers, promotions, commercial opportunities as well as content (such as, by way of example, insight reports, analyses, statistics, etc.) relating to the sector of activity of the Data Controller and/or the clients or partners of the Data Controller. By filling in the forms on the Website (located in the sections indicated in paragraph 3 above), the User may express his/her consent to the receipt of marketing (receipt of informative, advertising, direct sales and commercial communication material).

It will also be possible to give the consent by filling in the newsletter subscription form, also present on the Website. The User data collected are name, surname, e-mail address, company and role, country.

The personal data that are necessary for the pursuit of the processing purposes described in this paragraph 4 are indicated with an asterisk in the forms provided by the Controller on the Website.

In the event of lack of consent, the possibility of contacting the Data Controller for the purposes indicated on the Website through the appropriate sections provided by the Data Controller, as better indicated in paragraph 3 above, is not affected in any way.

In case of consent, the User may revoke it at any time by making a request to the Controller in the manner indicated in paragraph 8 below.

You may also easily object to further promotional communications by email by clicking on the opt-out link in each promotional email. Once your consent has been withdrawn, you will receive a notice confirming that your consent has been withdrawn.

The Data Controller informs that, following the exercise of the right to object to the sending of promotional communications by e-mail, it is possible that, for technical and operational reasons (e.g., the formation of contact lists already completed shortly before the receipt by the Data Controller of the request for objection) the User will continue to receive some further promotional messages. If you continue to receive promotional messages after 24 hours of exercising your right to object, please report the problem to the Data Controller using the contact details set out in paragraph 8 below

  1. 5. LEGAL BASIS FOR PROCESSING

Contractual obligations and provision of the service (as described in paragraph 3(a) above): the legal basis consists of art. 6, paragraph 1(b) of the Regulation, i.e., the processing is necessary for the performance of a contract to which the User is a party or for the performance of pre-contractual measures taken at the User’s request.

Administrative and accounting purposes (as described in section 3(b) above): the legal basis consists of art. 6, paragraph 1(b) of the Regulation, as the processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures taken at the request of the User.

Legal obligations (as described in paragraph 3(c) above): the legal basis is art. 6, paragraph 1(c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.

Further processing purposes: for processing relating to marketing activities (as described in paragraph 4 above), the legal basis is art. 6, paragraph 1(a) of the Regulation, i.e., the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Data Controller asks the User to provide specific free and optional consent to pursue such processing purpose.

  1. 6. PROCESSING METHODS AND DATA RETENTION PERIOD 

The Data Controller shall process the Users’ personal data by means of manual and computerized tools, with logic strictly related to the purposes thereof and, in any case, in such a way as to guarantee the security and confidentiality of the data.

The personal data of the Website’s Users will be stored for the time strictly necessary to fulfil the primary purposes illustrated in paragraph 3 above, or in any case as long as necessary to protect the interests of both the Users and the Data Controller under civil law, and in any case:

  no more than 24 months for data collected through the CV sending section;

  no more than 24 months for data collected through the info request section (commercial – press – proposal as supplier – generic);

  no more than 24 months for data collected through the Thesis / Project Work request section;

  no more than 24 months in respect of data collected through the event registration section

unless the User has also given the Data Controller his/her free and optional consent to process his/her personal data for marketing purposes.

In the case referred to in paragraph 4 above, Users’ personal data shall be stored for the time strictly necessary to fulfil the purposes set out therein and, in any case, until Users revoke their consent and no longer than 36 months.

  1. 7. TRANSMISSION AND DISSEMINATION OF DATA

The User’s personal data may be transferred outside the European Union, and, in this case, the Data Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate guarantees) of the Regulation.

The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Website and the Users’ requests. These subjects, who have been instructed in this sense by the Data Controller pursuant to art. 29 of the Regulation, will process the data of the Users exclusively for the purposes indicated in this privacy policy and in compliance with the provisions of the Applicable Law.

Users’ personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors, such as, by way of example, suppliers of IT and logistics services functional to the operation of the Website, suppliers of outsourcing or cloud computing services, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Data Controller by making a request to the Data Controller in the manner indicated in paragraph 8 below.

  1. RIGHTS OF THE DATA SUBJECTS

Users may exercise their rights granted by the Applicable Law by contacting the Data Controller as follows:

  By sending a registered letter with return receipt to the registered office of the Data Controller in Padua, Via Carlo Leoni, No. 7 (Italy);

  By sending an e-mail to: privacy@store.is.

The Data Controller has not identified a Data Protection Officer (DPO), as he is not subject to the designation obligation provided for in art. 37 of the Regulation.

Pursuant to Applicable Law, the Data Controller informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the Controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.

Furthermore, Users have the right to obtain:

  1. a) Access, updating, rectification, or, when interested, integration of data;
  2. b) The cancellation, transformation into anonymous form or the restriction of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;
  3. c) Certification to the effect that notification has been supplied of operations as per letters a) and b), as regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.

Moreover, the Users have:

  1. a) The right to withdraw consent at any time, if the processing is based on their consent;
  2. b) (if applicable) The right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device);
  3. c) The right to oppose to:
  4. i) in whole or part, for legitimate reasons, the processing of personal data relating to you for legitimate reasons even pertinent to the purpose of collection;
  5. ii) in whole or part, the handling of personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;

iii) if personal data is processed for direct marketing purposes, at any time, to the processing of data for this purpose, including profiling in so far as it is related to such direct marketing.

  1. d) If it is deemed that the processing concerning their personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).

____________ 

The Data Controller is not responsible for updating all links viewed in this Privacy Policy, therefore, whenever a link does not work and/or is not updated, the Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.