REGULATORY FRAMEWORK
EC Directive 2002/58/EC – on the processing of personal data and protection of private life in the field of electronic communications. EU Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with reference to the processing of their personal data, as well as the free circulation of such data, abrogating the EC directive 95/46/EC (General Data Protection Regulation).
THE DATA CONTROLLER
Following the surfing of this web site, data concerning identified or identifiable persons can be processed. The Data Controller is NAUTILUS - NAVIGATION IN SPACE SRL, with headquarters in Viale Giuseppe Fanin, 48, 40127 Bologna (BO), Italy, email: privacy@spacenautilus.com.
DATA PROCESSING PLACE AND STORING TIMES
The processing operations connected with the web services of this site are carried out at the seat of the above-specified Data Controller only by the expressly authorized staff, or by possible third suppliers in charge of occasional maintenance operations, appointed as Data Processors pursuant to article 28 of the GDPR. The collected data will be stored – for each type of data processed – only for the time needed to carry out the specific purposes explained in the special summarizing information notices displayed in the pages of the web site and drawn up for particular services.
TYPES OF DATA PROCESSED
Surfing data
The information systems and the software procedures needed for the operation of this web site acquire, during their normal exercise, some personal data whose transmission is implicit in the use of the Internet communication protocols. Such data are not collected to be associated with identified Data Subjects, but due to their nature, they could allow to identify the users, through processing and association with data held by third subjects. To this category of data belong the IP addresses or the domain names of the PC used by the users who connect to the web site, the URI notation addresses of the required resources, the time of the request, the method used while sending the request to the server, the dimension of the file obtained as an answer, the numeric code specifying the status of the answer given by the server (successful, error, etc.) and other parameters concerning the operation system and the user’s information environment. Such data are used only in order to obtain anonymous statistical information on the use of the web site and to control the correct operation and are cancelled immediately after their processing. The data could be used to ascertain the liability in case of possible cybercrimes damaging the web site: except for this eventuality, data on web contacts do not persist for more than seven days.
DATA VOLUNTARILY SUPPLIED BY THE USER
The optional, explicit and voluntary supply of personal data by the user in the registration forms present in this web site entails the following acquisition of the data supplied by the sender, needed to provide the service required. Specific summarizing Information Notices will be progressively shown or displayed in the pages of the web site created for particular services upon request. For other browsers, we recommend that you look for this option in the guide of the used software available, usually via the "help" menu item or the F1 key.
WHAT ARE COOKIES
Cookies are text files that are stored on users' computers (in the visitor's browser) to save user settings, customizations and monitor site usage.
TECHNICAL COOKIES
We use technical cookies to authenticate and manage the site, such as restricted areas and acceptance of cookies.
NAME / DESCRIPTION / DURATION (of possible cookies)
__cmpcccu* / Consent information in custom consent format/ Persistent
__cmpconsent* / Consent String of the IAB CMP Framework (TCF) v2 specific to a single account in the consentmanager.net platform / Persistent
__cmpcccu* / Consent information in custom consent format / 365 days
__cmpconsent* / Consent String of the IAB CMP Framework (TCF) v2 specific to a single account in the consentmanager.net platform / 14 days
__cmpcccu* / Consent information in custom consent format / Session
__cmpconsent* / Consent String of the IAB CMP Framework (TCF) v2 specific to a single account in the consentmanager.net platform / Session
_ga_* / used to uniquely identify users (Google Analytics) / 730 days
_ga / used to uniquely identify users (Google Analytics) / 730 days
_hjAbsoluteSessionInProgress / Used to detect the first pageview session of a user / 30 minutes
_hjFirstSeen / Identifies a new user’s first session / 30 minutes
_hjIncludedInSessionSample_2728804 / Set to determine if a user is included in the data sampling defined by the site's daily session limit / 2 minutes
_hjSessionUser_* / Ensures data from subsequent visits to the same site are attributed to the same user ID / 365 days
_hjSession_* / Ensures subsequent requests in the session window are attributed to the same session / 30 minutes
_hjTLDTest / Test cookies that enables HotJar to try to determine the most generic cookie path to use, instead of page hostname / Session
hjActiveViewportIds / Stores an expirationTimestamp that is used to validate active viewports on script initialization / Persistent
__cmpcccu* / Consent information in custom consent format / Persistent
__cmpconsent* / Consent String of the IAB CMP Framework (TCF) v2 specific to a single account in the consentmanager.net platform / Persistent
_hjLocalStorageTest / Checks if the Hotjar Tracking Code can use Local Storage / Persistent
brz-firstVisit / Stores the date when a user visits a website for the first time / Persistent
brz-lastVisit / Stores the date every time a user visits a website / Persistent
brz-pagesViewsInSessionTimeLine / Keeps track of the popups shown during the user’s visit to specific pages / Persistent
brz-pagesViews / Keeps a count of the number pages visited by the user / Persistent
brz-sessions / Keeps a count of the number of user sessions / Persistent
brz-showedPopupsInSessionTimeLine / Keeps track of if a popup was shown during a user session / Persistent
GOOGLE MAPS API
In some pages of the site we may use the Google map service that allows us to indicate the place where the company is located. Personal data collected by Google Map service are: Cookie e Usage data.
To consult the privacy policy of Google, relating to the Google Maps service, please visit: https://www.google.it/intl/it/policies/privacy/.
HOW TO DISABLE COOKIES
To refuse consent to the use of cookies on the site you can follow these guides related to the most popular browsers.
Internet Explorer: http://windows.microsoft.com/it-IT/windows7/Block-enable-or-allow-cookies
Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=it-IT&answer=95647&p=cpn_cookies
Mozilla Firefox: http://support.mozilla.org/it/kb/Bloccare%20i%20cookie?redirectlocale=en-US&redirectslug=Blocking+cookies
Apple Safari: https://support.apple.com/it-it/HT201265
THIRD PARTY COOKIES
Google Analytics
This is a web analytics service provided by Google, Inc. (hereinafter referred to as "Google") for the generation of website statistics; these cookies are masked by the IP address (so they are anonymized) thus limiting their identifying power. These are the names and description of the cookies used by Google Analytics.
NAME; DESCRIPTION; DURATION
_ga; used to distinguish users, it is used to generate statistics on the use of the website; 2 years
_gat; used to manage the Rate (frequency) of requests; 1 minute
_gid; used to distinguish users, it is used to generate statistics on the use of the website; 24 Hours
The information generated by the cookies about your use of the website (excluding your IP address) will be transmitted to and stored by Google on servers in the United States. Google uses this information for the purpose of tracking and reviewing the use of the website by users, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google's behalf. To view the privacy policy of Google, relating to the Google Analytics service, please visit: https://www.google.com/intl/it_ALL/analytics/learn/privacy.html To completely disable Google Analytics cookies, use the add-on provided by Google: https://tools.google.com/dlpage/gaoptout
LINKS TO OTHER WEB SITES
This web site could contain links or references for the access to other sites, such as for example the following social networks: Facebook, Instagram, Google+, Twitter and Pinterest. By clicking on the special links, for example, our contents can be shared. We inform you that the Data Controller doesn’t control the cookies or other monitoring technologies of such web sites to which this policy doesn’t apply.
LEGAL BASIS FOR PROCESSING
For each Data freely provided by the user through the forms present on the website, the Data Controller is legitimated to process the data because the processing is necessary to perform the pre-contractual measures requested by the user (art.6, par.1, lett.b) of the GDPR) or is legitimated because the user has given consent to a certain activity (art.6, par.1, lett.a) of the GDPR). Additionally, the Controller may process User Data where required by a legal obligation to which the Controller is subject, such as a request for information on online activities by competent authorities (art.6, par.1, lett.c) of the GDPR). Further information on the legal basis of the processing activities will be reported in the specific information provided for each data collection form.
OPTIONAL SUPPLY OF DATA
Apart from what has been specified for the surfing data, users are free to supply their personal data or not. However, the non-supply of them can entail the impossibility to obtain what has been asked.
PROCESSING METHODS
The personal data are processed even with the aid or automated devices. Specific security measures are taken in order to prevent the loss of data, the unlawful or wrong use of them and the non-authorized accesses. The Data Controller adopted all minimum security measures provided by the law and inspired to the main international standards. Besides, it adopted further security measures to minimize the risks on confidentiality, availability and integrity of the personal data collected and processed.
SHARING, COMMUNICATION AND DIFFUSION OF DATA
The collected data can be transferred or communicated to other companies for activities strictly connected and instrumental to the operativeness of the service, such as the management of the information system. The personal data provided by the users that submit requests of literature (brochures, etc.) are used only in order to execute the service or performance required and communicated to third parties only in case it is necessary for such purpose (companies providing enveloping, labelling, shipment services). Apart from these cases, personal data won’t be communicated unless there’s a contractual or legal provision, or upon specific consent by the Data Subject. Personal data could be transmitted to third parties, but only in case: a) There’s an explicit consent to share the data with third parties; b) There’s the need to share information with third parties in order to provide the service required; c) It’s needed in order to meet a request by the judicial or public security authorities. No data deriving from the web service are disseminated.
DATA SUBJECTS’ RIGHTS
The regulation protecting the personal data expressly provides some rights for the subjects to whom the data are referred (the so-called Data Subjects). In particular, pursuant to articles 15 and following ones of the EU Regulation 2016/679, each Data Subject has the right to obtain the confirmation of the existence of his/her data, to obtain the specification about the origin, purposes and methods of processing, the updating, rectification, integration of data, as well as their cancellation in case they are processed infringing the law or in case one of the reasons specified in article 17 of the EU Regulation 2016/679 should exist. Furthermore, you have the right to lodge a complaint with a supervisory authority in case you consider that the rights indicated above have not been recognized.
MODIFICATIONS TO THIS DATA PROTECTION POLICY
The Data Controller periodically controls its data protection and security policy and – if needed – reviews it in connection with modifications deriving from regulations or organization or dictated by the technological evolution. In case the policy should be modified, the new version will be published on this web page.
QUESTIONS, CLAIMS, SUGGESTIONS AND EXERCISE OF RIGHTS
Those who are interested in more information, who want to contribute with their suggestions or make a claim on the data protection policy or on the way our Company processes the personal data, or want to assert the rights provided by the data protection regulation, can contact the Data Controller, writing to NAUTILUS - NAVIGATION IN SPACE SRL, with headquarters in Viale Giuseppe Fanin, 48, 40127 Bologna (BO), Italy, email: privacy@spacenautilus.com
__________________________________________________________________________________________________________________________________________________________________________________________________________
Privacy information Notice Contacts
Pursuant to Article 13 of the EU Regulation 2016/679, we inform you that your Personal Data, provided by you to our Company, will be processed by NAUTILUS - NAVIGATION IN SPACE SRL as Data Controller, for the sole purpose of providing you with the information and assistance you requested. We also inform you that this data will be kept only for the time necessary to ensure a correct and complete reply (unless otherwise required by law). The legal basis for the aforementioned processing is to carry out activities of pre-contractual/contractual nature requested by the data subject. The provision of your Personal Data is not compulsory, however failure to provide data marked with * will prevent us from respond to your request. In case you provide to us your Personal Data, we inform you that your Personal Data will be processed only by authorised personnel pursuant to Article 29 of the GDPR. Your Data will not be disseminated but can be communicated to third parties authorized to the processing of such data, being in charge of carrying out or supplying specific services, strictly functional to the execution of your requests. Regarding the processing of the aforementioned data, pursuant to Article 15 et seq. of the EU Regulation 2016/679, we remind you the right to obtain the access of Personal Data concerning you; the right to obtain the rectification (correction of inaccurate data or integration), the right to erasure the Personal Data processed unlawfully or in case one of the reasons specified in Article 17 of the EU Regulation exists. Furthermore, you have the right to lodge a complaint with a supervisory authority in case you consider that the rights indicated above have not been recognized. To exercise the right set forth above, please contact the Data Controller, writing to NAUTILUS - NAVIGATION IN SPACE SRL, with headquarters in Viale Giuseppe Fanin, 48, 40127 Bologna (BO), Italy, email: privacy@spacenautilus.com
If you are applying for a job or sharing your Resume/CV:
Dear Candidate, pursuant to article 13 of the EU Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016 concerning the protection of natural persons with reference to the processing of their personal data, as well as the free circulation of such data (General Data Protection Regulation, hereinafter also called “GDPR” or “Regulation”), we inform you that the personal data you supplied to our Company – both before and during the employment – (hereinafter jointly called “Data”), in compliance with the above-referred regulation and with the confidentiality obligations to which the activity of our Company inspires – will be subject of the processing operations set forth in article 4 of the EU Regulation 2016/679. In particular, we’d like to inform you as follows:
Data Controller: The data controller is NAUTILUS - NAVIGATION IN SPACE SRL, with headquarters in Viale Giuseppe Fanin, 48, 40127 Bologna (BO), Italy, email: privacy@spacenautilus.com
Purposes and processing methods: The collection and processing of your data has as its purpose the management of the selection and recruitment of personnel. The Data will be processed by authorized personnel in accordance with Article 29 of EU Regulation 2016/679. The Data may also be collected from third parties, in which case it will be our responsibility to promptly inform you, as required by Article 14 of the GDPR. Some Data will be processed on behalf of the Company by third companies, bodies or professionals who, as outsourced treatment managers, perform specific processing services or
activities complementary to ours. The legal basis for the aforementioned processing is to carry out activities of pre-contractual/contractual nature requested by the candidate.
Compulsory or optional nature of the Data supply:
the supply of Personal Data for the aforementioned purposes is strictly necessary. Failure to provide the Data, in whole or in part, could prevent the selection of personnel or not make available information useful for the assessment of your application for available job positions.
Categories of personal data recipients:
The attainment of the purposes in question may also take place by means of transmission and communication of data to third parties, thereby meaning third parties authorized to the related processing of the data, as they perform or provide specific services strictly functional to the execution of the contractual relationship (also through continuous processing), such as IT services companies, companies that provide payment services, outsourcing companies, postal companies, consultants and freelancers, all in compliance with the provisions of the law on data security. In no case will your data be disseminated.
Transfer of personal data to a Third Country:
Your data won’t be transferred abroad
Storing Period:
The resumes received will be deleted at the end of the calendar year following the one of receipt; if you are still interested in proposing your application you will have to re-send.
Data Subject’s rights:
The current regulation recognizes several rights for the Data Subject, that we kindly ask you to consider carefully. Among them, we remind you the following right:
1. Access to the following information:
a. Purpose of the processing operations,
b. Categories of personal data in hand;
c. Recipients or categories of recipients to which such personal data have been or will be communicated, in particular if destined to third countries or
international organizations;
d. Existence of the Data Subject’s right to ask the Data Controller the rectification or cancellation of the personal data or the limitation of the processing of his/her personal data or of opposing their processing;
2. Rectification, that means:
a. Correction of wrong personal data without unjustified delay;
b. Integration of incomplete personal data, even providing an additional declaration;
3. Cancellation of his/her personal data without unjustified delay, if:
a. The data are no more necessary for the purposes for which they have been collected or processed;
b. A revocation of the consent is submitted and there is no further legal foundation for the processing;
c. You oppose the processing and there’s no prevailing legitimate reason to carry out the processing;
d. The personal data have been processed illegally;
e. The personal data have to be cancelled to meet a legal obligation;
f. The personal data have been collected for the service offer of the information company;
4. Limitation of the processing:
a. In case you question the exactness of personal data, for the period needed to the Data Controller to verify the exactness of such data;
b. When the processing is unlawful, and the Data Subject opposes to the cancellation of personal data and asks a limitation of their employment;
c. When the personal data are needed to the Data Subject for the ascertainment, exercise or defence of a right before the court, even if the Data Controller doesn’t need them anymore for the purposes of the processing;
d. If you oppose the processing by virtue of the opposition right;
5. Receiving a notification
in case of rectification or cancellation of personal data or processing limitation;
6. Data portability, that is the right of receiving your personal data in a structured and commonly used format - readable from automatic devices - and the right of transmitting such data to another Data Controller, in case:
a. The processing is based on the Data Subject’s express consent for one or more specific purposes or is carried out by virtue of a contract signed with the Data Subject, and
b. The processing is carried out with automated devices;
7. Opposition in any moment, for reasons connected with your particular situation, to the processing of your personal data.
In case you think that the rights here specified have not been recognized, you can submit a claim to the Supervisory Authority.
In order to exercise the above-specified rights, you can contact the Data Controller, sending a recorded delivery letter with advice of delivery to the above specified address