PRIVACY NOTICE FOR THE SITE AND COOKIES PURSUANT TO THE GENERAL REGULATION ON DATA PROTECTION (GDPR- GENERAL DATA PROTECTION REGULATION) NO. 679/2016

BETACOM S.R.L.
Registered Office: Via Nicola Fabrizi, 44 – 10143 – Turin (TO)

Operational Office: Corso Svizzera, 185 – 10149 – Turin (TO)

This notice intends to inform visitors to the website (hereinafter referred to as “User” and “Interested Party”) of the management methods regarding the processing of their personal data, as prescribed by articles 13 and 14 of EU Regulation n.2016/679 (hereinafter, General Data Protection Regulation, “GDPR”) and by current legislation.

These are the contents of the Privacy Notice:

INTRODUCTION

DATA CONTROLLER

COLLECTION OF PERSONAL DATA AND LEGAL BASES

PURPOSE OF PROCESSING

SECURITY OF PERSONAL DATA

DATA RETENTION PERIOD

INTERNATIONAL DATA TRANSFER

SHARING OF PERSONAL DATA

OBLIGATION TO PROVIDE DATA AND POSSIBLE CONSEQUENCES IN CASE OF REFUSAL

TYPE OF PERSONAL DATA COLLECTED

DATA PROTECTION OFFICER

DATA PROTECTION RIGHTS

CHANGES TO THE PRIVACY NOTICE

CANCELLATIONS, OBJECTIONS, AND CORRECTIONS

INFORMATION ON THE PRIVACY POLICY

1. INTRODUCTION

The protection of personal data is an opportunity for shared and transparent compliance between BETACOM S.R.L. (hereinafter, also “Company”) and the User who entrusts their personal data to it.

It is the responsibility of BETACOM S.R.L., in fact, to protect them, preserve them from potential damage, keep them, and dispose of them according to the processing lines related to the ongoing relationship with the User.

“Personal data” – also referred to as PII, Personally Identifiable Information – means data relating to identification details, in case of registration for the request for services, and those that identify browsing data on the site applying systems of control, security, and data analytics.

“Processing” means any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, retention, adaptation, or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison, or interconnection, limitation, cancellation or destruction.

2. DATA CONTROLLER

BETACOM S.R.L. is the Data Controller of personal data, and it can be contacted at the following certified email address betacom@pec.it, or by writing to the following email address: amministrazione@betacom.it

BETACOM S.R.L.

Via Nicola Fabrizi, 44 – 10143 – Turin (TO)

The Controller decides on the purposes and methods of processing personal data, as well as their security and the tools used.

3. COLLECTION OF PERSONAL DATA AND LEGAL BASES

The Controller processes personal data relating to the User when at least one of the following conditions is met:

the User reads and accepts the terms indicated in this notice and in all those more specific provided as an annex but, when necessary, is invited to give their informed consent to the processing for one or more specific purposes that require such explicit authorization (for example, upon submission of their CV and related data in the company database of BETACOM S.R.L. section “Work with us” or “Betacom Academy” program;

processing is instead essential and therefore legitimately carried out without the need for specific consent when it is aimed at providing services, thus executing a contract with the User;

processing is also necessary when it aims to comply with a legal obligation to which the Controller is subject.

The BETACOM S.R.L. website collects user data in the following ways:

data collected automatically, that is, data transmitted indirectly by the User when browsing the site and thus leaving digital footprints of their passage (IP, browser, network provider name) that are recorded by servers for reasons mainly of security, control, and data analysis;

data provided voluntarily and optionally, meaning data transmitted directly by the User intending to register on the site and its services.

BETACOM S.R.L. guarantees that the collected data is also relevant and not excessive so that this process takes place according to legality and correctness, meaning for processing purposes, explicit and legitimate.

Data processing takes place with both paper and IT tools, both respecting security, storage, and accessibility criteria and procedures, within the restricted scope of the expressed purposes.

The legal basis for processing is the expressed consent of the interested party to process their personal data for one or more specific purposes highlighted in this Notice. Moreover, the Controller can exercise a legitimate interest to defend their rights in legal proceedings in cases of complaints or disputes with the Interested Party.

BETACOM S.R.L. targets subjects who have the legal, fiscal, and contractual capacity, hence minors are excluded.

4. PURPOSE OF PROCESSING

User data is collected from the website for the following purposes:

to contact the User to provide them with information of interest;

to present and promote the Company’s activities;

to promote the site’s services and offers by sending commercial messages;

to establish working relationships with spontaneous candidates for positions currently or periodically open at Betacom Srl; (e.g. “Work with us” and “Betacom Academy” Program)

to develop personalized services based on the needs of the User;

to manage the registration and sending of the site’s newsletter and other information services (in the case with specific request for consent);

to enable interaction with social platforms, blogs, and forums;

to promote participation in events and initiatives;

to collect user feedback on the satisfaction of services;

to carry out statistical analyses on browsing related data;

to facilitate communication and the exchange of experiences with users;

to provide assistance on services;

to collect user feedback to improve the site;

to inform authorities of possible fraud, illegalities, and improper behaviors;

to comply with legal obligations.

5. SECURITY OF PERSONAL DATA

BETACOM S.R.L. treats personal data with scrupulous attention and for this reason adopts security and protection measures in strict observance of the GDPR and in line with ISO 9001 and ISO 27001 standards.

Moreover, BETACOM S.R.L. implements valid and appropriate practices and techniques aimed at ensuring the following conditions in all processing processes:

–   confidentiality, that is, protection from unauthorized access;

–   integrity, to prevent loss or damage;

–   availability, in order to ensure the User continuous access to their data.

Even in the case of information being transferred to trusted third parties for the purposes indicated in this Notice, it is the Company’s care and concern to ensure that they also adopt similar security, technical, and operational measures, according to the same criteria outlined above.

6. DATA RETENTION PERIOD

Data is processed and stored for the time necessary to carry out services and related processing, according to the purposes described in this document.

For all other purposes related to legal obligations, data retention allows for a time period that does not exceed that necessary and required to fulfill such obligations.

The data retention period of personal data and company information, therefore, is determined based on these criteria:

nature and purpose of data processing;

regulatory compliance;

potential disputes regarding complaints;

management of services related to the site (selection and training of candidates for job positions EXCLUSIVELY in the company context of BETACOM S.R.L.) – for a maximum period of 5 years from the last transmission/collection/spontaneous sending of CV by the interested party.

Upon expiration of all projected terms, the User’s data will be cancelled and destroyed according to appropriate technical procedures and in accordance with the best practices of Information Security.

7. INTERNATIONAL DATA TRANSFER

As of now, BETACOM S.R.L. does not make any international data transfers to third countries outside the European Union.

In light of the continuous changes and expansions of the business beyond European borders, it may happen that even business processes involving users’ personal data may be subject to transfers to third-party providers in other non-EU countries.

Consequently, users’ data may in the future be shared and/or transferred to third-party providers in these countries.

If the international transfer of data takes place, it would occur in accordance with the legitimacy requirements laid out by the articles of the aforementioned Regulation, existing privacy laws, and procedures governing the transfer itself; in this case, the Controller adheres to the conditions described in CHAPTER V (Transfers of personal data to third countries or international organizations – articles 44, 45, 46, 47, 48, 49, 50), without prejudice to other provisions of this regulation. All provisions of this chapter shall be applied to ensure that the level of protection of natural persons guaranteed by the GDPR Regulation is not compromised.

8. SHARING OF PERSONAL DATA

The personal data of the interested party will not be shared with other parties except in cases where sharing is mandatory, otherwise consent is optional, explicit, and voluntary.

Access to the data may be granted to some internal processing personnel for all necessary administrative and operational activities for internal services: this involves personnel from areas of BETACOM S.R.L., such as administration, human resources, legal affairs, and information systems.

This may also happen by some external parties, such as service providers, as Data Processors.

The Controller ensures training for all those who, within the organization, access the data under its authority in accordance with the specifics of the processing in progress.

For third-party subjects designated as Data Processors, BETACOM S.R.L. follows GDPR rules in this matter, ensuring that they are compliant and adequate to existing regulations.

9. OBLIGATION TO PROVIDE DATA AND POSSIBLE CONSEQUENCES IN CASE OF REFUSAL

The User during browsing and using the site’s services may choose to provide their personal data or not give consent.

Any total or partial refusal would compromise the correct execution of activities related to the provision of services from the Internet site, resulting in the impossibility to provide such services.

10. TYPE OF PERSONAL DATA COLLECTED

Regarding data collected automatically, it involves information recorded on the site’s servers and stored in “log files”, in detail:

IP, “Internet Protocol” address;

parameters of the device used to connect to the site (PC, tablet, smartphone);

anonymous tracking of consulted pages and clicks made;

name of the internet service provider (ISP);

type of browser;

date and time of start and end of browsing;

referrals from the incoming webpage and those of exit;

recording of cookies (for details, refer to the notice “Cookie Policy - Extended notice on the use of Cookies”).

The collected data is used in aggregate form and solely for statistical purposes, to allow the Company to carry out market analyses related to the management and development strategies of the site.

The IP address, which identifies the device connecting to the internet, is processed for security purposes excluding aggregations with other data that can identify the User.

Regarding data voluntarily and optionally provided, instead, the User of the site may request the start of contacts to receive informational material by providing their personal data and the related consent for processing. This processing is necessary for the provision of services offered by the site (consideration of applications for open job positions or future interest) and occurs through the use of forms or registration formats filled out by the User in which they input their personal and identifying data, including the email account and other contacts, specifically the academic/professional CURRICULUM VITAE as in the case the user refers to or responds to the section “work with us”. (see, below, the specific notice directed to “CANDIDATE COLLABORATORS and/or NEW HIRES”)

11. DATA PROTECTION OFFICER

The Controller has appointed a Data Protection Officer (DPO) pursuant to art. 37.1.b GDPR Mr. Massimiliano Calzia, who can always be contacted via our offices (Controller contacts) and/or by writing to the email address: m.calzia.dpo@gmail.com

12. DATA PROTECTION RIGHTS

It is the right of the Interested Party (art. 15 GDPR) to know the existence of their personal data collected and processed by the Controller, thus knowing its content and origin, verifying its accuracy, and possibly modifying it, integrating it with other information, requesting its deletion or transformation into anonymous form, blocking its use in the case of a presumed legal violation or even definitively opposing the processing.

All requests for information and any complaints regarding data processing can be sent to the Controller and/or to the Data Protection Officer (DPO) at the addresses provided in this Notice.

13. CHANGES TO THE PRIVACY NOTICE    

This Notice is subject to possible amendments and updates in order to adapt to changes in national and/or community regulations, or to adapt to technological innovations or for organizational reasons of BETACOM S.R.L. therefore it will be its diligence to inform the User accordingly by sending communications using the available corporate communication tools or by promptly updating this notice and the site’s interaction tools (registration forms, cookie consent software, extended cookie notice, etc.).

Changes, such as the current one due to compliance with the new GDPR code, will continue to apply the rules in force unless the interested party is opposed to the proposed changes and requests the cessation of treatments and consequent deletion of their data.

The User is nevertheless invited to independently and periodically check the status of updates of this Notice, and in any case consult it every time they are informed of any changes.

14. CANCELLATIONS, OBJECTIONS, AND CORRECTIONS

At any time, the User may request the correction, opposition, in whole or in part, and the revocation of the processing of their data, and, if necessary, obtain their deletion.

After the retention periods indicated above, the User's personal data will still be deleted and destroyed through appropriate technical procedures.

The cases of cancellation are thus the following:

the personal data are no longer necessary following the termination of the relationship with the Controller;

the interested party revokes consent;

the interested party opposes the processing;

the retention periods have expired.

According to articles 13 and 14 of the GDPR, the Interested Party has the right to file a complaint with a supervisory authority.

15. INFORMATION ON THE PRIVACY POLICY

The Data Controller is responsible for this Privacy Policy (Notice).
The date of the last revision is 31/05/2023.

PRIVACY NOTICE regarding the protection of personal data

of CANDIDATE COLLABORATORS and/or NEW HIRES

(addressed also to participants/participants in the “BETACOM ACADEMY” program)

PURSUANT TO
THE GENERAL REGULATION ON DATA PROTECTION
(GDPR- GENERAL DATA PROTECTION REGULATION) NO. 679/2016

BETACOM S.R.L.

Corso Svizzera, 185 – 10149 – Turin (TO)

Phone: 0114332064                             E-Mail: betacom@pecbetacomonline.it

Dear Candidate (following the spontaneous submission of your CV),

BETACOM S.R.L. before acquiring your personal data for the purpose of search and selection of candidates, invites you to carefully read the information regarding the protection of personal data.

1. DATA CONTROLLER

BETACOM S.R.L. is the Data Controller of personal data, and it can be contacted at the following email address betacom@pecbetacomonline.it or by phone at 0114332064, or by writing to the following address:

BETACOM S.R.L.

Corso Svizzera, 185 – 10149 – Turin (TO)

The Controller decides on the purposes and the methods of processing personal data, as well as their security and the tools used and has duly appointed a DPO/RPD (Data Protection Officer) Mr. Massimiliano Calzia, who can be contacted through our offices and at the email address: m.calzia.dpo@gmail.com.

2. NATURE OF THE DATA, PURPOSE OF PROCESSING, AND LEGAL BASIS

Personal data, identifying and curricular, as well as possibly sensitive/special according to art. 9 GDPR, that you will provide to the Controller by including them in your CV are collected for the purposes of research and selection of candidates.

When submitting your curriculum, you may voluntarily provide data qualifying as “special categories of personal data” (i.e. data revealing “racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, genetic data, biometric data intended to uniquely identify a natural person, data related to health or sexual life or sexual orientation”). We therefore invite you not to provide “special” data except for those you deem necessary to allow BETACOM S.R.L. an adequate assessment of your application. The processing of any special data relating to your person (with particular reference to belonging to protected categories) will be subject to your explicit consent to be given at the bottom of the registration form on the website.

3. NATURE OF THE PROVISION

You are free to provide your data by filling out the registration form and/or sending your CV (also “spontaneously”). However, providing your personal data is mandatory to evaluate your profile, as well as necessary and essential to achieve the described purposes, particularly for proper and efficient management of the selection procedure. Any refusal to provide such data would thus result in the impossibility of managing the relationship with you and the impossibility of a potential inclusion in our company's workforce.

The consent you have provided is revocable at any time, remaining the legitimacy of the processing carried out before the revocation. The revocation of consent can be communicated via email to the following address: hr@betacom.it

4. ACCESS TO DATA

For the pursuit of the aforementioned purposes, your data may be made accessible

• to employees of the Controller who need it for the tasks performed or for the hierarchical position held. Such subjects will be appropriately trained to avoid loss, access to data by unauthorized subjects, non-compliant processing with the expressed purposes;

• to third parties that the Company may use for the evaluation and selection of candidates who perform outsourcing activities on behalf of the Controller (e.g. labor consultants), in their capacity as external data processors having signed a specific contract detailing the processing entrusted to them and the obligations regarding data protection.

The updated list of Data Processors and authorized subjects can be requested from the Controller.

5. COMMUNICATION AND DISCLOSURE

We inform you that the data collected in this context will never be disclosed, published, exhibited, or made available/consulted by undetermined parties.

6. DATA RETENTION PERIOD

The Controller reserves the right to keep your CV in its archives, unless you indicate otherwise, in order to contact you later for the opening of additional job positions, remaining your right to request at any time the deletion of data from the same archives. We point out that, in compliance with the principles of limiting purposes and minimizing data, pursuant to art. 5 GDPR, the retention period of your personal data is determined for a period not exceeding 5 years from the submission of your CV or from the date of the last update of the same provided to us, unless the establishment of an employment relationship and/or collaboration.

7. METHODS OF PROCESSING

The processing of the data you provide will be based on the principles of correctness, legality, and transparency. The Processing will be carried out in automated and/or manual form, using methods and tools that respect the security measures provided for in art. 32 of the GDPR, by expressly authorized persons, in compliance with what is foreseen in art. 29 of the GDPR, in order to pursue solely the purposes for which they were collected.

The Controller does not adopt any automated decision-making processes, including profiling, referred to in art. 22, paragraphs 2 and 4 of EU Regulation no. 2016/679.

8. DATA TRANSFER TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION

Personal data are processed within the European Union and stored on servers located there. It is understood that the Controller, where necessary, will have the right to transmit such data to a third country or to an international organization and/or to move the servers also outside the EU. In such case, the Controller ensures from now that the transfer of extra-EU data will occur in compliance with applicable legal provisions (art. 44 of the Privacy Code and art. 46 et seq. of the GDPR).

9. RIGHTS OF THE INTERESTED PARTY

The EU Regulation 2016/679 (arts. 15 to 23) grants interested parties the exercise of specific rights. In particular, in relation to the processing of your personal data, you have the right to request from BETACOM S.R.L., contactable at the email address hr@betacom.it, access, rectification, cancellation, limitation, opposition, and portability.

Additionally, you may file a complaint with the Supervisory Authority, which in Italy is the Guarantor for the Protection of Personal Data.