Privacy Policy
Information on the processing of personal data of website users pursuant to Article 13 of EU Regulation No. 2016/679 (“GDPR”)
The company GICO spa, pays the utmost attention to the security and confidentiality of the personal data of website users: https://gico.it/en/ and wishes to provide them with information on the processing of their personal data.
1. Data controller
The data controller is GICO, with registered office in Via IV Novembre, 81 31028 Vazzola, Treviso – Italy
For any request regarding the processing of personal data, as well as to exercise the rights recognised by the GDPR and better described in point 7 below, you can contact the Company at the e-mail address: info@gico.it or pec: gico@pec.gico.it or telephone number +39 0438.4444.
2. For what purposes does the company process personal data
Through the Website, the Company collects some personal data referring to Users, either voluntarily provided by them or collected in the normal operation of the same, which are processed for the purposes described below.
The Website also makes use of cookies and other tracking tools. Please refer to the cookie policy available on the Website, for further related information as well as to manage your preferences in this respect at any time.
| Purpose of processing | Categories of data processed | Legal basis and conferment | Storage period | |
| 1 | Handling of information requests submitted by the User through the appropriate section on the Site. The Company may process the User’s personal data in order to execute a contract or pre-contractual measures, to manage and respond to requests for information submitted via the section on the Site. | First and last name Telephone number Any personal data in the subject line and message sent | Fulfilment of a contractual obligation or execution of pre-contractual measures (Art. 6 (1)(c) GDPR). The provision of personal data is obligatory; failing this, the Company will not be able to respond to the User’s requests. | Up to 6 months from the feedback provided to the User. |
| 2 | Management of the User’s candidature submitted in the “Work with us” section. The Company may process the User’s personal data for the purpose of managing the User’s spontaneous application submitted by him/her in the “Work with us” section of the Site. in the “Work with us” section of the Site. | First and last name Contact details Data contained in curriculum vitae | Execution of pre-contractual measures (Art. 6 (1) (b) GDPR. | Up to 6 months. |
| 3 | Defending one’s rights. The Company may process personal data for the defence of rights in the course of judicial, administrative or extrajudicial proceedings and in the context of disputes arising in connection with the Services. | Depending on the case, personal data collected for purposes 1 to 2 will be processed. | Legitimate interest of the Company in the protection of its rights (Art. 6 (1) (f) GDPR). A new and specific contribution is not required as the Company will pursue this further purpose, where necessary, by processing the data collected for the above-mentioned purposes. | The time necessary to pursue the protection of the right. |
| 4 | Fulfilling legal obligations. The Company may process personal data in order to fulfil its obligations under laws, regulations or EU legislation, provisions/requirements of authorities empowered to do so by law and/or supervisory and control bodies. | As required, personal data collected for purposes 1 to 2 will be processed. | Fulfilment of a legal obligation (Art. 6 (1) (c) GDPR). The provision of personal data for this purpose is compulsory as failure to do so will make it impossible for the Company to fulfil specific legal obligations. | The time required to process the request. |
3. How we keep personal data secure
The Company takes appropriate security measures in order to ensure the protection, security, integrity and accessibility of Users’ personal data. Appropriate security measures are designed to prevent unauthorized access, disclosure, modification or destruction of personal data.
All personal data are stored on the Company’s protected computer devices (or appropriately stored hard copies) or on those of our suppliers, and are accessible and usable according to our standards and security policies (or equivalent standards for our suppliers).
4. How long we keep personal data
The Company retains the User’s personal data only as long as necessary to fulfill the purposes for which it was collected or for any other legitimate related purposes.
Personal data that is no longer needed, or for which there is no longer a legal basis for its retention, will be irreversibly anonymized or securely destroyed.
If the processing of personal data fulfills more than one purpose, it will be deleted or anonymized as soon as the retention period related to the last purpose has expired.
5. With whom we may share personal data
Personal data may be accessed by duly authorized employees of the Company, as well as external suppliers, appointed as necessary as data processors, who provide support for the delivery of services.
You can contact the Company at the following email address: info@gico.it or pec: gico@pec.gico.it, to ask to see the list of data processors and others to whom we disclose data.
6. Transfers to third countries
The Company informs you that your Personal Data will be processed exclusively within countries belonging to the European Union (EU) or the European Economic Area (EEA).
7. Data protection rights and the right to make complaints before the Supervisory Authority
Each User has the right to request from the Company, subject to the existence of the legal prerequisite underlying the request:
a) access to personal data, as provided for in Article 15 of the GDPR;
b) rectification or integration of personal data in the possession of the Company deemed inaccurate, as provided for in Article 16 of the GDPR;
c) the deletion of personal data for which the Company no longer has any legal basis for processing, as provided for in Article 17 of the GDPR;
d) the restriction of the manner in which personal data are processed, if any of the cases provided for in Article 18 of the GDPR apply;
e) the copy of the personal data provided to the Company, in a structured, commonly used and machine-readable format and the transmission of such data to another data controller (so-called portability), as provided for in Article 20 of the GDPR;
f) revocation of consent, where the processing is based on such legal basis.
Right to object: in addition to the rights listed above, the User is always entitled to object at any time to the processing of personal data carried out by the Company in pursuit of its legitimate interest.
The exercise of these rights, which can be done through the Company’s contact details indicated in point 1, is free of charge and is not subject to formal constraints. It will be the responsibility of the Company to verify that the User is entitled to exercise the relevant right and to give feedback, as a rule, within one month.
In the event that the User believes that the processing of his or her personal data takes place in violation of the provisions of the GDPR, he or she has the right to lodge a complaint with the Guarantor for the Protection of Personal Data, using the references available on the website www.garanteprivacy.it, or to take appropriate legal action
Date last updated: September 2023