Gi Group

Privacy GDPR


PRIVACY NOTICE PURSUANT TO ARTT. 13 AND 14 OF THE REG. (EU) 2016/679 ("GDPR")


We provide You with the information requested by the GDPR concerning the processing of personal data You provided when filling out the form on the Social Commitment webpage managed by Gi Group S.p.A. (hereinafter also referred to as " GI").

We inform You - pursuant art. 14 of the GDPR - that if your message is related to other companies belonging to the corporate group - other than GI - the latter will transmit it for its correct management to that company, which will process Your personal data as controller or similar role under applicable law.


IDENTITY AND CONTACT DETAILS OF THE CONTROLLER

Gi Group S.p.A. , Piazza IV Novembre 5, 20124 Milano, tel. +39 02444111, e-mail: it.privacy@gigroup.com


CONTACT DETAILS OF THE DATA PROTECTION OFFICER ("DPO")

You can contact the DPO at the email address:dpo@gigroup.com


PROCESSING PURPOSES

Why is your personal data being processed?

LEGAL BASIS

What is the basis that makes the processing lawful?

DATA RETENTION

How long do we keep your personal data?

To carry out Corporate Social Responsibility ("CSR") activities and, in particular, to gather feedback from the stakeholders in order to improve the policies of GI and/or the other companies of the corporate group, especially in the area of social commitment.

The consent You expressed by submitting the above-mentioned form ("acceptance by conduct").

For as long as it is necessary to manage Your message and, in any case, no longer than 12 months.

Once the above data retention terms have expired, data will be destroyed or anonymized, compatibly with the technical timing required for erasure and backup.

 

THE PROVISION OF DATA

The provision of data highlighted with an asterisk in the form is necessary for the correct management of Your message. Otherwise, it will not be possible to submit it.


CATEGORIES OF RECIPIENTS TO WHOM DATA MAY BE DISCLOSED

Data are processed by the controllers' employees - belonging to the departments in charge of pursuing the above-mentioned purposes - who have been expressly authorized to process them and have received adequate operating instructions.

In addition, as mentioned above, if the message is related to another company of the corporate group, personal data contained therein will be disclosed to that company, established in Italy or abroad, including outside the European Economic Area ("EEA"), which will process them as controller for the same purposes highlighted above. The list of companies and their contact details can be found here.

Data may be processed, on behalf of the controllers, by third parties, appointed as Processors pursuant to art. 28 of the GDPR, carrying out activities that are functional to the purposes pointed out above (e.g., companies providing IT services).


DATA TRANSFERS OUTSIDE THE EEA

Where the company receiving Your message is established outside the EEA, your personal data will be transferred to that "third country". In particular, Your personal data may be transferred:

  • to countries benefitting from an adequacy decision pursuant to art. 45 of the GDPR, such as Argentina e Switzerland ;
  • to countries which are not benefitting from an adequacy decision pursuant to art. 45 of the GDPR, such as Brazil, China, Colombia, Hong Kong, India, Montenegro, Russia, Serbia, United States of America, Turkey, relying on standard contractual clauses adopted by the European Commission under art. 46.2, lett. c) of the GDPR and, if necessary, the implementation of supplementary measures to level up the data protection, also in light of what the European Data Protection Board ("EDPB") specified in the Recommendations 1/2020, taking into account the implications of the judgement of the Court of Justice of the European Union in case C-311/18 Data Protection Commissioner / Facebook Ireland and Maximilam Schrems (so called "Schrems II")

You may obtain more information or a copy of the "appropriate safeguards" by contacting GI at it.privacy@gigroup.com


DATA SUBJECTS' RIGHTS

You shall have the following rights, as well as any right under GDPR:

  • to obtain the confirmation as to whether or not personal data concerning You are being processed, and, where that is the case, access Your personal data and the information referred to in art. 15;
  • to obtain the rectification of inaccurate data;
  • to have incomplete data completed;
  • to obtain the erasure of data in the cases provided for by art. 17;
  • to obtain restriction of processing in the cases provided for by art. 18;
  • where the processing is based on consent or contract and is carried out by automated means, to receive the data in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided ("right to data portability").

You shall have the right to lodge a complaint with the competent supervisory authority in the Member State of Your habitual residence, place of work or place of the alleged infringement.

In order to exercise Your rights, You can contact GI by sending a written communication to the above address or an e-mail to it.privacy@gigroup.com