EU Regulation 2016/679 on the "protection of individuals with regard to the processing of personal data and on the free movement of such data" (hereinafter "EU Reg. 2016/679" or "GDPR") contains a series of regulations aimed at ensuring that the processing of personal data is carried out in accordance with people’s fundamental rights and freedoms.
This policy governs the procedures followed by Avangarde Consulting S.r.l. regarding the processing of personal data carried out as the Data Controller (for the sake of brevity, hereinafter the "Controller" or "Avangarde") for personal data collected by browsing the Website www.avangarde.it (hereinafter also just the "Website") and belonging to anyone (the "Data Subjects") who interacts with this Website.
Data on identified or identifiable individuals may be processed if they consult this Website.
2. Data Controller and Data Protection Officer
Pursuant to Articles 13 and 14 of the GDPR, Avangarde Consulting S.r.l. (Tax Code and VAT No 01918120187) – with its registered head office at 27100 – Pavia (PV), Via Mario Ponzio, n. 20, in the person of its present legal representative, is the Data Controller and shall provide information on the processing of Data Subjects’ personal data.
Its contact details are as follows:
Telephone: +39 0382 175 2760
Certified e-mail: firstname.lastname@example.org
The Company has appointed a Data Protection Officer (the "DPO") who can be contacted at the following e-mail address:
3. Types of personal data and sources of data
Personal data may be freely provided by the User or, in the case of browsing data, automatically collected while browsing the Company’s Website.
Browsing data provided by the User’s computer
When connecting to the Website, the computer systems and software procedures used to run them automatically and indirectly send and/or acquire certain information (known as "cookies"). The processing of this data is required so that the Controller can guarantee the browsing experience and provide all the features and services through the Website. More specifically, only ASP.NET Authentication first-party technical cookies are found, which are used for logging in (just stored for the duration of the browser session) and for the language settings (stored for 2 months). However, you may restrict the processing of this personal data from your device or browser/browsing app. In this case, browsing of the Website might be restricted and some of its features/services might be inaccessible.
Data provided voluntarily by the visitor
Interacting with Avangarde through the form on the homepage involves entering your name, surname and contact e-mail address. Additional personal data, such as educational qualifications or work experience, may be freely provided in the text on the form to specify the information request sent more clearly.
"Racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union memberships, as well as genetic data, biometric data intended to uniquely identify an individual, data on the health or sex life or sexual orientation of the person" should not be indicated.
In terms of special data of disabled workers, in accordance with existing legislation on the employment of disabled people, please do not indicate any illness, and instead only indicate that you have these requirements.
You may also interact with Avangarde through the e-mail and telephone contact details published under the "Contacts" section of the Website (and/or in the "Contact us" section), which may involve the collection and processing of other personal data (for example, your e-mail address and additional personal data contained in the e-mail or freely provided over the phone).
The provision of data is optional; however, if you do not provide your data, it shall only mean that the Controller cannot process your data and consequently cannot provide information.
Users may then keep browsing the Work With Us and Members Area sections.
Under Work With Us, users may apply to open positions through the special form, providing personal data such as, but not limited to, their name, surname, telephone number, e-mail address, educational qualifications and work experience. They may also upload a file of their Curriculum Vitae on this form to facilitate selection and to make their application more effective. Please also remember to take into account the aforementioned considerations on sensitive data and disability status in this area. So that Avangarde can contact the candidate for other open job positions as well, or which will open up later on, and to provide their profile to client third-party companies of Avangarde that are looking for specific professional roles, users may agree with the special flag to their profiling by authorised staff (a non-automated decision-making process) and to sending the data provided to third parties.
The processing of personal data shall be done according to the purposes indicated below and in accordance with the principles of fairness, legality, transparency and protection of the Data Subject’s rights and privacy.
4. Purposes of the processing and legal grounds
The data collected shall be processed for the following purposes:
a) to answer the contact or information requests from sending messages to the Controller’s contacts on the Website or through the special form on the homepage;
b) to check the skills required for recruitment or to start a working collaboration with the Company, as well as, subject to consent, for related or instrumental purposes for carrying out staff searches and recruitment, including non-automated profiling and sending it to Avangarde’s client third parties;
c) to fulfil obligations required by law, regulations and EU legislation.
The legal grounds for the processing are:
- the purpose under letter a) and b) to carry out required pre-contractual/contractual activities (Article 6, par. 1, letter b), EU Reg. 2016/679) and based on the consent freely granted for related or instrumental purposes for carrying out staff searches and recruitment (Article 6, par. 1, letter a);
- the purpose under letter c), fulfilling a legal obligation of the Data Controller (Article 6, par. 1, letter c), EU Reg. 2016/679).
The provision of data, as well as sending it to the categories of subjects indicated under par. 7, is not compulsory, but if Data Subjects refuse to provide their ordinary data, it shall not be possible for the Company to answer the contact or information requests and/or to fulfil legal obligations.
5. Processing methods
The processing of personal data shall be done through manual, IT and online tools using methods strictly related to the purposes declared in this document and, in any case, in such a way that guarantees the security and confidentiality of this data in accordance with existing legislation. If processing is done electronically or not and with management and storage systems also with cutting-edge hardware and software, Avangarde may use third-party service companies which shall be informed of their responsibilities with notification of their appointment as a Data Processor pursuant to Article 28 of the GDPR. The updated list of Data Processors is stored at the Controller’s registered head office and can be accessed upon request by the data subject.
6. Data retention period
The data collected shall be stored for a period of time no longer than required to fulfil the purposes for which it was processed ("principle of limitation of data retention", Article 5 GDPR), notwithstanding compliance with a legal obligation or an order from the authorities. Whether or not the data stored has become obsolete in relation to the purposes for which it was collected is checked periodically. At the end of the retention period, personal data shall be deleted, destroyed or anonymised, subject to any retention periods provided for by law. Therefore, when this period expires, the right to access, deletion, amendment and the right to data portability may no longer be exercised.
7. Categories of subjects to whom data may be disclosed
In certain cases, carrying out related and/or instrumental activities for handling requests shall require the Controller to disclose the Data Subject’s personal data to external companies or organisations. Data Subjects’ personal data may be made accessible for the aforementioned purposes:
- to the Controller’s employees and partners, in their capacity as individuals authorised for processing and/or sub-processors and/or system administrators;
- to third parties or other subjects (purely by way of example and not limited to, the company that handles users’ personal data and manages the computer systems which this data is stored on) who may also carry out outsourced work on behalf of the Controller, in their capacity as Data Processors;
- subjects whose rights to access data are recognised by legal provisions. Any subjects belonging to the categories to whom data may be disclosed shall process this data and use it, depending on the circumstances, in their capacity as Data Processors expressly appointed by the Controller pursuant to law or, rather, as independent Data Controllers.
- subject to the data subject’s consent, data shall be disclosed to Avangarde’s client third-party companies that are looking for specific professional roles.
8. Processing location
Data shall be processed by the Data Controller within the European Union at its registered head office located at 27100 – Pavia (PV), Via Mario Ponzio, n. 20.
9. Transferring personal data outside the EU
Data Subjects’ personal data is stored on servers located at the Controller’s registered head office or on the cloud on European servers in accordance with existing legislation and which Avangarde may not transfer to countries outside the EU.
If it is necessary for technical and/or operational reasons to use subjects located outside the European Union, these subjects shall be appointed Data Processors and the transfer of personal data to these subjects, limited to carrying out specific processing operations, shall be governed in accordance with the provisions of the GDPR. In this case, the Controller shall henceforth ensure that the transfer of data outside the EU is governed in accordance with the provisions of Chapter V of the Regulation and authorised based on specific decisions by the European Union. All necessary precautions shall therefore be adopted in order to ensure full protection of personal data, basing this transfer on: a) decisions regarding the adequacy of the recipient third-party countries made by the European Commission; b) adequate guarantees made by the recipient third party pursuant to Article 46 of the Regulation; c) the adoption of binding corporate rules.
10. Data subject rights
Data Subjects have the right to ask the Data Controller, where possible, for:
a) access to their personal data;
b) the amendment or deletion of this data or the restricted processing of it;
c) the objection to processing;
d) data portability;
They also have the right to:
e) withdraw their consent to personal data processing;
f) file a complaint with the Supervisory Authority (in Italy, this is the Garante Privacy).
11. How to exercise these rights
To exercise the aforementioned rights, Data Subjects may contact the Data Controller by registered letter with acknowledgement of receipt at Avangarde Consulting S.r.l., Via Mario Ponzio, n. 20, 27100 – Pavia (PV), or by e-mail at the address: email@example.com
Alternatively, Data Subjects may contact the Data Protection Officer at the e-mail address: firstname.lastname@example.org
Minors under the age of 16 must not provide personal data or information to the Company without consent from authorised people or their legal guardians. Without this consent, it shall not be possible for minors to send requests through the Website. Avangarde invites all authorised people and legal guardians of minors to inform them about safe and responsible use of the Internet and the Web.
13. Data Protection Officer – DPO
The General Data Protection Regulation (known by the acronym GDPR), officially Regulation (EU) No 2016/679, requires the appointment of a Data Protection Officer (known by the acronym DPO). The Avangarde DPO is:
Le Vele Servizi Srl
VAT No 02760560181
The Data Controller reserves the right to make amendments to this policy at any time, providing information about them to Users on this page. We therefore ask you to consult this page regularly, taking the date of the latest amendment indicated at the bottom as a reference. If Users do not accept the amendments made to this Policy, they should inform the Data Controller and may request that their personal data is removed. Unless specified otherwise, this Policy shall continue to apply to personal data until it is collected.
Pavia, January 2022