Spea Engineering S.p.A., hereinafter Spea, as Owner of the treatment, hereby provides the following information on the processing of the data of users navigating its website www.spea-engineering.it (hereinafter “Website”) pursuant to art. 13 of Legislative Decree 196/2003 – Personal data protection code – hereinafter the Code. For that purpose, this page describes how the Website is managed, as it relates to visitors.
Website pages may contain links to the web pages of third parties. However, this data security declaration does not extend to them. This information is only provided for the Spea website and not for other websites that may be accessed via links.
1. PROCESS CONTROLLER
Spea Engineering S.p.A., company coordinated by Atlantia S.p.A., with registered office in Rome, Via A. Bergamini 50, 00159, tax code, Rome company Register and VAT number 00747280154 and R.E.A. n. 261257.
2. DATA PROVIDED VOLUNTARILY BY USERS/VISITORS
No personal data is acquired by the Website unless knowingly provided by the User. If, on connecting to the Website, users/visitors send their personal data to submit their curriculum vitae by visiting the section “Join us”, or want to explore the possibility of entering into business relations with Spea (i.e. as supplier) by sending their personal data.
3. DATA PROCESSING METHODS
Spea will make the processing of personal data in conformity with the provisions contained in the Code, limited to the specific purposes for which it was communicated, in accordance with the principles of correctness, lawfulness, transparency and protection of privacy.
The personal data will be collected and processed in hard and soft copy, stored for a period of time not exceeding that necessary for the purposes for which they are collected or treated before being deleted and may be disclosed for the same purposes processed by Atlantia group companies.
4. DATA CONTROLLERS
Spea has identified the following controllers:
• Person in charge for the international/national business development;
• Person in charge for the works supervision for road/highway infrastructure;
• Person in charge for the works supervision for the airport infrastructure;
• Person in charge for Human Resources;
• Person in charge for the Services for “Servizi per l’Esercizio”;
• Person in charge for the Operational Management Technique and ” Direzione Operativa Tecnica e Progettazione “;
• Person in charge for the Purchase Department;
• Person in charge for the Legal Department, Corporate and Insurance;
• Person in charge for Organization and Information Systems;
• Person in charge for the Management Control;
• Person in charge for Office Information Systems – System Administrator;
• Person in charge for the Accounting Department.
The complete list is constantly updated and available at the registered office of Spea.
Spea collects technical information on Website User navigation.
In particular, during normal operations, the computer and IT systems and software procedures used to operate the Website, acquire certain data transmitted implicitly when using web communication protocols or useful to manage and optimize the system.
This data is only used to obtain anonymous statistics on the use of the Website, to check it is operating correctly.
A cookie is a short string of text sent to the User’s browser and possibly saved on the person’s computer. Cookies are generally sent each time a person visits the website. Each cookie is unique, related to the browser and the device used to access the Website. In general, their purpose is to improve how the Website works and the experience had by the User when he/she visits it.
5.1 SYSTEM COOKIES AND TECHNICAL COOKIES
The so-called “Technical Cookies” are those used to improve Website use quality based on the characteristics of the browser used or, alternatively, on any other tool used to access the internet. These cookies allow the User to navigate the website and use its features, for example, to gain access to its secure areas.
Without these cookies, it might not be possible to provide authentication services and a correctly functioning Website. These cookies are not defined by Spea, but in some cases are generated and used automatically by the software platforms used.
However, they are to be considered as having the sole purpose of general website functionality.
5.2 THIRD PARTY COOKIES
The provider AddThis provides users with tools to share articles or pages of the site through social media platforms.
AddThis may refer to social platforms, each of which has its own conduct about privacy.
For more information the User can go to the following pages:
• Block the acceptance of cookies by AddThis.com
Please note: No advertising cookies, also known as “Profiling cookies” are used.
5.3 HOW TO DISABLE COOKIES ON YOUR BROWSER
Visitors may modify browser settings to block cookies or be alerted when they are sent to the device. They should refer to the browser instructions manual or help screen to find out how to regulate or modify browser settings.
The following are provided as an example:
– Internet Explorer http://windows.microsoft.com/it-it/windows7/block-enable-or-allow-cookies
– Safari https://www.apple.com/legal/privacy/it/cookies/
– Chrome https://support.google.com/accounts/answer/61416?hl=it
– Firefox https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
– Opera http://help.opera.com/Windows/10.00/it/cookies.html
For different devices or browsers, the visitor must make sure that each device browser is set correctly to respect the User’s cookie preferences.
If a User should choose to disable all cookies – even those needed, then both functionality and performance will be affected and this could cause navigation problems on the Spea Website.
6. RIGHTS OF DATA SUBJECTS
The data subjects to whom the personal data relates have the right to obtain confirmation of the existence or not of that data, to be informed of its content and origin, verify its accuracy, or request additions, updates or amendments (Article 7 of the Code). Pursuant to the same article, data subjects have the right to request the cancellation, transformation into an anonymous format, or restriction of any data processed in breach of the law, and object to processing, in all cases, for legitimate reasons. Requests must be sent to the email address firstname.lastname@example.org.
Any additional information7clarification can be required at Spea Engineering S.p.A., via Vida 11, 20127 Milan.
Section 4: Definitions
a) ‘Processing’ shall mean any operation, or set of operations, carried out with or without the help of electronic or automated means, concerning the collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilization, interconnection, blocking, communication, dissemination, erasure and destruction of data, whether the latter are contained or not in a data bank;
b) ‘Personal data’ shall mean any information relating to natural or legal persons, bodies or associations that are or can be identified, even indirectly, by reference to any other information including a personal identification number;
f) ‘Data controller’ shall mean any natural or legal person, public administration, body, association or other entity that is competent, also jointly with another data controller, to determine purposes and methods of the processing of personal data and the relevant means, including security matters;
g) ‘Data processor’ shall mean any natural or legal person, public administration, body, association or other agency that processes personal data on the controller’s behalf;
i) ‘Data subject’ shall mean any natural or legal person, body or association that is the subject of the personal data;
l) ‘Communication’ shall mean disclosing personal data to one or more identified entities other than the data subject, the data controller’s representative in the State’s territory, the data processor and persons in charge of the processing in any form whatsoever, including by making available or interrogating such data;
Section 7: Right to access Personal Data and Other Rights, Legislative Decree 196/2003
1. A data subject shall have the right to obtain confirmation whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed about:
a) the source of the personal data;
b) the purposes and methods of the processing;
c) the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) the identification data concerning data controller, data processors and the representative designated as per Section 5 (2);
e) the institutions or categories of institutions to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. A data subject shall have the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been unlawfully processed, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations a) and b) have been notified, as also related to their contents, to the institutions to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part:
a) for legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
Section 29: Data Processor
1. The data processor may be designated by the data controller on an optional basis.
2. Where designated, the data processor shall be selected among entities that can ensure, on account of their experience, capabilities and reliability, thorough compliance with the provisions in force applying to processing as also related to security matters.
3. If necessary on account of organizational requirements, several entities may be designated as data processors also by subdividing the relevant tasks.
4. The tasks committed to the data processor shall be detailed in writing by the data controller.