Privacy Policy
EU Regulation 2016/679
General Data Protection Regulation
Premise
With this policy, PLURIBUS ONE S.R.L., headquartered at Via Bellini n. 9, 09128 – Cagliari (hereinafter, for brevity, the “Company”) as the data controller, intends to inform users visiting the website www.pluribus-one.it (hereinafter the “Site”) about the policy adopted regarding the protection of personal data, emphasizing its commitment and attention to the privacy protection of the Site’s visitors (the “Users”).
Please read our Privacy Policy carefully, which applies both in cases of simple navigation within the Site and to related services. Navigation within the Site is free and does not require any registration.
If the visitor intends to provide their personal data to access such additional services, they will be expressly informed pursuant to the EU Regulation 2016/679 – General Data Protection Regulation (the “GDPR”) and the Legislative Decree n. 196 of June 30, 2003 – Code concerning the protection of personal data (the “Privacy Code”), with an indication (by way of example) of the purposes and methods of use of the data by the Company, as well as the right to request at any time the deletion or updating of the data.
A personal data is defined as “any information concerning an identified or identifiable natural person.”
Processing means “any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
By browsing the Site or using the email contacts provided on the Site, the User declares that they have read and understood this Privacy Policy.
Information on the processing of personal data
Pursuant to and for the effects of art. 13 and 14 of the GDPR, the Company provides the following information.
1. Identity and contact details of the Data Controller
The data controller of the personal data collected through the Site is:
PLURIBUS ONE S.R.L.
Via Bellini n. 9 09128 – Cagliari
P.IVA: 03621820921
Tel: __________
Fax: __________
Email: privacy[at]pluribus-one.it
Pec: pluribus-one[at]pec.pluribus-one.it
2. Types of personal data processed
No registration is required to access the Site. However, some services require providing personal data (e.g., to contact us, subscribe to the newsletter, etc.).
Moreover, to allow normal and efficient navigation and use of the Site, the Company will collect some personal data of Users related to the connection and navigation within the Site. Concerning navigation data collected through the use of “cookies,” see also point 10 regarding Profiling Tools.
Where necessary, the Company will acquire the User’s specific consent for the relevant use of data.
Here is an example of the type of information collected through the Site:
- Identification data: name, surname, address, etc.
- Contact data: residence address, email address, phone number.
- Connection data: IP address, device number/ID, data related to your internet connection and your service provider, the equipment used to access websites, your browsing history, and other technical and usage details.
3. Optional provision of personal data
Some personal data requested on the Site, such as name and surname, phone number, and email address, may be mandatory as they are necessary to access the services of the Site that you wish to use (for example, if you wish to submit an information request). Failure to provide the mandatory data will make it impossible for the Company to provide the requested service (for example, if the User does not provide their email address, the Company will not be able to proceed with sending the information request).
Failure to provide data marked as “optional” will have no consequence.
Users are required to provide only personal data that concerns them on the Site. If third-party personal data is indicated, Users must expressly declare and acknowledge that they have obtained the third party’s consent for the processing of the corresponding personal data by the Company or other data controllers.
4. Purpose and legal basis of the processing
User data is collected and processed for purposes strictly related to the use, management, and updating of the Site, the services offered within it, and its presentation to Users. The specific purposes of data use are detailed in this paragraph.
(a) Contacts
The data provided using the contact details made available on the site in the “Contacts” section, using contact services (via email, fax, phone, or postal mail) will be processed by the Company to respond adequately to Users’ information requests. The processing of data for this purpose does not require the Users' consent, as it is necessary for the execution of pre-contractual measures adopted at the request of the User (art. 6, para. 1, lett. b) of the GDPR).
(b) Recruiting
The data provided using the contact details made available on the site in the “Contacts” section, for professional candidacy purposes, will be processed by the Company for personnel search and selection activities and to respond adequately to the information requests of candidate Users.
Among the personal data provided by you for the above purposes (e.g., those contained in your CV), some may be classified as "special categories of personal data" (e.g., reasons for exemption from military service, disability status, membership in protected categories, membership in political, philosophical, trade union associations, etc.).
The processing of data for this purpose does not require the Users' consent, as it is necessary for the execution of pre-contractual measures adopted at the request of the User (art. 6, para. 1, lett. b) of the GDPR and in compliance with the provisions of the Data Protection Authority's resolution no. 146 of June 5, 2019, "Provision containing the prescriptions relating to the processing of special categories of data, pursuant to art. 21, para. 1 of Legislative Decree no. 101 of August 10, 2018").
(c) Marketing
Allow subscription to the update service – using automated and non-automated means, such as newsletters and emails – regarding the main news related to the Company's products and services, as well as conferences, webinars, and events.
In case of subscription to the “Newsletter,” the User will only receive commercial communications at the email address indicated during registration.
The processing of data for this purpose requires the Users' consent (art. 6, para. 1, lett. a) of the Regulation).
If the User is a customer of the Company, it may proceed, in compliance with art. 130, para. 4 of the Privacy Code, to send communications via email for direct marketing purposes of services similar to those used by the User (so-called “soft spam”), without prejudice to the possibility of objecting at any time to the sending of such communications, with the methods described in this information at point 11.
It is understood that failure to provide consent for purpose (c) will not affect the possibility of contacting the Company for any type of information or request or for the provision of the Company’s products and services.
We remind Users that any consents provided under this letter (c) may be revoked at any time and that Users may at any time object to such processing (i) (regarding Newsletters) according to the communication methods indicated in this privacy policy.
5. Processing methods
The processing of Users' personal data takes place through storage on electronic media, in compliance with current legislation and, in any case, in such a way as to ensure the security and confidentiality of the data and prevent unauthorized disclosure or use, alteration, or destruction.
6. Recipients of personal data
Users' data will come to the knowledge (limited to their respective areas of competence) of the personnel expressly authorized by the Company, pursuant to art. 29 of the GDPR.
Within the purposes indicated below, Users' personal data may come to the knowledge of the following third parties:
- Purpose: Contacts
- Recipients: The company responsible for managing the Company's information systems; (ii) companies providing the Company with instrumental services for managing the relationship with customers (e.g., management application providers).
- Purpose: Recruiting
- Recipients: The company responsible for managing the Company's information systems; (ii) companies providing the Company with instrumental services for managing the relationship with job candidates/aspiring collaborators (e.g., management application providers).
- Purpose: Marketing
- Recipients: (i) third parties responsible for managing the Company's information systems; (ii) companies providing the Company with instrumental services for managing the relationship with customers (e.g., management application providers); (iii) companies providing instrumental services for marketing activities (e.g., communication platform providers).
Where necessary, the Company has appointed the recipients of Users' personal data as data processors, pursuant to art. 28 of the GDPR. A list of all data processors can be requested by sending a communication to the contacts indicated below.
Users' personal data will never be disclosed.
7. Extra-EU transfers
Users' personal data will not be transferred to countries outside the European Union.
8. Retention period
Users' data will be retained for the time strictly necessary to achieve the purposes indicated in point 4 of the Privacy Policy and in compliance with the consents possibly provided. At the end of the retention period, the data will be destroyed or anonymized.
Specifically, the data will be retained according to the following terms:
- Purpose: Contacts
- Retention: The data will be retained for the time necessary to properly manage the User's request. In any case, Users' personal data will not be retained for more than 5 years from the information request.
- Purpose: Recruiting
- Retention: The data will be retained for the time strictly necessary to decide whether or not to proceed with your hiring, and in any case for no longer than recruitment needs. In any case, your personal data will not be retained for more than 1 year from receipt, after which the same data will be destroyed or anonymized.
- Purpose: Marketing
- Retention: The data will be processed in full compliance with the consents provided by the User until the consent is revoked, which can be done at any time by the User.
9. Links to other sites
This Privacy Policy is provided only for the website www.pluribus-one.it and not for other websites possibly consulted by the User through link connections possibly cited on the aforementioned sites. The Company cannot be held responsible for personal data provided by Users to external subjects or to any websites linked to this Site. In particular, the use of any tools offered by third-party platforms is subject to the terms, conditions of use, and privacy policy of those third parties without any liability being applicable to the Company.
10. Profiling and/or personalization tools
The Company does not engage in any promotional and/or advertising communication activities without the prior explicit consent of the User. The Site uses "cookies," both technical (i.e., to facilitate navigation and use of the Site) and profiling (i.e., to analyze Users and their navigation). For a detailed explanation of the cookies used by the Site and how to disable them, we invite Users to review our Cookie Policy.
Specifically, the Site uses analytical cookies created and made available by third parties through the application of measures aimed at not identifying the user (e.g., by masking the IP). These cookies do not require the acquisition of prior and explicit consent from the User as they are strictly necessary to provide the service requested by the Site User.
The Site does not use first-party profiling cookies.
The Site contains third-party profiling cookies.
For a detailed explanation of the cookies used by the Site and how to disable them, we invite Users to review our Cookie Policy.
11. Data subjects’ rights
By sending a communication to the address, the User can at any time exercise the rights under articles 15 to 22 of the GDPR, including knowing what data we are processing, how and for what purposes we use it, modifying the data provided or deleting it, asking us to limit the use of the data, requesting to receive or transmit the data, always with the possibility of revoking and/or modifying the consents to processing provided.
The User can also always object to the processing of their data carried out for marketing purposes. The Company does not currently engage in marketing activities and/or sending newsletters to Users.
In the event of the exercise of one of the rights provided by the GDPR, the Data Controller reserves the right to verify the User’s identity by requesting the submission of a photocopy of an identity document to verify the legitimacy of the request. Once the identity is confirmed, the received copy will be immediately destroyed.
Articles 15 to 22 of the GDPR recognize specific rights, including:
- Right to object to processing
The User has the right to object to certain types of processing of personal data, including processing based on the legitimate interest of the Company or processing carried out for direct marketing purposes where applicable and with explicit consent.
- Right to be informed
The User has the right to receive clear, transparent, and easily understandable information about how their personal data is used and how to exercise their rights.
- Right to access personal data
The User has the right to access their personal data (to the extent that it is subject to processing by the Company) and to request additional information about the processing at any time (e.g., which data concerning them is being processed, the purpose of the processing, the categories of data in question, the recipients or categories of recipients to whom the data is transmitted, the retention period or the criteria used to determine this period).
This way, the User will gain awareness and can verify whether the Company is using their personal data in compliance with current personal data protection legislation.
- Right to update and modify
The User has the right to obtain the rectification of their personal data, where it is inaccurate or incomplete.
- Right to erasure
Also known as the "right to be forgotten," it allows the User to request the deletion or removal of their personal data where there are no binding reasons for the Company to retain it.
There is no absolute right to deletion, which must therefore be balanced with the Company's needs (e.g., data that the Company is obliged to retain to comply with a legal obligation or for the establishment, exercise, or defense of a legal claim cannot be requested for deletion).
- Right to restrict processing
The User has the right to "block" or limit the further use of their personal data. If the processing is subject to restriction, the Company may still store the User's personal data but may not process it further. In case of the exercise of the right, the Company will prepare specific lists containing the details of those who have requested to limit the processing of their personal data, to ensure that the restriction is respected.
- Right to data portability
The User has the right to obtain their data in a structured, commonly used, and machine-readable format and to reuse it for their own purposes across various services.
This right is limited to data collected in the context of a contract with the User or based on the User's consent.
12. Complaint to the Supervisory Authority
If a User believes that the processing concerning them violates the provisions of the GDPR, they can always lodge a complaint with the Data Protection Authority (www.garanteprivacy.it), or the supervisory authority of the country where they usually reside, work, or where the alleged violation occurred.
13. Changes
The Company reserves the right to review, modify, or simply update, at its sole discretion, in any way and/or at any time, without notice, this Privacy Policy, also in consideration of changes in laws or regulations regarding the protection of personal data. The changes and updates to the Privacy Policy will be notified to Users as soon as they are adopted and will be binding as soon as they are published on the Site. Therefore, we invite Users to regularly access the “Privacy” section of the Site to verify the publication of the most recent and updated Privacy Policy.