- Data controller and related contact details
BIOMEDICA ITALIA S.R.L. having its registered office in
Milan, Via T. A. Edison, 6 – 20057 Assago,
tel. +39 02 495403 40,
fax +39 02 495403 50,
VAT n. IT11408800966,
PEC: Biomedica_italia@pec.it (“Company” or “Data Controller”).
- Categories of personal data processed
2.1 Navigation Data
We collect the following Data through the services used by the user.
This category of Data includes IP addresses or domain names of the computers used by users connecting to the Site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user. This Data is used only for statistical information (it is therefore anonymous), to check the correct functioning of the Site, and is deleted immediately after processing. The Data may be used to ascertain responsibility in the event of hypothetical computer crimes against the Site. Except for this possibility, the Data on web contacts do not persist for more than 7 days.
2.2 Data provided voluntarily by the user
The Website offers to users the possibility to voluntarily provide personal information through, for example, filling in the “Contacts” and “Work with us” forms on the Website.
- Services offered by the Website
Below is an illustration of the services offered by the Site. For each of the services offered, the following are indicated: the purposes of data processing, the legal basis for data processing and the data retention period.
4.1 Contacts section
Inside the Website there is the “Contacts” section. This section allows users to submit their requests of information to the Company. In order to provide this service, is necessarily required to the user to provide the following personal data: name, surname, e-mail address, company, country. Any further personal data may be provided in the text of the message. Failure to fill in the mandatory fields marked with an asterisk (*) will not allow the data subject to forward the request for information.
If the data subject wants to request any information by telephone, the personal data requested by the operator will be processed exclusively for the purposes indicated below.
Purpose of processing: to provide a reply to requests for information submitted by the user.
Legal basis of the processing: art. 6, paragraph 1, letter b) of the GDPR, “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract “.
Retention period: the personal data will be retained for a period not exceeding 12 months from the moment they are provided.
4.2 “Work with us” section
The Website offers the user the possibility to submit an application to join the Company. For the purposes of personnel research and selection, the data subject is required to enter the following personal data: name, surname, e-mail address, Curriculum Vitae, country.
The Curriculum Vitae may contain special categories of data, regulated in accordance with art. 9 of the GDPR (data revealing the health status or trade union membership). Any additional personal data may be provided in the text of the message. Failure to fill in the mandatory fields marked with an asterisk (*) will not allow the data subjects to submit their application.
Purpose of the processing:
- Personnel research and selection;
- Verify, also through specialized companies, that the data provided are true using public information (including professional social network profiles, databases, web registers or multimedia archives accessible to the public). The processing, in compliance with the provisions indicated by the Art. 29 Working Party in the “Opinion on data processing at work”, is limited to information related to the professional attitude to work, necessary for the only purpose of evaluating the specific risks related to the type of activity to be performed by the candidates, carried out to the least intrusive extent possible, adopting all necessary measures to ensure a fair balance between the legitimate interest of the employer to control and the fundamental rights and freedoms of the candidates.
Legal basis of the processing:
- Art. 6, paragraph 1, letter b) of the GDPR, “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract “.
With reference to the special categories of Personal Data, these will be processed only when this is necessary in order to allow the fulfilment of the obligations and specific rights of the Data Controller, or of the Data Subject, in matters of labour law, social security and social protection (e.g. obligation to employ persons belonging to protected categories, pursuant to Law no. 68/99, preventive medical examination in the pre-assumptive phase,, pursuant to Legislative Decree no. 81/2008, etc.). The requirement that makes the processing lawful is that set forth in art. 9, paragraph 2, letter b) of the GDPR, i.e. the need to fulfill the obligations and specific rights of the Data Controller, or of the data subject, in the field of labor law, social security and social protection;
- art. 6, paragraph 1, letter f) of the GDPR, “processing is necessary for the purposes of the legitimate interests pursued by the Data controller”.
Retention period: personal data will be retained for 24 months after they are provided.
- Further purposes of the processing
As part of the processing of personal data carried out through the Website, the Data Controller pursues the following further specific purposes:
4.1 Compliance with a legal obligation
The Data Controller, where necessary, processes personal data of data subjects, collected through the Website, in order to ensure compliance with legal obligations, regulations and EU rules to which it is subject.
Legal basis of the processing: Art. 6, paragraph 1, letter c) of the GDPR “processing is necessary for compliance with a legal obligation to which the controller is subject”.
Retention period: the personal data will be retained for the period strictly necessary to allow the Data Controller to comply with legal obligations to which it is subject.
4.2 Ascertain, exercise and defend the rights in court proceedings
The Data Controller, where necessary, processes the personal data of the data subjects, collected through the Website, in order to ascertain, exercise and/or defend the rights of the Company in court proceedings and/or whenever the courts exercise their judicial functions.
Legal basis of the processing: Art. 6, paragraph 1, letter f) of the GDPR “processing is necessary for the purposes of the legitimate interests pursued by the Controller”.
Retention period: the personal data will be retained for the whole duration of the litigation, until the expiration of the terms of appeal.
- Data communication
Your personal data may be communicated to external parties operating as independent data controllers, for example: authorities and supervisory bodies and, in general, public or private parties entitled to request such data.
The data may also be processed by external parties designated as Data processors (pursuant to art. 28 of the GDPR), who carry out specific processing activities on behalf of the Data Controller, such as, by way of example:
- companies offering e-mail delivery services;
- companies offering website maintenance services;
- companies offering recruitment services.
Your Personal Data will not be transferred outside the EU. In any case, it is intended that, if necessary, the Data Controller may also transfer personal data to countries outside the EU, guaranteeing from now on that such transfer will be carried out in compliance with the applicable legal provisions and therefore stipulating, if necessary, specific agreements that guarantee an adequate level of protection of personal data, or in any case adopting the standard contractual clauses provided by the European Commission for the transfer of personal data outside the EU.
- Provision of data
The provision of your data, in relation to fields marked with an asterisk (*), is necessary for the purposes of research and selection of the candidates. Your refusal to provide your Data would preclude the Companies from carrying out the above-mentioned activities.
With particular regard to the Special Categories of Data, if not strictly necessary, we ask you not to provide this type of information. Otherwise, if you decide to provide it, we would like to inform you that the processing of these particular categories of data will be carried out by the Data Controller only if necessary, to achieve the above mentioned purposes, according to the pro-tempore authorisations in force regarding the protection of Personal Data and the provisions of articles 113 of the Legislative Decree 196/2003 and 9, paragraph 2, letter b) of the GDPR.
- Parties authorised to process data
Your Personal Data will be processed by employees and/or collaborators of the Data Controller/Data Processor assigned to the pursuit of the purposes indicated above, who have been expressly authorised to the processing and who have received adequate operating instructions.
- Withdrawal of consent and rights of the data subjects
Contacting the Company:
- by ordinary mail, to the following address:
- BIOMEDICA ITALIA S.R.L. Via T. A. Edison, 6 – 20057 Assago (MI)
- by e-mail, at the following e-mail address:
Data subjects can ask the data controller for access to the data concerning them, their cancellation, correction of inaccurate data, integration of incomplete data, limitation of processing in the cases provided for by art. 18 GDPR, as well as opposition to processing in the case of legitimate interest of the data controller.
Furthermore, if the processing is based on consent or contract and is carried out by automated means, the data subjects have the right to receive the data in a structured, commonly used and machine-readable format and, if technically feasible, to transmit them to another data controller without hindrance.
The data subjects have the right to lodge a complaint with the competent supervisory authority in the Member State where they habitually reside or work or in the State where the alleged infringement has occurred.