INFORMATION PURSUANT TO ARTICLE 13 OF EU REGULATION (EU) NO. 679/2016 (‘GDPR’)
This privacy notice describes which of your personal data are collected by BlueThink S.p.A., for which purposes and how they are processed. Below you will also find the necessary information to enforce your rights provided for by GDPR.
In general, we collect your personal data when you email us, through the use of website https://www.bluethink.it/ (hereinafter ‘Website’) and when interacting with us through our social pages on Twitter and LinkedIn (hereinafter “Social“). We hereby inform you that the personal data collected during such procedures will be processed in order to reply to your requests, to allow you to benefit from the services offered on the Website, as specified below.
- Who processes your data: Data Controller
BlueThink S.p.A., Tax code 10120610018, with registered office in in Piazza San Carlo 197 – 10123 Torino, Italy, email@example.com, (hereinafter ‘BlueThink’ o ‘Data Controller’, which may also be referred to with the expressions ‘we’, ‘us’ or ‘our‘) is the controller of the processing of your personal data.
- Which data we process – Type of processed data
Your contact data. We will retain the contact details you provide us with (e.g., name, last name, e-mail address) when you contact us or when you contact us through our Social, as public comments or private messages.
Information on the use of the Website. Your use of our Website implies the processing of the browsing data and the device that you are using and your IP address (i.e. the number that identifies a specific device connected to the internet and is required in order for your device to communicate with websites). Moreover, BlueThink may analyse the website you browsed from, what you did and what you did not do on our Website.
- Where do we get your data – Data collection methods:
Directly from you. For instance, if you decide to contact us through Website or Social. If you do not provide us with your data, you will not be able to use the services on the Website.
- Why and for how long we process your data – Purpose and legal basis for data processing; data retention period
- a) To respond to your requests received through e-mail contacts or through Social. BlueThink may use your data to respond to your requests received by e-mail or received through our Social, as public comments or private messages. Moreover, BlueThink may use your personal data when you send us an e-mail to submit your application. Only in such case, BlueThink will provide you with a specific privacy notice regarding processing of your personal data contained in your curriculum vitae.
The legal basis of such data processing is the performance of your request.
The retention period of your data in relation to this processing is equal to the time necessary to process your request.
- b) To prevent or control unlawful conducts or to protect and enforce rights. For instance, we may use your data to prevent infringement of our intellectual property rights (e.g., counterfeiting of our trademarks and/or our partners’) or theft (including but not limited to credit card cloning) or other unlawful acts, as allowed by applicable law.
The legal basis for such data processing is the legitimate interest of BlueThink.
The period of retention of your data is equal to the time reasonably necessary to enforce our rights from the moment we become aware of the offence or the potential commission of it.
- Nature of the provision of personal data
For the purposes of subparagraphs from a) and b) above, the provision of data is necessary to allow us to comply with your requests.
- Where your data are processed – transfer of data
Data shall be processed and stored at the offices of BlueThink and of its suppliers within the European Union. Personal data may also be communicated to third-party service providers – duly appointed as data processors pursuant to art. 28 of the GDPR – which have their registered office outside of the European Union as well.
Only with regard to the data collected on our Social, these will be stored on the aforementioned platforms, according to the privacy policies of each social network, which we recommend you consult.
- Who we share your data with – recipients of personal data
Provided that, where required by law, we will obtain your prior consent and comply with any formalities required by law, we may share your data with third parties, such as our service providers, although in such a case we shall enter into an agreement pursuant to art. 28 of the GDPR aimed at protecting your data. These parties shall only be in possession of the data required to perform their functions and shall only use them for the purpose of providing services on behalf of the Data Controller or complying with the law. You may find out the details of such data processors, pursuant to Article 28 of the GDPR, by contacting BlueThink.
Where permitted or required by law, BlueThink may also share the personal data requested by a government agency or by another authorised third party or organisation, in order to protect or enforce its rights or those of third parties, or to limit or prevent fraud and other offences.
Our Website is not intended for minors under the age of 18, but for adults. If you are a parent or guardian and you believe that your child may have sent us some personal data, please contact us.
- Security Measures
We adopt the security measures required by law.
We adopt security measures in order to protect your data. The standard security measures that we use depend on the type of data that we process, and such measures meet the requirements provided for by law and by the standards of European government agencies.
- Your rights
You may contact BlueThink in order to request the access to, the rectification or erasure or restriction of the processing of your personal data, to object such processing and to request the portability of your data; you may also withdraw your consent at any time (and this shall not affect the lawfulness of the processing based on consent granted before such a withdrawal).
When you exercise your right of access, you have the right to know whether your data is being processed or not, as well as the purpose of the processing, the categories of data being processed, the recipients or categories of recipients who your data have been disclosed with (and, if they are located in a third country, the guarantees in place), the retention period of your data (or the criteria in order to determine such a retention period), whether an automated processing is being carried out or not (e.g., through profiling), the logic involved behind such a processing, and the source of the data (when not initially collected by BlueThink).
You have the right to lodge a complaint with the competent Supervisory Authority and to request to the Data Controller, at any time, information about the data processors and the parties that are authorised by the data controllers to process your data.
You may exercise your rights by contacting BlueThink at the above-mentioned addresses.
You can also exercise your rights, in relation to the processing of personal data carried out through our Social, by contacting each social network in accordance with their respective privacy policies.
- What happens if we amend this Policy
Version updated to 11/05/2021