INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 12, 13, 14 OF THE GENERAL DATA PROTECTION REGULATION (GDPR)
This page reports how the site is managed with regard to the processing of the personal data of the users who consult it. By visiting the site, you accept the terms and conditions below.
This policy is provided only for the site https://nativalab.com/ and not for other websites, pages or online services that can be reached through links via our site that may be consulted by the user.
In accordance with our transparency policy, we provide you with the following information in order to make you aware of the characteristics of the data being processed and the processing methods used when your data is provided.
The Information is provided pursuant to Articles 13 and 14 of EU Regulation 679/2016 (GDPR) (hereinafter referred to as “Regulations”) and in accordance with Italian law pursuant to Article 13 of Legislative Decree n. 196 on 30 June 2003 “Personal Data Protection Code” as amended and supplemented by Legislative Decree n. 101 on 10 August 2018.
The content of the page is also guided by Recommendation n. 2/2001 that the European committee for the protection of personal data, the Working Party established by Article 29 of Directive n. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the modality, timing and nature of the information that owners must be met when users connect to web pages, regardless of the purpose of the connection, and Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector.
NATIVA, as a benefit corporation and certified B corporation, aims to create a positive impact on society, the biosphere, and the economy according to the principles of sustainability.
NATIVA is the Data Controller for the purposes exclusively regarding the processing of data which is explained in the sections of this policy.
The Data Controller undertakes to ensure that the processing of data referring to an individual (hereinafter “Data Subject”) is based on the principles of correctness, legitimacy and transparency, and the protection of the privacy and rights of the interested party.
The Data Controller will proceed to process your personal data in compliance with legislation, with the utmost care, implementing effective management procedures and processes to ensure the
protection of the processing of personal data for which you have given your consent, undertaking to adopt adequate measures to prevent unauthorised access or disclosure, as well as to maintain the accuracy of the data and to ensure its appropriate use.
1 – IDENTITY AND CONTACT DETAILS
The “Data Controller” is:
– Nativa S.R.L. Benefit Society
Registered office: Piazzale Clodio, 22 – 00195 – Rome
email address: [email protected]
2 – WHAT DATA WE PROCESS
The information that concerns you as the Data Subject, and that is subject to processing in the event of its provision:
– data provided voluntarily by the user: the sender’s contact information, such as the email address sent spontaneously to the site’s contact addresses, involves the acquisition by the
Data controller, of the sender’s address, which is necessary in order to reply to requests, as well as any other personal data, including attachments, included in the message. A case in
– browsing data: during the use of the site and for its day to day use, the computer systems acquire data that by their nature do not have an identifying function, but which could assume it in limited cases when processed or associated with data in third party possession. This category includes, for example, IP addresses, URI addresses (Uniform Resource Identifier) of the resources requested, such as the time of the requests, the characteristics of the device used, the size of the files exchanged or other types of information. This is anonymous or aggregate data that does not ordinarily allow you to be identified and is used to identify anomalies and problems.
– Cookies, as further described below.
Cookies are text strings created by a server and stored on the device used by the user to access the Internet in order to be reconsidered on subsequent internet accesses by the same device. They may involve the transmission of information between the website and the device used, and between the latter and other sites operating on behalf of the Data Controller, or privately, in accordance with the provisions of their respective privacy policies.
The cookies that may be used on this site fall into the categories outlined below.
Technical cookies for navigation and functionality: Technical Cookies allow ease of use of the site and an easier information retrieval, simplifying the connection and data transmissions between the User and the site.
In particular, temporary and permanent navigation or session cookies are used: ensuring normal navigation and use of the site by allowing, for example, the saving of information related to navigation, storing data to keep the browsing session active and/or save information related to the settings for browsing the site itself; these cookies also allow the site manager to monitor its proper functioning through the analysis of data traffic, through information in the form of data collected in an anonymous and aggregate form. The installation of such cookies, which are automatically deleted when the browser is closed, does not require the prior express consent of the User who, at any time, can limit or block cookies through the settings of their browser. Where, however, the User decides to refuse these cookies, some of the site’s services may not be displayed correctly or may not function optimally, in particular, operations to identify the User and maintain their identification within the session may be more complex and less secure.
Analytical cookies: (legal basis for processing: consent) through these cookies the Data Controller collects statistical information on access and navigation methods (e.g. the time the User spends on a page, the most visited sections, etc.) in order to analyse and constantly improve the experience of using the services. Analytical cookies can be blocked by the User, through the browser settings, without the usability of the site being compromised or limited. The Google Analytics service is used
to generate statistics on the use of the website (for example, on the use of services, most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.). Google
Analytics, in order to carry out these activities, does not collect personal data, as all users’ IP addresses are anonymised as soon as they are received by the network and before being stored or
Targeting cookies: (legal basis for processing: consent) these cookies store data on the device relating to the User’s activities on the site visited and are used to create profiles based on the User’s preferences. This data makes it possible to personalise the advertising on the site, making it similar to the User’s interests, and also making it possible to personalise the ads on third-party services. Third-party cookies, social buttons and widgets: when you visit a website you may receive cookies from sites run by third parties other than the operator of the site you are visiting (e.g. Google for its Google Maps service). On the site it is also possible to find social buttons/widgets, i.e. ‘badges’ representing the icons of social networks (e.g. Facebook, Twitter and LinkedIn). These ‘bagdes’ allow Users to reach and interact directly with social networks. By clicking on the social buttons/widgets, the social network acquires data relating to the User’s visit. Outside of these cases, where it is the User who spontaneously wishes to share his or her browsing data with the chosen social networks with the click, the owner does not share any of the User’s browsing information or data acquired
through the site with the social networks reached through the Social buttons/widgets.
The management of personal data collected by third parties is governed by the relevant disclosures available on their respective websites:
– Youtube: https://support.google.com/youtube/answer/2801895?hl=it
– Google: https://policies.google.com/technologies/product-privacy?hl=it
– Linkedin: https://www.linkedin.com/legal/privacy-policy?_l=it_IT
– Facebook: https://www.facebook.com/about/privacy
– Instagram: https://help.instagram.com/196883487377501
– Twitter: https://twitter.com/it/privacy
– Eventbrite: https://www.eventbrite.it/support/articles/it/Troubleshooting/informativa-sulla
CONSENT TO THE PROCESSING OF COOKIES
When the User visits the site for the first time, the user will see a popup with an explanation of Cookies. As soon as the User clicks on “Save preferences”, the user consents and gives permission to
use the categories of Cookies indicated in the preferences. Consent will only be required for analytical and third-party Cookies. Technical-functional Cookies, as they are necessary for the proper functioning of the site, may be used without the need for the User’s consent.
3 – TYPE OF DATA PROCESSED, PURPOSE OF PROCESSING, LEGAL BASIS AND MINORS
The optional, explicit and voluntary sending of messages to the contact addresses indicated on the site such as the mailboxes [email protected], [email protected], [email protected], as well as the completion and forwarding of forms on the site involve the acquisition of your contact
data (email) necessary to respond to requests and, by way of example and not limited to your data (such as: name, surname, age, email, city, curriculum vitae, area of interest) necessary to follow up on your information request, reply to job offers published on the site and/or sending of job applications, subscription to the dedicated mailing list for journalists, for all of the above mentioned data, with the request for information and subscription to the project, you give your consent pursuant to art. Art. 6 (1)a GDPR.
NATIVA does not collect and does not receive, with the exception of activities related to the research and selection of personnel, for which you are invited to read the following explanations, the so-called ‘sensitive data’ as defined by art. 9 of the GDPR, i.e. data revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs, or trade union membership, nor process the genetic or biometric data intended to uniquely identify an individual, data relating to the health or sexual life or sexual orientation of the person. Therefore, the sending of data belonging to this category will be your sole responsibility as the Data Subject and will be processed only when explicit consent is provided by the Data Subject, and in any case the Data Controller reserves the right to delete such data.
The communication of the data is an essential requirement for the performance of the services requested. Failure to provide personal data will block the provision of the services requested, and navigation of the site itself may also be affected.
However, it is always possible to ask the Data Controller to specify the concrete data processing protocol.
Your data will be processed for the following purposes depending on the consent given by you:
1. Provision of the information and services that you request regarding the activity of NATIVA in general such as, including but not limited to, the principles that inspire NATIVA’S actions and what NATIVA can concretely do together with you to implement the regeneration process. The personal data collected for this purpose will be processed insofar as it is necessary to execute pre-contractual measures upon your request and/or to execute a contract to which you are a party to (art. 6, par. 1b;
such processing is necessary, therefore, failure to provide your personal data will not allow us to provide the information and/or the service that you have requested.
2. Execution of activities relating to the search and selection of personnel through the phases described on the site and specifically the evaluation of professional profiles and skills, and with advancement in the selection process, the definition of the individual development and career plan, training on NATIVA’s corporate culture, models and tools. The personal data collected for this purpose shall be processed insofar as necessary to perform pre-contractual measures at your request and/or to execute a contract to which you are a party to (art. 6, co. 1b) and also for the fulfilment of a legal obligation (art. 6 co. 1c); such processing is necessary, therefore, failure to provide personal data will not allow us to provide the information and/or service you have requested.
3. Provision of services requested by the Data Subject as a journalist, such as for example, inclusion on the mailing list for NATIVA’s press release launches and the possibility to take advantage of related services, such as participation in promoted projects. The personal data collected for this purpose will be processed as far as necessary to perform pre-contractual measures at your request and/or to execute a contract to which you are a party to pursuant to Art. 6, para. 1b.
4. Data Controller’s legitimate interest related to : the analysis and improvement of its services; carrying out statistical and/or market research and development activities, also the data analysis from the use of services; to defend its rights during judicial, administrative or extrajudicial proceedings, and in the context of disputes arising in relation to the services offered; in the case of extraordinary company operations, or administrative (e.g. invoicing), accounting and tax fulfilment. Personal data collected for this purpose will be processed for the pursuit of the legitimate interest of the Data Controller (Art. 6, para. 1f)
5. Generic marketing limited to our products and/or services similar to those you already enjoy or have enjoyed, through sending you commercial communications on NATIVA’s promotional activities carried out offline, online (internet/social media) and any other means suitable to communicate the
professional activity, carried out through textual/photo/audio/video material via internet, mailing,
web and social media (ex. Facebook, Linkedin, Twitter, Youtube, google +, etc.) or on traditional media relating to the activities/initiatives managed by the Data Controller; these promotional activities may contain data, images and/or audio/video of the Data Subject collected through interviews, case studies, events, etcetera. Notwithstanding the latter point, the right to object at any time and the provisions regarding minors involved in the processing of data are not affected. Personal data collected for this purpose will be processed for the pursuit of the legitimate interest of the Data Controller on (Art. 6, para. 1f).
6. Provision of commercial communications upon your consent, using your data to inform you, through but not limited to, automated contact tools (e-mail, SMS, push notifications and/or other online media communication, including on social networks, and by telephone) about our commercial, cultural, training, and event organisation initiatives, to carry out market research and to
send advertising material. The processing of this data for this purpose can only take place on the basis of your free, specific, informed and unequivocal consent; the provision of your data for this purpose is not necessary for the provision of the services you have requested, however, failure to provide your consent – or its revocation, if initially provided – will prevent you from receiving the communications listed in this paragraph. We would like to remind you that, if you fail to provide or withdraw your consent, you will still be able to receive commercial and promotional
communications relating to products and/or services similar to those you have already subscribed to, for which the processing is based on a legitimate interest of the Data Controller as indicated in the previous paragraph.
7. We may use, for dissemination and promotional purposes in relation to NATIVA’s activities, the data, images and/or audio/video footage concerning you, provided by you or acquired during NATIVA’s public events, through interviews, case studies, etc. The legal basis for the processing is your Consent, given pursuant to section 9a; therefore, without your Consent (which is optional), the images/audio/video recordings may not be used or will be rendered unrecognisable.
It may happen that during the personnel search and selection phase, the Data Controller, through the acquisition of your Curriculum Vitae by means of the email contact box indicated on the website and/or the completion of the dedicated form, collects and processes ‘sensitive data’ categories as defined in Art. 9 of the GDPR and listed above, and which, for example, indicate that you belong to a protected category; for the processing of this type of data, we inform you that your explicit consent is required by the GDPR. In any case, please note that this data will only be processed in cases that are strictly necessary for the purposes arising from legal obligations, and in any case, in compliance
with the regulations.
In the event of the establishment of an employment relationship or the activation or execution of an apprenticeship between us, your personal data and that of any of your family members (which may also include special and judicial data) will also be processed for all the other purposes specified in the dedicated information sheet.
The Services offered by the Data Controller through the navigation of the site as Information Society Services are aimed at persons aged 14 years or older pursuant to art. 8 of the GDPR and art. 2d of the C.d.P. novated by Legislative Decree. 101/2018, therefore if you are under 14 years old we will need the consent and/or authorisation of your legal guardians or those with parental responsibility in order to proceed with the processing of your data and should we become aware of the processing
of your data without the necessary valid consent given by the holder of parental responsibility, we reserve the right to unilaterally interrupt the use of the service offered as well as to delete the data acquired.
In addition, we explicitly reserve the right to request the consent and/or authorisation of the legal guardians or those with parental responsibility for the future processing of image and/or audio
and/or video data in which the minor under 16 years of age may be portrayed; therefore, for the protection of minors under 16 years of age, we reserve the right to unilaterally discontinue the use of the service offered and to delete the data acquired, should the Data Controller become aware of the processing of data without the necessary valid consent of the holder of parental responsibility.
Once the retention period has expired, the data will be destroyed, deleted or anonymised, subject to technical deletion and backup procedures and the accountability requirements of the Data
4 – HOW AND WHERE WE PROCESS DATA, WHO THE RECIPIENTS ARE AND ANY CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The processing of your personal data may consist of any operation or set of operations among those indicated in Article 4 of the GDPR.
The personal data communicated will be stored in our paper and/or electronic archives and in any place required by its processing according to the stated purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data, with organisational methods and logic strictly related to the stated purposes.
The Data Controller processes the Personal Data of Data Subjects by adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of Personal Data.
Personal Data is not marketed, disseminated or used for purposes other than those declared by the Controller.
In addition to the Data Controller, the data may be processed by parties qualified as Data Processors pursuant to art. 4. n. 8 and art. 28 of the GDPR (professionals, consulting and service companies, hardware and software support companies, companies with tasks of a technical and organisational nature of the Site, …) and by parties authorised to process the data pursuant to art. 29, operating under the direct authority of the Data Controller (employees and collaborators in various capacities), who have instructed them to do so.
If the owner intends to further process personal data for a purpose other than that for which they were collected, prior to such potential further processing, it shall provide the Data Subject with information regarding the different purpose and any further relevant information.
This is without prejudice to the right of the Data Controller to transfer such data to a third country or an international organisation for which there is an adequacy decision of the European Commission or, reference to appropriate or adequate safeguards and the means to obtain a copy of such data or
the place where such data has been made available (in the case of transfers referred to in Article 46 or 47, or Article 49, second paragraph GDPR); in this case you will be given timely notice of the transfer.
5 – DATA RETENTION PERIOD
Personal data is processed for the time required by the purposes for which it was collected. Therefore:
– Personal Data collected for purposes related to the provision of required services between
the Controller and the User will be retained until the performance of such services is completed.
– Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User may obtain further information regarding the legitimate interests pursued by the owner in the relevant sections of this document or by contacting the Data Controller.
In any event, at regular intervals we may carry out a review to ascertain whether the personal data that you have provided to us should continue to be processed and, if necessary, we will ask you
again to renew your consent.
PLEASE NOTE With regard to personal data processed for the purposes of generic Marketing described in Art. 3 no. 5, we specify that
– personal and contact data are retained until the right to object (“opt out”) is exercised by contacting the owner in the manner described below.
PLEASE NOTE With regard to personal data processed for commercial purposes described in Article 3 no. 6, it is specified that
– irrespective of the existence of an active service, your personal data will be processed for sending communications of a commercial nature until you revoke your consent, it being
understood that 24 (twenty-four) months after your interaction with our services your data will no longer be processed for such purposes. This is without prejudice to your right to withdraw your consent when the processing is based on your consent.
Indeed, when the processing is based on your consent, the owner may keep your Personal Data longer until your consent is revoked. Moreover, the owner may be obliged to keep the Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
Once the aforementioned retention periods have expired, the Data will be destroyed, erased or made anonymous, compatibly with the technical procedures of erasure and backup and with the
accountability requirements of the owner.
6 – RIGHTS OF THE DATA SUBJECT – COMPLAINT TO THE SUPERVISORY AUTHORITY
You can ask the owner for access to the data concerning you, their deletion, the rectification of inaccurate data, the integration of incomplete data, the restriction of processing in the cases
provided for by Article 18 GDPR. You can exercise these rights by sending an email to one of the Controller’s contact email addresses indicated.
If the processing is based on consent or contract and is carried out by automated means, you may request the portability of Your data.
You have the right to withdraw your consent at any time for marketing and/or profiling purposes, as well as to object to the processing, for reasons related to your particular situation, in cases of legitimate interest of the Controller.
You have the right to lodge a complaint with the competent supervisory authority in the Member State where you habitually reside or work or in the State where the alleged infringement has
occurred (For more details, see the institutional website of the privacy guarantor at www.garanteprivacy.it)
6.1 – OPPOSITION TO GENERIC MARKETING BY THE OWNER
You may at any time decide to stop receiving communications relating to generic marketing activities by contacting one of the owners at the email address indicated in this policy.