This document has been specifically drawn up to inform you about the processing of your personal data by the company PHOTONPATH S.R.L. whose data are indicated below. Pursuant to European Regulation 2016/679 (hereinafter referred to as: “GDPR”), you are provided with the following information.

The Data Controller – as defined pursuant to Article 4, co. 1, no. 7) of the GDPR – is the Company “PHOTONPATH S.R.L. “, with registered office in Milan, Via Giovanni Durando n. 39, tax code, VAT number and registration with the Company Register of Milan, Monza-Brianza and Lodi 10930000962, R.E.A. no. MI – 256765 (hereinafter referred to as the “Data Controller”).

1. INTRODUCTORY INFORMATION

For ease of reading, below are some definitions directly contained in the provisions of the GDPR. Pursuant to Art. 4, co. 1 of the GDPR, we mean:
Personal data” ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

2. CATEGORIES OF PROCESSED DATA

By browsing this site, the following categories of personal data may be processed:

  1. common personal data: as defined under Art. 4, co. 1 of the GDPR. This category includes both personal information such as, but not limited to, name, surname, date of birth, residential address, tax code, and contact information such as, landline phone number and / or mobile and e-mail address;
  2. navigation data: this is data that is processed in order to ensure the proper functioning of this site. The Data Controller may also process your data in order to obtain information about your preferences and your habits of use of the site. This data may also be processed through cookies. In this regard, we invite you to read the Cookie Policy below.

3. PURPOSE OF PROCESSING AND LEGAL BASIS

Data Controller process your Personal Data for the following purposes:

  1. browse on this website;
  2. compliance with obligations imposed by laws or regulations;
  3. if desired, sending communications by filling out the appropriate form;
  4. if desired, sending the resume uploading it in the appropriate section.

The legal basis of the treatment is the Article 6, paragraph 1 of the GDPR, according to which processing shall be lawful only if and to the extent that at least one of the following applies:

  • art. 6, letter a), the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • art 6, letter b), processing is necessary for compliance with a legal obligation to which the controller is subject;

The provision of personal data is:

  • mandatory, in relation to the obligations provided for by laws, regulations and/or Community legislation as well as provisions issued by the authorities empowered to do so and by supervisory and control bodies, as well as tax and accounting obligations;
  • optional, for all that concerns the purposes of processing referred to letter c) e d).

4. TREATMENT MODALITIES AND STORAGE TIME

We would like to inform you that your data will be processed in compliance with the GDPR and the current regulations on the processing of personal data.
We inform you that the processing of the data in question is based on the principles laid down in Article 5 of the GDPR, in particular on the principles of fairness, lawfulness, transparency and protection of confidentiality and rights of the person whose data is processed.
The processing of your personal data will be carried out by means of paper, computer and telematic tools, in such a way as to guarantee security and confidentiality in accordance with the provisions of Article 32 of the GDPR.
Your personal data will be stored by the Data Controller for the period strictly necessary to achieve the purposes for which they were collected, and in any case in accordance with the principle of minimisation referred to in Article 5, paragraph 1, letter c) of the GDPR as well as the obligations provided by law.

5. COMMUNICATION OF YOUR PERSONAL DATA

We inform you that your personal data are not subject to dissemination, meaning by this term the disclosure of the same to unspecified persons, in any form, including by making them available or viewable.
On the other hand, the disclosure of the data is requested to the Data Controller, in compliance with legislative provisions, by public authorities, judicial authorities, supervisory and control bodies, information and security bodies or other subjects and/or public bodies for purposes of defense and State security, prevention and detection or repression of crimes.
In order to achieve the purposes described in point 1 above, the Data Controller may need to communicate your personal data to the following categories of third parties:

  1. natural persons authorized by the Data Controller according to and for the effects of the Art. 29 of the GDPR in reason of the execution of their working duties;
  2. subjects who have been appointed by the Data Controller pursuant to article 28 of the GDPR as subjects in charge of the processing (the Processor), i.e. the natural or legal person who processes personal data on behalf of the Data Controller;
  3. subjects that provide services for the management of the digital communication system and not;
  4. subjects through which the Data Controller avails itself in different titles for the supply of the requested service/product.

6. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION

We inform you that your personal data will be processed by the Data Controller exclusively within the national territory. The data you provide will not be transferred by the Data Controller to third countries inside or outside the European Union and / or international organizations.

7. RIGHTS OF THE INTERESTED PARTY

Pursuant to Art. 7 co. 3 of the GDPR, we inform you that you may at any time withdraw the given consent without affecting the lawfulness of the processing based on the consent given prior to revocation.
By submitting your request directly to the registered office of the Data Controller indicated above or by using the following e-mail address:info@photon-path.com, you may exercise, at any time, pursuant to articles 15 to 22 of the GDPR, the right to:

  1. ask for confirmation of the existence or not of your personal data;
  2. obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom your personal data have been or will be communicated and, where possible, the period of storage;
  3. obtain the correction and deletion of your personal data;
  4. obtain the limitation of the processing of your data;
  5. obtain data portability, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance;
  6. oppose the treatment at any time and also in the case of treatment for direct marketing purposes;
  7. object to automated decision-making regarding individuals;
  8. to ask the Data Controller for access to and rectification or cancellation of the data or for the limitation of the processing of the data concerning him/her or to object to their processing, as well as the right to data portability;
  9. revoke consent at any time without affecting the lawfulness of the processing based on the consent given before revocation;
  10. complain to a supervisory authority.