PRIVACY POLICY



Information provided according to article art. 13 of European Regulation 679/2016 (GDPR - General Data Protection Regulation) concerning processing of the following personal data

Data Controller. The Data Controller is Gessi S.p.A. - Parco Gessi 13037 Serravalle Sesia (VC).

Purpose and legal basis. Please be advised that the data will be processed for the following purposes:

Purpose Legal basis
legitimate interests
Storage period or criteria
Newsletter subscription for trade advertising and marketing purposes (art.6 1.a European Reg. 679/2016) Consent For a period of time not exceeding 10 years

The said treatment shall always be based on principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the data subjects.

Mandatory or optional nature of data transfer.  Please be advised that, taking into account the purposes of processing as outlined above, data transfer is mandatory and failure to transfer them, or any partial or incorrect transfer, could make it impossible to finalise the employment contract.

Recipients or Groups of recipients. The personal data may be processed exclusively by the Controller or persons authorised by the latter.

The data shall not be transferred outside the Controller’s structure.

The data shall not be disclosed.

Lodging a complaint with the Supervisory Authority. The data subject is entitled to lodge a complaint with the Supervisory Authority (for Italy: Garante per la protezione dei dati personali www.garanteprivacy.it).

Rights of the data subjects. It is possible at any time, to exercise the rights to access personal data, rectify or erase the latter, restrict processing, object thereto or to processing portability according to articles 15-20 of European Regulation 679/2016 by sending an e-mail to the following address: privacy@gessi.it.

Right to withdraw consent. The data subject may withdraw the consent given at any time by writing an e-mail to the following address: privacy@gessi.it.

Existence of an automated decision-making process. Processing does not involve any automated decision-making process.

Transfer of data to a third country or to an international organisation. The data Controller shall not transfer any personal data to a third country or international organisation.