PRIVACY POLICY
Montenegro S.r.l., having its registered office in Zola Predosa, Via Enrico Fermi 4 (“Montenegro“), manages the website gruppomonetenegro.com (the “Website“) and, in its capacity of data controller, wishes to inform users of the Website (the “Users“) about the processing of their personal data, pursuant to the Legislative Decree no. 196/2003 (the “Italian Privacy Code“) and the EU General Data Protection Regulation No. 679/2016 (General Data Protection Regulation, the “GDPR“).
1. Data controller and data processors
The data controller is Montenegro S.r.l., a company belonging to the Montenegro Group, having its registered office in Zola Predosa, Via Enrico Fermi 4, and it can be contacted at the following email address privacy.montenegrocorporate@montenegro.it. Montenegro has appointed as data processor, among others, Lessismore S.r.l.. The complete list of data processors is available upon written request to the email address indicated above.
2. Personal data collected
Montenegro processes the personal data provided by Users, including:
a) personal data contained in the curriculum vitae forwarded to Montenegro though the application form via the “Work with us” section;
b) navigation data relating to the use of the services offered through the Website, which are collected through cookies in accordance with the information notice on cookies available at the following link gruppomontenegro.com/cookie-policy.
In this context, Montenegro does not process health data and in general special categories of personal data pursuant to Article 9 of the GDPR. Therefore, we recommend not to disclose these types of personal data.
The personal data are processed only to the extent to which they are necessary for the purposes described in paragraph 4 of this privacy policy.
3. Modalities of the processing
The User’s personal data are processed with the support of electronic and / or paper means and are protected by appropriate security measures to guarantee the confidentiality and security of personal data. In particular, Montenegro adopts appropriate organizational and technical measures to protect the personal data in its possession against loss, theft, as well as the use, disclosure or unauthorized modification of personal data.
4. Purposes of the processing
The purposes for which the User is required to provide Montenegro with his/her personal data are as follows:
- allow the User to access and register on the Website and make use of the services available through the latter, including applying to job positions through the Website, as well as assert and defend the rights towards the User and third parties (hereinafter referred to as “Contractual Purposes“);
- comply with legal and regulatory obligations (hereinafter referred to as “Legal Purposes“);
- carry out activities functional to the sale of company and business units, acquisitions, mergers, demergers or other company transformations and for the execution of such operations (“Legitimate Business Interest Purposes“).
5. Legal grounds of the processing
The processing of personal data for Contractual Purposes is mandatory as necessary to access to the Website and use the services offered through the Website. The processing of personal data for Legal Purposes is mandatory as requested under applicable laws. In the event that the User does not want his/her personal data to be processed for these purposes it will not be possible for him / her to use the Website and the services made available through it.
The processing of personal data for Legitimate Business Interest Purposes is carried out pursuant to Article 24, paragraph 1, letter d) of the Italian Privacy Code and to meet Montenegro and its counterparties legitimate interest to the performance of economic transactions indicated therein pursuant to Article 6, letter f) of the GDPR, which is adequately balanced with Users’ interests as the processing takes place within the limits strictly necessary for the execution of these operations.
6. Communication and dissemination of personal data
For the purposes referred to in paragraph 4, Montenegro may communicate Users’ personal data, provided that they are strictly necessary for each type of processing, to the following categories of recipients:
a) collaborators, employees and suppliers of Montenegro, for the processing carried out within the performance of their duties and / or any contractual obligations, with regard to the commercial relationships with the Users;
b) subcontractors engaged in activities related to the execution of services and products offered by Montenegro;
c) other companies of the Montenegro Group in Italy and abroad, national and international, located in the countries identified in paragraph 7 below.
Users’ personal data are not disclosed.
7. Personal data transferred abroad
Personal data may be freely transferred outside the national territory to countries located in the European Union, but could also be transferred outside the European Union and in particular in the United States. Any transfer of Users’ personal data in countries located outside the European Union will, in any case, take place in compliance with the suitable safeguards for the purpose of such transfer in accordance with the applicable laws and, in particular, with Article 44 of the Italian Privacy Code and Articles 45 and 46 of the GDPR.
The User can obtain a copy of the safeguards implemented by Montenegro by sending a specific request to privacy.montenegrocorporate@montenegro.it.
8. Minors
The Website is not intended for persons under the age of 18. Montenegro asks Users to state their age before accessing the Website and does not collect or voluntarily process personal data of minors under the age of 18 who may eventually use the Website.
9. Rights of the Users
The User may, at any time and at no charge (a) obtain confirmation as to whether or not personal data concerning the User exist and communication of such data; (b) be informed of the source of the personal data, the purposes and methods of the processing, the logic applied to the processing, if the latter is carried out with the help of electronic means; (c) ask for updating, rectification or, where of interest, integration of the data; (d) request the cancellation, anonymization or blocking of data that have been processed unlawfully, as well as object to the processing on legitimate grounds, (e) object, wholly or partly, to the processing of data concerning the User for the purpose of direct marketing carried out through automated methods and/or traditional methods; (f) revoke the consent to the processing of the data at any time; this shall not compromise the legality of the processing in any way based on the consent given before its revocation.
In addition to the rights listed above, pursuant to the GDPR, the User will have the right, in any given moment, to (a) request to limit the processing of your personal data where (i) the User contests the accuracy of the personal data until Montenegro has taken sufficient steps to correct or verify its accuracy; (ii) the processing is unlawful but the User does not want Montenegro to erase your personal data; (iii) Montenegro no longer needs your personal data for the purposes of the processing, but the User requires for the establishment, exercise or defense of legal claims; or (iv) the User has objected to processing justified on legitimate interests, pending verification as to whether Montenegro has compelling legitimate grounds to continue processing; (b) object to the processing of the User’s personal data; (c) request the erasure of the User’s personal data without undue delay; (d) request for the portability of his/her personal data; and (e) lodge a complaint with the relevant data protection supervisory authority where necessary.
At any time the User can exercise the above rights, change his/her contact details, notify to Montenegro any updates to his/her data, request the removal of his/her personal data communicated by third parties, or to obtain further information about their processing by Montenegro, by contacting Montenegro at the email address privacy.montenegrocorporate@montenegro.it.
10. Data retention periods
Montenegro will retain the personal data only for the period necessary to fulfill the purposes for which the data was collected as outlined in paragraph 2 above. In any case, the following retention periods will apply to the processing of personal data for the purposes indicated below:
- for the Contractual Purposes referred to in paragraph 4, lett. a) are kept for the entire duration of the contract and for the 10 years following the expiration of the same for defense purposes and / or to claim a right of Montenegro in court and / or out-of-court in case of disputes related to the execution of the contract;
- for the Legal Purposes referred to in paragraph 4, lett. b) are kept for a period equal to the duration prescribed for each type of data by the applicable laws;
- for the Legitimate Business Interest Purposes under paragraph 4, lett. c) are kept for a period up to 10 years from their collection.
At the end of the retention period your personal data will be either cancelled, anonymized or aggregated.
11. Changes and updates
This privacy policy is valid from the date indicated in its header. Montenegro could also make changes and / or additions to this privacy policy, also as a consequence of any subsequent amendments and / or legal updates to the GDPR. The changes will be notified in advance and the User can view the constantly updated version of the privacy policy at the link www.gruppomontenegro.com.
If the User has any doubts, comments or complaints about how his/her personal data are collected or processed, please contact Montenegro through the “Contact” section of the Website