Skip to main content

Privacy policy

Nethex Care S.r.l. (F.C. and and 47436465), based in Bacau County, Pictor Theodor Aman Street n. 90/A, Bacau City, (hereinafter, “Nethex” or the “controller”), as data controller, informs you, in accordance with the art. 13 of the European Regulation 2016/679 (GDPR), about the purposes and methods of processing personal data.

1. Subject of data processing

What data is used?

The controller handles:

• personal, identification and contact data, and any other data voluntarily provided by you (for instance but not limited to: name, surname, e-mail address, telephone number, data contained in the professional CV, etc…);

• browsing data acquired from the computer systems and software procedures that is used for website operation. This information is not collected to be associated with the identified data subjects; it could, however, identify users through processing of data held by third parties. This category of data includes, for example, the IP addresses or domain names of the computers used by users who connect to the website and other parameters relating to the users’ operating system.

2. Purpose of data processing

For what purposes will the data be processed?

Your personal data will be processed, in a lawful and correct manner, for the following purposes:

a) recontact you, to process any requests made to the controller (art. 6 letter b), GDPR);

b) evaluate your application for a possible employment or collaboration with the controller, where you have filled in the form to submit the application;

c) fulfill the legal and tax obligations to which the controller is subject (art. 6 letter c) GDPR);

d) for the purpose of legitimate interests that the controller has identified on the basis of the balancing of relevant interests (art. 6 letter f) GDPR);

e) if it is necessary to verify, exercise or defend a right in court.

3. Compulsory or optional data provision

Is the provision of data compulsory?

The provision of data is a necessary requirement to use the requested services.

4. Processing methods

How is the data used?

The processing of your personal data is carried out by means of the operations indicated in art. 4 no. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Personal data is subject to both paper, electronic and/or automated processing. There are no automated decision-making processes relating to private entities.

5. Data Retention

For how long is the data kept?

Your personal data collected for the purposes described in this policy will be kept for the time strictly necessary to achieve the purposes for which it was collected and in compliance with regulations in force.

For the purposes referred to in the paragraph 2 letter b) personal data will be stored starting from its receipt for a maximum period of 24 months for the application management (unless otherwise stated by law). Should a working relationship be established with you, your personal data will be kept, starting from their receipt, for the period indicated in the policy provided to you prior to the establishment of the above-mentioned relationship.

After the retention period, the data will be deleted or made anonymous.

6. Data Access and Reporting

Who can have access to the data?

Your personal data is accessible to: i) employees and/or collaborators of the controller in the capacity of authorized persons and/or system administrators; ii) service providers who carry out outsourced activities on behalf of the controller in their capacity as external data processors and/or sub-processors carrying out related, instrumental or supportive activities to those of the controller, for example: management and maintenance of the website content, customer assistance, customer care services, etc.; iii) other companies of the Nethex group (Nethex Care S.p.A., Nethex Digital Sales S.r.l., Nethex S.p.A .).

The complete list of data processors is available in the paragraph 9.

The controller may also communicate the users’ data to third parties (public institutions, police forces or other public and private entities), exclusively for the purpose of fulfilling contractual, legal obligations and/or those deriving from EU legislation.

7. Data Transfer

Where can the data be transferred?

There are no data transfers to non-EU countries or to international organizations. Where such transfers should take place, to protect the users’ data, the controller will adopt the appropriate guarantees established by the GDPR, including the adequacy decisions and the standard contractual clauses approved by the European Commission.

8. Rights of data subject

What are the rights of data subject?

As a data subject, you can exercise the rights provided for by the articles 15 to 21 of the GDPR, in particular:

• Right of access (art. 15 GDPR);

• Right of rectification (art. 16 GDPR);

• Right to erasure (art. 17 GDPR);

• Right to restriction of processing (art. 18 GDPR);

• Right to data portability (art. 20 GDPR);

• Right to object (art. 21 GDPR).

For all the cases mentioned above, if necessary, Nethex will inform the third parties to whom the personal data is communicated of the possible exercise of your rights, with the exception of specific cases (e.g. when its execution proves to be impossible or involves the use of means manifestly disproportionate to the protected right).

9. Methods of rights’ exercise

How are the rights indicated in the previous paragraph exercised?

You can, at any time, exercise the rights described in the previous paragraph, by forwarding a specific request to the controller at the address nethexcaresrl@legalmail.it, or by contacting the designated DPO at rpd@sgsolution.eu.

For the processing operations described in this policy, you also have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it)

Last updated: March 29, 2023