Data Protection Notice - website www.archivagroup.com

Version 16.10.2023

Introduction

Archiva Group, a brand owned by Archiva S.r.l. that brings together Archiva S.r.l. and Maxwell Consulting S.r.l., hereby informs you about the processing1 of your personal data carried out through the Website

www.archivagroup.com (hereinafter referred to as the 'Site').

Archiva S.r.l. and Maxwell Consulting S.r.l., with registered offices in via Spagna 24, 37069, Villafranca di Verona (VR), with reference to the personal data processed through the pages of the Site for which they are responsible, take on the role of Data Controllers. They also act as Data Processors pursuant to Article 28 of Regulation (EU) 2016/679 (hereinafter, GDPR) when they process personal data, collected through the Site, on behalf of the other Archiva Group companies.

This information is provided pursuant to Article 13 of Regulation (EU) 2016/679.

Purposes of processing and legal basis

According to the needs expressed from time to time by the user, who accesses the various sections of this Web Site (and subject to specific rules and notices for individual operations involving the provision of specific personal data, published from time to time on this Web Site), the purposes of the processing of personal data provided directly by users by filling in the information request forms and/or those acquired automatically through browsing are indicated below:

1. for purposes of providing the services accessible through the Site (e.g. responding to requests received,request to participate in events or similar...) as:
   Prospect, i.e. the person who could potentially enter into a contractual relationship in the future because he or she is interested in the Controller's product or service proposals;
   Legal basis: execution of pre-contractual measures (ART. 6.1.B GDPR).
   Customer (whether natural or legal person), i.e. the person who uses a product or service of the Controller by virtue of an ongoing contractual relationship;
   Legal basis: execution of contractual measures (ART. 6.1.B GDPR);
2. to enable users, subject to their consent and until that consent is revoked, to learn about and explore activities, events and other commercial initiatives organised or carried out by the Controller.
   Legal basis: consent (ART. 6.1.A GDPR);
3. within the limits and for the sole purpose of recruiting, managing and contacting the application for the position chosen job in the appropriate field;
   Legal basis: execution of pre-contractual measures (ART. 6.1.B of the GDPR);
4. to be retained and to be contacted by HR for future and possible job positions, offers by the owner (spontaneous application).
   Legal basis: execution of pre-contractual measures (ART.6.1.B GDPR);
5. to monitor open and closed positions in the corporate environment with details of the setting of interviews, their outcomes and recognition of candidates already examined;
   Legal basis of the processing: pursuit of the legitimate interest of the Controller (ART. 6.1.F GDPR).

Nature and methods of processing

Archiva S.r.l. and Maxwell Consulting S.r.l. declare that access to the Site and/or registration to the various sections of it, pertaining to each company, and/or any requests for information or services and/or interest in staying up-to-date on events and services offered, requires the provision of personal data that will be object of processing in full compliance with the GDPR and applicable national regulations.

It is hereby specified that, with reference to the sending of the application, through the appointed recruitment agency, to Archiva S.r.l. or Maxwell Consulting S.r.l. this information notice, with reference to the processing related to it, is also provided pursuant to art.14 of Regulation (EU) 2016/679.

Pursuant to the aforementioned laws, such processing will be based on principles of fairness, lawfulness and transparency, protecting your confidentiality, rights and freedoms.

The provision of personal data is optional, however, failure to provide it may prevent Archiva or the group companies identified as Data Controllers and to which the request has been addressed from processing the request. Personal Data may be provided by filling in the appropriate fields, in the dedicated sections of the Site, or, if the person concerned prefers, by sending requests by e-mail.

In addition to the Personal Data conferred directly by users (such as identification and contact data), when navigating on the Site, the computer systems and software procedures, which are responsible for the operation of the Site itself, automatically and indirectly administer and/or acquire certain information that may constitute personal data, the transmission of which is implicit in the use of Internet communication protocols (so-called "cookies"), the "IP" addresses, domain names of the computers used by users who connect to the Site, the addresses in 'URL' notation of the requested resources, the time of the request to the server, navigation on the Site.

The Site does not contain any information aimed directly at minors, so the aforementioned category shall not transmit any personal data to the data controller companies via the data request forms on the Site. This notice does not extend its effects to websites other than the one explicitly mentioned. 

Personal Data will be processed mainly electronically, with logics strictly related to the aforesaid purposes, through the Data Bases, the electronic Platforms, managed by Archiva S.r.l. also in its capacity as Data Processor on behalf of the other companies of the group identified, in this informative note, as Data Controllers. 

The Data Controllers have adopted appropriate security measures to protect users against the risk of loss, misuse or alteration of the data collected. In particular, they have adopted security measures in compliance with applicable regulations. They also store user data on servers located in the territory. The servers are subject to an advanced daily back-up system.

Personal data are mainly processed at the Data Controller's premises and will not be transferred to non-EU countries.

Categories of persons who may become aware of personal data

The Personal Data transmitted may be brought to the attention of employees or trainees of the Data Controllers, for the processing operations falling within their respective spheres of competence, who, operating under the direct authority of the latter, in compliance with specific security and confidentiality measures assigned to them, will process the personal data in accordance with European and national data protection principles.

Personal data may also be transmitted to any Data Processors appointed pursuant to Article 28 GDPR who, operating under the direct authoritỳ of the Data Controller, will receive appropriate instructions. The same will be done by any Data Processors in respect of their employees or collaborators.

Please note that personal data may be communicated to the subjects essentially included in the following categories and whose complete list may be requested from the Data Controllers, for the processing within their competence, at the following addresses

• for Archiva S.r.l. This email address is being protected from spambots. You need JavaScript enabled to view it.;
• for Maxwell Consulting S.r.l. This email address is being protected from spambots. You need JavaScript enabled to view it.
• Companies or other entities performing outsourcing activities on behalf of Archiva S.r.l., Maxwell Consulting S.r.l.:for website management and/or development, support, communication, event organisation and management, producers of video-conferencing software solutions, managers of electronic platforms for sending marketing campaigns, newsletters.
• Recruitment companies: for activities within its area of competence.
• Certification bodies and accreditation bodies: for verification activities in order to obtain and/or maintain the certifications acquired by Archiva S.r.l. and Maxwell Consulting S.r.l.
• Group companies: for treatments within its competence.

Duration of data processing and storage

The data communicated will be retained for a period of time not exceeding that necessary to achieve the purposes specified in this notice, following the details below, or for a longer period for purposes permitted by law, and, in any case, upon exhaustion of the aforementioned purposes they will be deleted without undue delay:

1. 1.for a maximum of 12 months from receipt of the Prospect's request; 
   2. for the entire duration of the existing contractual relationship between the Data Controller and the Client, i.e. the legal entity that signed the contract with the said Data Controller; or in the event of the exercise of rights on the part of the person concerned and in any case until the Controller receives direct communication from the Client (legal person).
2. for a maximum of 24 months after formalisation of consent or the last documented interaction (Garante Provvedimento per il trattamento dei dati Personali 24 February 2005);
3. for a maximum of 12 months from the date of the first interview with the data controller;
4. for a maximum of 12 months after sending the spontaneous application.
5. for a maximum of 36 months from the date of the first interview with the data controller.

Data Protection Officer (DPO)

Archiva S.r.l., on a voluntary basis, has appointed a Data Protection Officer who may be contacted by e-mail This email address is being protected from spambots. You need JavaScript enabled to view it..

Rights of the interested party

At any time, the data subject may exercise his or her rights vis-à-vis the data controller pursuant to Articles 15 to 21 of the GDPR, the provisions of which are referred to in full.

The data subject shall have the right to request from the Data Controllers, for the processing within their competence and at any time, access to his/her personal data, to rectify or erase them or to object to their processing; he/she shall also have the right to request the restriction of the processing, as well as to obtain, in a structured, commonly used and machine-readable format, the data concerning him/her. Furthermore, the data subject may, at any time, withdraw consent for the processing referred to in point b) without prejudice to the lawfulness of the processing, based on consent, carried out prior to the revocation.

The cancellation operation since ordered can take up to 30 days to complete.

Finally, the data subject may lodge a complaint with the competent Supervisory Authority if he or she considers that his or her rights have been violated, in violation of the principles of the GDPR, in the manner indicated on the Guarantor's website, accessible at www.garanteprivacy.it.

The aforementioned rights may be exercised by filling in the appropriate form available on the Website www.archivagroup.com.

Amendments to the information notice

This information notice may be subject to updates in accordance with national and European regulatory provisions as well as by virtue of operational choices made by the Data Controllers. Unless otherwise specified, it will continue to apply to personal data processed up to that point.