Privacy Policy on Personal Data Processing Art. 13 Reg. (EU) 2016/679

In compliance with Article 13 of Regulation (EU) 2016/679 (“GDPR”), the following information is provided to users of the website accessible at the address https://bericah.it/ (“Website”). This information pertains exclusively to the processing carried out through this Website and not through other websites that may be visited via links on the Website, for which each visitor is encouraged to review the respective information provided by the relevant data controllers.

DATA CONTROLLER AND CONTACT DETAILS

Bericah S.p.A., VAT Number 00899910244, with registered office at Via Porlezza, No. 8, 20123 Milan (MI). Requests for clarification regarding this policy and requests to exercise the rights prescribed by law and/or described here can be submitted to the following contacts: privacy@bericah.it

CATEGORIES OF PROCESSED DATA	PURPOSES	LEGAL BASIS
First name, last name, email address, phone number, job title, and any personal data included in the message.	To address user inquiries sent through the interaction methods available on the Website or to the email addresses provided on the Website (e.g., contact form).	Execution of a contract to which the data subject is a party/pre-contractual measures taken at the request of the data subject - Article 6.1.(b) GDPR.
Navigation data (personal data whose transmission is implicit in the use of Internet communication protocols, such as IP addresses or domain names of computers used by users, request time, and other parameters related to the user's operating system and computer environment).	Allowing user navigation on the Website.
First name, last name, email address, company affiliation.	Sending requests for information and/or product documentation.
First name, last name, email address, residential address; date of birth; phone number, educational background, curriculum vitae; any personal data included in the cover letter.	Submission of spontaneous job applications through the communication channels available on the Website.
First name, last name, email address.	Direct marketing activities through the sending of communications or materials (e.g., via email, newsletters) regarding products/services similar to those for which the user has requested information through the Website.	Legitimate interest of the data controller – Article 6.1.(f) GDPR. The legitimate interest of the data controller is identified in promoting their business through direct marketing – see Consideration No. 47 of the GDPR.
First name, last name, email address, company sector, phone number.	General marketing activities through the sending of communications and materials (e.g., via messages, emails, newsletters).	Consent of the data subject Article 6.1.(a) GDPR. The consent may be revoked by the data subject at any time.

Through the Website, sensitive data (i.e., data concerning religious beliefs, union membership, sexual preferences, and others indicated in Article 9 of the GDPR) are not processed. We kindly request all users not to include such information during the contact submission or application process via the Website, or through other forms of interaction provided by the Website.

MANDATORY/NON-MANDATORY NATURE OF DATA PROVISION	The provision of data for marketing purposes is optional, and the failure to provide data and/or consent and/or the request not to use them for marketing purposes will not affect the ability to browse the Website and/or send messages, requests, and applications through the Website. The provision of other data is necessary for browsing and/or sending messages through the Website. Failure to provide such data may result in the inability to browse the Website and/or respond to the data subject's messages.
POTENTIAL RECIPIENTS OF PERSONAL DATA	The data may be disclosed to (i) third parties operating, also on behalf of the Data Controller, for the fulfillment of services related to the purposes stated in this information, particularly the management and maintenance of the Website and responding to requests and applications from the data subject; (ii) consultants and third-party providers of the Data Controller, such as tax consultants and/or communication consultants; (iii) authorities and public bodies to whom communication is mandatory. In managing personal data, the Data Controller uses tools that may involve sending data to countries outside the European Economic Area (EEA). The Data Controller undertakes to select first-rate and reputable providers who ensure the lawful processing and transfer of personal data.
DATA RETENTION PERIOD	The technical navigation data will be retained for the technical time necessary for the execution of the functions for which they were collected. In the case of exchanges and/or any interactions via the Website with customers and suppliers of the Data Controller, or with users who subsequently become customers or suppliers of the Data Controller, the data is retained for a maximum of 10 (ten) years from the closure of the commercial relationship with the respective customer or supplier. In the case of exchanges and/or any interactions via the Website with users who are not, and subsequently do not become, customers or suppliers of the Data Controller, personal data is retained for a maximum of 3 (three) years from the date of the last interaction with the user. In the case of data processed with the consent of the data subject (e.g., for marketing purposes), such data will be retained until the consent is revoked by the data subject. In the case of spontaneous job applications received through the website, personal data is retained (i) for 10 (ten) years from the termination of the employment/collaboration relationship, in case of hiring; or (ii) for 1 (one) year from the application date, in case of non-hiring. It is specified that the ten-year terms are indicated in consideration of the statute of limitations for any claims arising from the relationship between the Data Controller and the data subject, or the data subject's affiliated company, as provided by law.
RIGHTS OF THE DATA SUBJECT	At any time, each user may assert against the Data Controller the rights provided for in Articles 15 to 22 of the GDPR, namely the right to request: a. Access to personal data, namely to know the personal data stored by the Data Controller, the purposes for which they are processed, their origin, and other information provided for in Article 15 of the GDPR; b. Rectification of personal data in case of inaccuracies; c. Erasure of personal data (so-called 'right to be forgotten'); d. Restriction of the processing of personal data, namely the right to obtain the suspension of the processing of personal data for the period necessary to verify the request for correction of personal data, or in other cases provided for in Article 18 of the GDPR. . e. Data portability, i.e., to receive personal data in a structured, commonly used, and machine-readable format, including requesting their direct transfer to another controller (for data processed by automated means); f. The right to request the Data Controller to refrain from processing data pursuant to Article 6, paragraph 1, letters e) or f) of the GDPR (right to object); g. The right to lodge a complaint with the supervisory authority pursuant to Articles 77 and following of the GDPR, which for the Italian State is identified in the Garante per la protezione dei dati personali (Italian Data Protection Authority). You may find information on the Italian Data Protection Authority, including the contact details, at following link: https://www.garanteprivacy.it/web/garante-privacy-en/home_en.
CHANGES TO THIS PRIVACY POLICY	This privacy policy may undergo changes over time - also related to the possible entry into force of new sector regulations, the updating or provision of new services, or technological innovations. Changes to the policy become effective upon their publication on the Website, provided that the Data Controller cannot use previously collected data for processing purposes other than those described herein without informing the user.