This Privacy Policy describes the purposes and methods by which COIMA SGR S.p.A., in its capacity as Data Controller (“Company”, “Data Controller” or “Controller”), collects and processes personal data relating to the user (“User”) who interacts with the website www.coimasgr.com (“Website”) and with the various services it offers.
The information contained in this Privacy Policy is provided under Art. 13 of Regulation EU of 27 April 2016 no. 679 (“Regulation” or “GDPR”), and the Measures issued by the Data Protection Supervisory Authority and the Guidelines of the European authorities.
Information on the processing of data is provided only for the Website and for data processing operations carried out by the Company and it does not extend to processing carried out by third parties on other websites that may be consulted by Users via links. The Company does not accept any liability for this further processing; the User should refer to the individual Privacy Policies of the third party websites
1. Data Controller and place of the data processing
The Data Controller is the Company COIMA SGR S.p.A., based in Milan (Italy), Piazza Gae Aulenti no. 12, 20154
2. Data processing methods
The Company processes the User’s data while adopting all appropriate data security measures to prevent unauthorised access, unauthorised disclosure, modification or destruction of the data. The processing is carried out using both manual and/or electronic tools, using organisational methods and logics strictly related and limited to the indicated purposes.
3. Data processing purpose and legal basis
The Company, through the Website, may process the User’s data for the following purposes:
Contacting the Company. The User may contact the Company to request information using the contact details specified on the Website. Personal data provided voluntarily by the User (e.g. email address, telephone number if any or other information freely provided to the User) will be processed by the Company to manage and respond to the User's communications or requests. The legal basis of the data processing is the implementation of the service specifically requested by the User, and any refusal to provide the personal data will make it impossible for the Company to manage and respond to communications or requests for information (art. 6(1)(b) GDPR).
For gathering job applications through the “Career” section . The Company offers the User the opportunity to submit a job application to COIMA SGR in the Website section "Work with us" where open positions are indicated and the User may send their CV to the indicated email address. The User is requested not to enter sensitive data in their CV (e.g. related to health status, political opinions, sexual life, etc.), except data that is strictly required by law for CV selection and assessment purposes (e.g. belonging to protected categories). A specific Privacy policy contains Data processing information. The legal basis for data processing is executing a request by the data subject (Art. 6(1)(b) and art 9((2)B) GDPR).
Call for tenders participation. The “Calls for tenders” section of the website provides access to an external portal https://app.albofornitori.it/alboeproc/albo_coima, for viewing and participating in calls for tenders. Access to this area requires an email invitation from the Company. Set the password using the security criteria specified in the invitation email. The credentials are required for access to the area in question. The information legally required for participation in individual calls or tenders is identified each time. The data enables participation and management of tenders. The legal basis of the data processing is the implementation of the service specifically requested by the User, and any refusal to provide the personal data will make it impossible for the Company to manage and respond to communications or requests for information (art. 6(1)(b) GDPR).
Pursuing the legitimate interests of the Company or third parties. The User’s data may be used to exercise the rights and legitimate interests of the Company or third parties, for example, handling claims and litigation, credit recovery, fraud prevention or prevention of unlawful activities. In these cases, although the provision of the User's personal data is not mandatory, it is necessary as this data is closely connected and instrumental to the pursuit of those legitimate interests, which do not prevail over the User's rights and fundamental freedoms (art 6(1)(f) GDPR).
Fulfilling applicable legal or other obligations. The Company may use personal data that is provided by the User or otherwise acquired during the User's interaction with the Website for compliance with legislative and regulatory obligations, national and EU legislation, ad obligations deriving from measures issued by authorities who are legally authorised to do so, which represent the data processing legal basis, (art 6(1)(c) GDPR).
4. Data categories
The Company receives and collects information through the Website relating to the User who visits the pages of the Website and who uses the web services available on the Website. The Company acquires and processes the following information.
4.1 Data provided voluntarily by the User
The Company limits the gathering of voluntarily provided information to data necessary to achieve the purposes described in paragraph 3 above and receive the services requested. Additional personal data may be collected and processed by the Company, if the same are provided voluntarily by the User as part of the services offered by the Website, for example, if the User contact the Company to report disservice or malfunctioning, to exercise its rights in relation to personal data processing, etc. Those data will be processed by the Company only for purposes strictly linked to the User’s request. Any failure to provide the data may make it impossible to obtain the requested service.
5. Disclosure of data to third parties
The data processed will not be disclosed and may be communicated, for the purposes and in the manner set out in this Privacy Policy, to the categories of subjects indicated below:
COIMA platform companies, for organisational purposes, internal control purposes, pursue the Company or third-party legitimate interests and carry out the User services/requests (e.g., contact requests);
companies, co-workers, consultants or freelancers that the Company uses in order to implement technical or organisational tasks (e.g. IT and web service providers, procurement services), or with whom the Company collaborates (including other COIMA Companies) to provide and operate its own services, or for any communication activities;
persons, companies or professional firms that provide assistance and advice to the Company, particularly (but not exclusively) in accounting, administrative, legal, tax and financial matters;
persons/entities entitled by law or by order of a public authority to access the data.
The persons/entities belonging to the categories indicated above will use the data as independent data controllers pursuant to law or as data processors properly appointed by the Company. These persons/entities may be based in EU and non-EU countries. If these parties are based in non-EU countries, the Company shall adopt the measures under the Regulations to legitimise the transfer of personal data.
The list of entities to which the data are or may be disclosed, and the privacy measures adopted to legitimise transfers of said data outside the EU, can be requested from the Company by using the contact details indicated in the “Rights of Users and Contact Details” section.
6. Data retention
The data are processed for the period of time necessary to carry out the activities indicated in paragraph 3 above, and are erased when the purposes for which they were collected and processed no longer apply.
[The Company will provide feedback to email requests without further processing the personal data. It may hold the data for longer periods to meet the user’s request]
If a person unsuccessfully applies for a job, the Company will delete the personal data up to five years from the date it was provided. This depends on the seniority of the role (the retention period - between 18 months and five years - is directly proportional to the candidate's seniority). Data collected for participation in Calls for Tender and selection procedures will be retained under applicable legislation.
7. User rights and contact details
The User may exercise the rights provided for by the Regulation in the cases expressly envisaged by law and where applicable. The User has the right to:
obtain confirmation of whether or not the processing of his/her personal data is in progress and, in that case, to request from the Controller access to information relating to that processing (e.g. purposes, categories of data processed, recipients or categories of recipients of data, retention period, etc.);
request the rectification of inaccurate or incomplete data;
request the Controller to erase the data (e.g. if the personal data are no longer necessary in relation to the purposes for which they were collected, or if the consent on which the data processing is based is withdrawn, etc.);
request the data processing limitation (e.g. if the User disputes the accuracy of the data; if the data processing is unlawful and they object to the erasure of personal data; if data is required to exercise or defend the User's rights in court, even where the Controller no longer requires it; when the User exercises their right to oppose data processing, for the time required to verify whether legitimate reasons exists).
receive personal data relating to him/her in a commonly-used and machine-readable format (e.g. pdf) and to send them to a different data controller, or to obtain direct transmission from one controller to the other, if technically possible (known as data portability).
The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of their personal data.
Those rights may be exercised by sending a communication to the following email address: privacy@coimasgr.com .
Finally, if the User considers that the processing of data provided violates personal data protection rules, he/she has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
8. Data collection using Cookies
Cookies are small text strings sent by websites which the User visits to their computer browser, where they are stored for the User's next visit to the website, for re-transmission.
Cookies are used by the Company to operate the Website or improve its performance, assess the efficiency of services and provide information on the Website or on the User’s navigation.
The Website uses cookies for technical purposes. Technical cookies are used insofar as they are strictly necessary for the technical operation of the Website as well as to provide the service expressly requested by the User (e.g. language setting, etc.), as explained below.
8.1 Technical cookies
Technical cookies are essential to enable the User to navigate the Website and use its features, to record the User's choices (e.g. language, country of origin, etc.), to distribute requests on multiple servers, to record when the User consents to certain options (e.g. by accepting the use of certain cookies as a result of having viewed the information banner), to enable the User to view content and videos using the Adobe Flash Player. These cookies do not require the User's consent. The technical cookies used, and their features are set out in the table below.
| Party installing the cookie | Cookie name | Purpose | Retention period |
|---|---|---|---|
| Coima | XSRF-TOKEN | It ensures browsing security for visitors by preventing requests from being falsified. This cookie is essential for website and visitor security. | Two hours |
| Coima | lang | Remembers the language version of a website selected by the User | One year |
8.2 Changing and managing cookie preferences
It is possible to change and manage cookie preferences through the Website or browser settings or by using third party websites
through the Website: you can enable/disable third-party cookies using the selections in the table in the paragraph above
through the Websites www.youronlinechoices.com or www.aboutcookies.org
-
through your browser settings you can block or delete cookies received from the Website or any other website by changing your browser settings through your browser function. Below are links to the instructions for the following browsers:
Below are links to the instructions for the following browsers:
Internet Explorer - http://windows.microsoft.com/en-gb/windows-vista/block-or-allow-cookies
Chrome - https://support.google.com/chrome/answer/95647
Firefox - https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Opera - http://www.opera.com/help/tutorials/security/privacy/
Safari - http://support.apple.com/kb/PH17191
Please note that disabling cookies - including strictly necessary cookies - could cause issues with browsing the Website and prevent certain features of the Website from functioning properly.
9. Third Party Plugins
The Website may also incorporate plugins and/or buttons for social networks in order to make it easier for the user to share content on their preferred social networks. These plugins do not set a cookie, but if one is already present on the user’s computer, they can read it and use it within the limits of its settings. The collection and use of information by these third parties is regulated by the relevant privacy policies, which the user is recommended to read.
10. Use of other websites
The user is recommended to read the privacy and cookie policies of any websites that they visit through the links present on the Website.
Please note that the cookie preferences applicable to this Website will not be active on the websites of other companies.
11. Transfer to non-EU countries
The Company will not transfer your data to entities established outside the European Union. For information on the possible transfer of personal data collected through third-party cookies established in non-EU countries, please refer to the third-party privacy policy on its website.
12. Changes to the Privacy and Cookie Policy
The Company reserves the right to make changes to this Privacy Policy at any time, giving notice of this by publication on the Website. We invite the User to check these updates on the Website.
Should the changes be particularly significant and/or notably impact the User's rights, the Company may also communicate them to the User in a different manner (e.g. by sending an email).
Privacy and Cookie Policy updated on 14/05/2023