information transmitted by its business partners, customers or potential customers and, finally, by users of the services offered also through its web pages.
Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘Data subject') in particular by reference to an identifier
such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or
social identity of that natural person
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as
collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making
available, alignment or combination, restriction, erasure or destruction.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing
of personal data.
2. Who is the controller for the processing of the data collected pursuant to this policy?
The controller of the personal data collected is Comac S.p.A., fiscal code/VAT no. IT03322910237, with registered office at Via Maestri del Lavoro 13, Santa Maria di Zevio -
37059 (Verona - Italy), email/PEC: firstname.lastname@example.org (hereinafter "Comac" or "Controller").
3. What types of data does Comac process?
- Data of customers, prospective customers and suppliers, including their consultants and other representatives, provided voluntarily.
Any contact with Comac, including through the services provided on its web pages, or the optional, express and spontaneous sending of electronic or traditional mail messages
to Comac addresses, or at the conclusion of contractual relations, involves the subsequent acquisition of personal data sent, for the sole purpose of performing the requested
service or to respond to requests or stipulate and manage the contractual relationship. Comac collects and processes the following personal data: IP addresses, email addresses,
telephone numbers, place of residence, date of birth, tax/ VAT code, names, qualifications, duties, bank details, as well as other personal data included in the relevant
service and/or communication forms.
- Browsing data.
The computer systems and programmes used for the operation of Comac websites collect some personal data whose transmission is implicit in the use of Internet communication
protocols (e.g., IP addresses or domain names of the computers used by users who connect to the website, information on visits, browser software and other parameters relating
to the user's operating system and computer environment). These data are used for the sole purpose of obtaining statistical information not associated with any user
identification data on the use of the website and to check its correct functioning; they are, therefore, deleted immediately after processing.
- Personal data provided voluntarily by the user in the section "Work with us".
Comac processes categories of identification and contact data (by way of example but not limited to name, surname, email address and any other information entered by the user
in the registration form and those present in his/her CV) as well as other personal data entered in the relative communications, where applicable. The data will be processed
by personnel appointed by Comac using procedures, technical and IT tools designed to protect the confidentiality and security of data provided spontaneously by users to respond
to published job openings or to enter their own spontaneous application.
Cookies are small text files that are installed by a website on a user's browser and that record certain information relating to the user's browsing activity. For information
4. For what purposes are personal data collected by Comac processed?
Personal data will be processed for the purposes indicated below:
- administrative and accounting purposes related to the obligations imposed by the applicable laws or regulations and by provisions issued by the responsible
authorities/surveillance and control bodies;
- purposes closely related and/or necessary to the fulfilment of its contractual obligations and the exercise of its contractual rights, including after-sales activities;
- purposes related to registration on the website to use the services offered by Comac, including the possibility of making an online purchase;
- purposes related to the execution of any other request received by Comac;
- purposes related to the "Work with us" selection process, by preliminarily evaluating the user's profile with reference to the job opening available at Comac or that has
been selected by the user from the list of job openings available on the website;
- with prior consent, for purposes of information and promotion of the activity carried out by Comac and/or the marketed products. Comac may send communications for the
above purposes either by traditional means (e.g., paper mail, telephone calls by an operator) or by automated means of communication such as e-mail (e.g., newsletters)
and SMS. Limited to the e-mail details provided as part of the purchase of a product or service offered and sold by Comac, the latter may use for the sending of information
and promotional communications (including the newsletter) of similar products or services without the need for the express and prior consent of the Data Subject and on
condition that the Data Subject does not exercise the right of opposition (so-called soft spamming);
- subject to prior consent, for the purpose of processing preferences by collecting the type and frequency of purchases for sending information and/or advertising material
of specific interest to the Data Subject by email and improving the commercial proposals sent by Comac (so-called profiling).
5. What is the legal basis for the processing of the personal data collected? Can I withdraw my consent?
Legal basis for data processing under the GDPR.
The legal basis for the processing of personal data for the above purposes is as follows:
- for the purposes of point 4, letter (a), compliance with a legal obligation;
- for the purposes set out in point 4, letter (b), the fulfilment of Comac's contractual obligations;
- for the purposes referred to in point 4, letter (c), the provision of the requested service;
- for the purposes set out in point 4, letter (d), a feedback to any other request received by Comac;
- for the purposes of point 4, letter (e), the fulfilment of a legal obligation arising from the selection of personnel;
- for the purposes of point 4, letters (f) and (g), the user's consent.
Withdrawal of consent
For the purposes of point 4, letters (f) and (g), the Data Subject may withdraw his/her consent at any time by writing to email@example.com.
The right of the Data Subject to object to the processing of his/her personal data for marketing purposes by automated means of contact (e-mail, SMS) also extends to traditional
Limited to the sending of the newsletter, the Data Subject may also object to data processing concerning him or her through the appropriate link at the bottom of any e-mail
with promotional content sent by Comac which allows automatic unsubscription from the newsletter.
Withdrawal of consent by the Data Subject shall not in any way affect Comac's right to process the user's data if such processing is necessary in order to comply with Comac's
contractual obligations and/or to the extent that Comac is required to process the data subject's personal data in order to comply with a legal obligation or to defend its
rights in a dispute with the data subject, to prevent fraud or abuse.
6. How are personal data collected by Comac processed? With whom could Comac share such data?
The processing of personal data mainly takes place with the help of electronic or automated instruments, according to methods and means suitable to ensure the security and
confidentiality of the data, in accordance with the provisions of legislation on the protection of personal data. In particular, Comac uses technical, IT, organisational,
logistical and procedural security measures in order to guarantee the minimum level of data protection required by law, allowing access only to those appointed.
Scope of data dissemination
The personal data of Data Subjects may be communicated to the following entities:
- Comac employees and/or collaborators, for the performance of administration, accounting, after-sales, IT and logistic support activities;
- entities carrying out customer assistance activities and providing centralised services also for the benefit of Comac, including marketing services, as well as
- companies or consultants responsible for the installation, maintenance and management of Comac hardware and software (including the Comac web pages);
- external companies or consultants providing banking, financial, insurance, legal, personnel recruitment and selection services;
- company of the group controlled by Comac S.p.A.;
- supervisory and control authorities and bodies and, in general, public or private persons acting as public officials or persons in charge of a public service;
- parties that perform activities involving the filing of documentation and data entry.
With reference to personal data communicated to them, the parties that belong to the above-mentioned categories can operate, depending on the case, as processors or persons in
charge of processing, or as separate data controllers.
Personal data shall not be in any way disseminated or communicated to other external entities, except where disclosure is required by law or necessary.
7. For how long will personal data collected by Comac be kept?
Personal data shall be kept for the time necessary from an operational and/or legal point of view as follows:
- for the purposes referred to in point 4, letters (a), (b) and (c) and (d) above for a period not exceeding ten (10) years, without prejudice to any specific legal
obligations regarding the keeping of accounting records and, in any case, according to statutory limitation periods;
- for the purposes referred to in point 4, letter (e) above, for the time strictly necessary to evaluate the selection process and, in any event, for a period not
exceeding one year;
- for the purposes referred to in point 4, letter (f) above, until consent has been withdrawn;
- for the purposes referred to in point 4, letter (g) above, for a maximum period of 12 months.
In any case, Comac may keep the personal data collected for a period of time longer than that indicated above in the event of potential or real legal disputes or to prevent
fraud or abuse.
In any case, at the end of the period for which the personal data are stored, the data shall be deleted or aggregated or anonymised.
8. Will personal data collected by Comac be transferred abroad?
It may be that Comac shares personal data collected with selected entities who may process such data in countries both within and outside the EU/EEA. In the case of transfers
to countries where the laws do not offer the same level of data protection as the GDPR, Comac shall use various legal mechanisms, including standard EU contractual clauses,
to ensure that the rights and protections granted by Comac travel together with the transferred data.
Further information regarding the international transfer of data may be sent to the contacts available at the end of this policy.
9. What are the rights of the Data Subject?
This section lists the rights of the Data Subject that can be exercised at any time by writing to firstname.lastname@example.org.
The Data Subject shall have the right to:
- obtain from Comac confirmation as to whether or not your personal data are being processed and, if so, access to the information referred to in article 15 of the GDPR;
- obtain the rectification of personal data concerning you, or, taking into account the purposes of processing, the integration of incomplete personal data;
- obtain the erasure of your personal data if one of the reasons referred to in Article 17 of the GDPR applies;
- obtain the limitation of the processing of your personal data in cases provided for by the applicable law;
- object to the processing of their personal data for reasons connected with your particular position;
- receive, in a structured, commonly-used and legible electronic format, any personal data relating to you, which they have provided, and transmit this data to another
Data Controller without impediment by the Data Controller, if technically possible, in the cases and within the limits referred to in article 20 of the GDPR.
Depending on the amount or complexity of the requested information, an appropriate fee may be charged.
The Data Subject shall also have the right to lodge a complaint with a supervisory authority (for Italy: the Personal Data Protection Supervisor), if he or she considers that
the processing of his or her personal data is carried out in violation of the GDPR.
In any case, the Data Subject is invited to contact Comac, which undertakes to process the matter with the utmost courtesy, seriousness and discretion.
Our products and services are primarily intended for an adult audience. Comac does not knowingly solicit or collect personal data from or about persons under the age of 16
without the consent of a parent or guardian. Should Comac learn that personal data relating to children have been sent without the consent of a parent or guardian,
Comac shall make every reasonable effort to do so:
- delete such personal data from your files as soon as possible; and
- ensure that these personal data are not further used for any purpose and are not further disclosed to third parties.
11. Amendments and updates to this Policy
Last updated on 25 May 2018