PRIVACY POLICY

pursuant to art. 13 Regulation EU 2016/679

Dear Interested Party,
With this document (the “Policy”), we wish to reaffirm our commitment to ensuring that the processing of personal data collected through the website https://www.peoplefirst.ws (the “Site”), carried out by both automated and manual methods, is fully in compliance with the protections and rights recognized by Regulation (EU) 2016/679 (“GDPR” or the “Regulation”) and other applicable personal data protection laws.


The term personal data refers to the definition provided in Article 4, paragraph 1 of the Regulation, which states: “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”  (the “Personal Data”).


This Privacy Notice – drafted based on the principle of transparency and inclusive of all elements required by Article 13 of the Regulation – aims to provide you with all the useful and necessary information in a simple and intuitive way so that you can provide your Personal Data consciously and informedly, and exercise your rights under the GDPR at any time.



THE DATA CONTROLLER

The company that will process your Personal Data for the purposes outlined in this Privacy Notice and, therefore, will serve as the data controller, namely “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data,” is People First S.r.l., Viale Giulio Cesare n. 71, 00192 - Rome, VAT and tax code: 16334941008 (the “Controller”).



DATA PROTECTION OFFICER

In order to facilitate relations with data subjects, the Controller has appointed a Data Protection Officer  (the “DPO”), identifying SAPG Legal Tech S.r.l. based at Via Durini n. 15, 20122 – Milan (MI).


As provided for by Article 38 of the GDPR, you may freely contact the DPO for all matters relating to the processing of your Personal Data and/or if you wish to exercise your rights as outlined in this Privacy Notice, by sending a written communication to the email address: dpo.privact@sapglegal.com.



PURPOSES AND LEGAL BASIS OF PROCESSING

During browsing on the Site, certain Personal Data may be collected in the following ways.

- Browsing Data
The IT systems and software procedures in place for the operation of the Site acquire, during their normal functioning, certain personal data whose transmission is implicit in the use of Internet communication protocols.


This category of data includes, by way of example: IP addresses, browser type, operating system, domain name and addresses of websites accessed or exited, information on pages visited by users within the Site, access time, time spent on a single page, internal path analysis, and other parameters related to the user’s operating system and IT environment.


These technical/computer data are collected and used exclusively in aggregate and non-identifiable form and could be used to ascertain liability in the event of hypothetical IT crimes against the Site.


The legal basis for processing is the Controller’s legitimate interest in optimizing and improving browsing experience, preventing fraudulent activities, and enhancing Site security (Article 6, paragraph 1, letter f of the Regulation).

- Data voluntarily provided by the visitor
This refers to all Personal Data freely provided by the visitor on the Site, for example, to register and/or access a restricted area, download free resources, request information on a specific product or service via a form, subscribe to the newsletter service, send an email, or call a phone number displayed on the Site to have direct contact with the company (for example, to request assistance or more information about a product/service offered by the Controller). This processing is lawful under Article 6, paragraph 1, letter b of the Regulation (performance of a contract or pre-contractual measures taken at the request of the data subject) as well as to comply with any legal obligations.


To allow the Controller to carry out the processing activities for these purposes, it will be necessary to provide the Personal Data requested in the relevant forms. If even one of the fields marked as mandatory is not completed, it may not be possible to process your Personal Data and, consequently, provide you with the requested information and services.


Personal Data concerning your health and, in general, “special” categories of personal data referred to in Article 9 of the Regulation are not processed.


In addition to the above, your Personal Data may be processed by the Controller for the following further purposes.

- Direct marketing – This term refers to promotional activities (both automated and traditional) of the products and/or services of interest to you sold and/or provided by the Controller. With respect to this direct marketing purpose, it should be noted that, under Article 6, paragraph 1, letter f of the Regulation and Article 130, paragraph 4 of the Privacy Code (the so-called soft spam exception), the Controller may carry out this activity based on its legitimate interest, irrespective of your explicit consent, as specified in Recital 47 of the Regulation, which states that “it is considered legitimate interest of the controller to process personal data for direct marketing purposes.” This is possible following the assessments made by the Controller regarding the possible and potential prevalence of your interests, rights, and fundamental freedoms that require the protection of Personal Data over its legitimate interest in sending direct marketing communications. However, you may lawfully object at any time (even partially) to receiving promotional communications, without prejudice to processing for other purposes.



SUBJECTS TO WHOM YOUR PERSONAL DATA MAY BE COMMUNICATED

Your Personal Data may be managed, on behalf of the Controller, exclusively by personnel expressly authorized to process it (with a commitment to confidentiality and, where necessary, appointed as a processor under Article 28 of the Regulation). Processing may be carried out by partner companies acting as providers for the Controller, whose list is available upon request by contacting People First S.r.l. at info@peoplefirst.ws


Lastly, we remind you that, as required by current legislation, your Personal Data may be disclosed to the competent authorities to fulfill legal obligations.



RETENTION PERIOD OF PERSONAL DATA

In compliance with the principle of limitation of the storage period (art. 5.1 letter e) of the Regulation), your Personal Data will be processed by the Controller only for the time necessary to achieve the purposes set out in this Policy.
In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated by recital 39 of the Regulation, that is until the termination of the existing relationship between you and the Controller, as well as for an additional storage period that may be imposed by law (as also provided by recital 65 of the Regulation).
In any case, your Personal Data will be periodically checked, for a period not exceeding 12 months, in order to assess their relevance to the Controller's activities; if your Personal Data are no longer relevant, they will be deleted.



LINKS TO/FROM THIRD PARTY SITES

From the Site it may be possible to connect via links to other third-party websites, including Facebook and Linkedin.
In this regard, the Data controller cannot be held responsible for the possible management of Personal Data by third party websites and for the management of authentication credentials provided by third parties.



RIGHTS OF THE DATA SUBJECT AND METHODS OF EXERCISE

You may exercise your rights under Articles 15 et seq. of the Regulation at any time with the Data Controller. In particular, you have the right to obtain:

  • confirmation as to whether or not your Personal Data is being processed and to obtain access to the data and to the following information: purpose of processing, categories of Personal Data, recipients and/or categories of recipients to whom the data has been and/or will be communicated as well as the relevant storage period;
  • the rectification of your Personal Data that is inaccurate and/or the integration of your Personal Data that is incomplete, including by providing a supplementary declaration;
  • the erasure of your Personal Data and the limitation of its processing in the cases provided for by the GDPR and by the privacy law in force;
  • where applicable, the portability of your Personal Data and, in particular, the possibility to request the direct transmission of your Personal Data to another data controller;
  • to object at any time, for reasons related to your particular situation, to the processing of your Personal Data in full compliance with applicable privacy laws.

To exercise your rights, you may contact the Data Controller at the following e-mail address, attaching a copy of your identity document: job@peoplefirst.ws.
In any case, if you believe that the processing of your Personal Data is contrary to the Privacy Regulations, you will always have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali) pursuant to art. 77 GDPR.



PROCESSING LOCATIONS

Your Personal Data will be processed within the territory of the Italian Republic.
Should your Personal Data be (for technical and/or operational reasons)transferred and/or located in countries outside the territory of the European Union, we hereby inform you that the subjects located outside the European Union will be appointed (if applicable) as Data Processors pursuant to art. 28 of the GDPR. Moreover, the transfer of your Personal Data to such entities, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the GDPR.
Therefore, all necessary precautions will be taken in order to ensure the most complete protection of your Personal Data by basing such transfer: a) on adequacy decisions of the receiving third countries expressed by the European Commission; b) on adequate safeguards expressed by the receiving third party pursuant to article 46 of the Regulation; c) on the adoption ofbinding corporate rules; d) by adopting standard contractual clauses approved by the European Commission.
In any case, you may request further details from the Controller if your Personal Data has been processed outside the European Union by requesting evidence of the specific safeguards adopted.