At Horizon Group we are committed to process personal information on our stakeholders, customers, employees and providers in ways that comply with legal obligations, being clear and defining what we do and how we treat all sensible data and personal information.
This privacy information is given to natural persons pursuant to articles 13-14 of the GDPR 679/16 – “General Data Protection Regulation” and describes the procedures used by Horizon Group to gather, store and use personal data, including the personal features and bank details collected at the beginning and during the contractual relationship. Personal data will be processed in compliance with the principles of fairness, lawfulness and transparency.
Data controller, data processor
The data controller, data processor of your personal data is Horizon Group, based in Via Manzoni, 37 – 20900 Monza (MB) Italy.
You may contact the data controller through the data processor, sending a request to the e-mail address: firstname.lastname@example.org
Source of personal data
The personal data available at Horizon Group are collected directly from the data subject or collected automatically.
The information system and applications dedicated to the functionality of this website detect, in the course of their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users.
The voluntary and explicit sending of e-mails to the addresses of Horizon Group does not require consent and the possible filing of specifically prepared forms entail the subsequent acquisition of the address and data of the sender/user, necessary to respond to requests produced and/or provide the requested service. The voluntary submission of e-mails to our e-mail addresses does not require further information or consent request. On the contrary, specific summary information will be shown or displayed on the pages of the site prepared for specific services on request (form). The user must therefore explicitly allow the legal use of the data reported in these forms in order to send the request.
Other personal data processed are those provided by the interested party (candidate) during the sending of the curriculum vitae and during the selection interviews. The data resulting from any assessment of the candidate made as part of the selection process are also processed according to privacy regulation.
Scope of the processing
Your personal data may be processed for the following purposes:
a) to manage the contractual relationship and the provision of services;
b) for the establishment, management and termination of the contractual and commercial relationship;
c) for the fulfilment of accounting and tax obligations;
d) for the fulfilment of law obligations (for example: counter-terrorism or anti-money laundering controls; etc.);
e) for financial and accounting audits;
f) to manage possible litigations;
g) for the provision, support, updating and information regarding the services provided.
h) for the development of personnel selection activities aimed at evaluating the qualifications, experiences and competences of the candidate in relation to a job position.
Methods and place of processing
Your data will be processed through manual input and automatic, IT and electronic methods aimed at storing, managing or transmitting data in an appropriate manner to ensure the security and confidentiality of data pursuant to the provisions of section 32 of Regulation (EU) 2016/679 (“Regulation”).
Processed data are stored at the Company premises in secure place.
We will process your personal data only if necessary to attain the purposes described above. All personal data not necessary for the attainment of these purposes will be deleted, acting under the authority of the controller or of the processor.
Data Storage timing
Your personal data will be stored for the length of time related to the current commercial relationship with the Company and, subsequently, for the length of time establish by the legislation, applicable to the aforementioned relationship; at the end of that period your personal data will be deleted or made anonymous. In particular, your personal data will be stored for a period of maximum 10 years in compliance with articles 2220 e 2948 of the civil code and with article 22 of D.P.R. 29 September 1973, n.600.
Legal basis for processing and supplying data
The processing of your personal data for the purposes mentioned above, in the preceding paragraph a), b), c), d), e), f), g) and h), is based on the need of executing a contract and of fulfilling a law obligation. Therefore, the supply of data does not require your consent.
The supply of your personal data for the purposes mentioned above, in the preceding paragraph a), b), c), d), e), f), g) and h), is mandatory. Any refusal to supply the data requested or their inaccuracy may lead to the impossibility of establishing and/or continuing the commercial relationship with the Company.
Disclosure and communication
Your personal data will not be disclosed unless it is necessary to comply by law to obligations/ regulations and/or to perform terms of the existing contract with the Company.
Your personal data will be processed by persons in the company in their capacity as officers acting under the authority of the controller or of the processor for the above-mentioned purposes.
Your personal data may also be processed by the following people: subjects who are responsible for the maintenance and development of IT system, for the duration of the service execution; outsourcers; external consultants working for the Company or for either Italian or foreign subsidiaries (including extra UE countries, in particular the following countries: Canada, United States of America, China, India, Korea, Japan, United Arab Emirates, Azerbaijan, Russia) for the purposes mentioned above, in their capacity of data processor. The list of such officers is constantly updated and is available at the premises of the Company at your request.
Personal data processed by Horizon Group will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation. Instead, they may be communicated to the Workers of the Owner and to some external subjects who collaborate with them. Based on the roles and tasks performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the Owner.
Furthermore, the collected data can be sent to our client companies for the purposes indicated above. Finally, it may be communicated to the persons entitled to access it under the provisions of the law, regulations, and community regulations.
Withdrawal of consent
The interested party can revoke any consent given at any time.
However, the processing of this information is lawful and permissible, even in the absence of consent, being necessary for the implementation of measures taken on the implicit request of the interested party (evaluation and selection of candidacy).
The Data Controller may transfer personal data to third countries or to international organizations for the same purposes mentioned above.
Rights provided by the Regulations
Pursuant to the Regulations, you have the right to obtain:
confirmation as whether or not your personal data are being processed, and, inter alia, access to the following information (section 15 of Regulation):
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) the expected storage period for the personal data, or, if not possible, the criteria used to determine that period
amendment of your personal data, as well as, having incomplete personal data completed (section 15 of Regulation);
deletion of your personal data in the cases provided for by current legislation;
restriction of processing your personal data in the cases provided for by current legislation (section 18 of Regulation);
right of data portability, that is the right to receive your personal data in a structured, commonly used and machine-readable format (section 20 of Regulation).
With reference to the afore-mentioned articles as well as to article 21 of the Regulation (right of opposition), the interested party can exercise his rights by writing to the Data Controller sending his request to the following address and -mail: email@example.com
Last, you have the right to send a complaint to the national supervisory authority (Garante per la protezione dei dati personali, Piazza di Montecitorio n. 121, 00186, Roma (RM)).