Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (the "GDPR")
*
This information notice (the "Information Notice") is provided in relation to the processing of personal data of representatives of start-ups that intend to join the start-up incubator "Red Zone By SAES" of SAES Getters S.p.A. (the "Interested Parties").
1. Data controller
The data controller is the company SAES Getters S.p.A., with registered offices in Viale Italia 77,20045 - Lainate (MI), tax code and VAT no. 00774910152, (hereinafter simply the“Company” or "Controller”).
If you have any questions about how the Company processes personal data, you can always makee nquiries at the addresses indicated in section 8 of this policy or byc ontacting the DPO, LCA Servizi S.r.l., at the e-mail address: dpo@lcalex.it
2. Data collected
The personal data collected by the Controller are only those pertinent to and not exceeding the purpose of the processing summarized in paragraph 3 of this information notice, insofar as they are necessary to enable start-ups to take part in the initiatives related to the Red Zone By SAES project(hereinafter "Red Zone"). Data are collected electronically by completing the form on the website https://www.redzonebysaes.com/ (the "Site");all in compliance with the applicable data protection legislation
The aforementioned data are, in particular, identification data (first name, last name, company name and company references, job title, representatives of the start-ups that intend to participate in the Red Zone project) contact data such as address, e-mail address and company telephone number, as well as any additional personal data that may be included in the submissions attached when completing the form on the Site (e.g.personal data of any partners), to describe the activity carried out by the start-up(collectively, the "Data" or "Personal Data").
3. Legalbasis and purpose of the data processing
Participationin Red Zone initiatives and joining the start-up incubator
Personal Data will be processedspecifically to enable the personal representative of a start-up toparticipate in the initiatives published on the Site, to present their start-up and to join the Red Zone start-upincubator.
The legal basis for the processingof Personal Data is the legitimate interest of the Data Controller inidentifying start-ups to become part of the Red Zone incubator.Legitimate interest that does not prejudice the rights and freedoms of theInterested Parties insofar as it is reasonable to assume that - considering themanner in which they have been acquired - the Interested Party also has acorresponding interest in being contacted in order to participate in Red Zoneinitiatives.
Legalprotection of the Controller
Personal Data may be processed toenable the Controller to exercise its right of defence in the event of adispute arising with the Data Subjects.
The legal basis for the processing is the legitimate interest of the Controller in judicial protection.Legitimate interest that does not affect the rights and freedoms of the datasubjects as an expression of a constitutionally guaranteed right of the DataController.
4. Disclosureof Data and Recipients of Data
The Data shall be processed by theData Controller and by persons specifically instructed by the same (e.g.persons in charge of the management of information systems, the legaldepartment, the administrative department) and may be disclosed to thirdparties only where necessary in connection with the above-mentioned purposes.
Personal Data may be communicated tothird parties, autonomous data controllers or data processors, who provideservices in favour of the Company (by way of example, cloud storage providers,legal and tax consultants, service providers of the Company, etc.).
5. Locationof the Data Processing
The Data will beprocessed at the Company's premises and the Data will be stored on serversand/or archives located within or outside the European Union
The transfer outside the European Union may take place only andexclusively in countries that offer a level of protection of personal datasimilar to that guaranteed by EU law or, in any case, subject to the adoptionof adequate safeguards pursuant to Article 46 of the GDPR aimed at ensuring a level of Data protection similar to that guaranteedwithin the European Union.
6. Methodof processing and data retention period
TheData Controller has also adopted specific and adequate logical, legal,organisational and technical security measures to prevent the loss of Data,unlawful or unauthorised use thereof and unauthorised access thereto.
Data are only processed for the timestrictly necessary to achieve the purposes for which they were collected. Datawill be kept for as long as necessary to assess whether the start-up can join the Red Zoneincubator and, in any case, for no longer than three years from the moment ofits acquisition.
The Data may be kept for a longerperiod in the event that the start-upbecomes part of the Red Zone incubator: in this case, the Data will beprocessed for as long as the start-upis part of the Red Zone incubator and, following its exit, for the timestipulated by the ordinary statute of limitations (10 years).
7. Rightsof the data subject
Datasubjects are entitled to the rights conferred by the GDPR pursuant to Articles12-23 of the GDPR. In particular, data subjects have the right to request andobtain, at any time: (i)access to their Data; (ii)information on the processing carried out; (iii) rectification and/or updating of the Data; (iv) deletion of the Data; (v) restriction of the processing; (vi) to exercise the right to objectto the processing; (vii)portability of the Data (i.e. receiving the Data in a commonly used,machine-readable structured format); (viii)to exercise the right to withdraw one's consent to the processing of the Datawhere such consent is the legal basis for the specific purpose for which theprocessing is carried out (this, in any case, shall not affect the lawfulnessof the processing carried out on the basis of the consent given before therevocation); and, finally, (ix)to lodge a complaint with a data protection authority (in Italy the Garante perla Protezione dei Dati Personali).
8. Contactdata
The rights detailed above may be exercised at any time, by sending asimple request to the Controller, to be sent:
Forfurther information or clarification of the rights mentioned, you may contactthe Controller at the same contact details or the DPO at: dpo@lcalex.it
