CHANGE LANGUAGE:

  • Italiano
  • English
  • Français

CHANGE LANGUAGE:

  • Italiano
  • English
  • Français

Help and support

General information on the processing of personal data within the Decreto Flussi Italia online portal

Information provided pursuant to Art. 13 of EU Regulation 679/2016 (GDPR)

Dear User,
to consult the web page or to use the services on https://decretoflussiitalia.it/ (hereinafter also “portal”) you will find yourself sending your personal data assuming, pursuant to art. 4.1 of EU Regulation 679/2016 (hereinafter also “GDPR”), the position of interested party in the processing of such data and accruing the rights recognized by the GDPR.

Below, in a “Question/Answer” format, we will explain how we will use, manage, store and protect your personal data.

We therefore invite you to continue reading this information and to contact us if you have any doubts.

Thank you

Who is the data controller and how can I contact them?

The law defines “data controller” as the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data. FED SOLUTION SRL with registered office in CESENA (FC) VIALE GIOVANNI BOVIO 48 CAP 47521, PI/CF: 04759000401 as Data Controller can be contacted at the PEC address fed_solution@legalmail.it .

Has the Data Controller appointed a DPO?

No, the Data Controller has not appointed a Data Protection Officer (DPO) because it does not currently fall within the cases provided for by art. 37 of Regulation (EU) 679/2016 (GDPR).

What personal data are we talking about? What will you process?

• Navigation data : The IT systems and management software of the portal acquire, during their normal operation, some personal data whose communication is implicit in the use of internet communication protocols.

This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. This information could, however, be used to ascertain responsibility in the event of computer crimes against the site.

• Data voluntarily communicated by the User:
While browsing the portal, users can voluntarily communicate various personal data, which vary depending on whether registration is made as a Worker (the Foreign User who wants to find an employer to enter Italy with the flow decree) or as a Company .

Worker (Foreign User)

Step 1: Purchase your subscription

To use the portal’s services, you must purchase a subscription. Workers who wish to find an employer to enter Italy with the flow decree begin the process by purchasing a subscription. During this phase, you must provide the following personal data: email address, name, surname, telephone number and billing information, which includes the country of residence, province, address, city and postal code (ZIP code). This data is essential to complete the purchase and is stored in the portal’s database.

Phase 2: Registration on the portal

Only after completing the purchase of the subscription, the Worker is directed to the portal registration page. At this stage, it is necessary to fill out a registration form by providing additional information necessary for the creation of the personal profile, such as: name, surname, email address, password for accessing the account, telephone number, profile image, date of birth, gender, marital status, citizenship, any refugee status, foreign status of residence, work interest (subordinate or seasonal), sector of interest, years of experience in the sector and passport photo. Once registration is completed, the Worker will receive a confirmation email certifying the correct receipt of the data and successful registration in the system.

Until the registration process is completed with the confirmation and submission of the last form, no data is entered or saved in the system. In order to guarantee maximum protection of personal data, an initial disclaimer will inform the user that his data will be protected and that no information will be stored until the registration is completed.

Step 3: Profile Verification and Activation

After completing the registration, the data provided by the Worker are subjected to an internal evaluation by a specialized team. This evaluation is aimed at verifying the veracity of the information provided. Only after the profile has been approved, the Worker will be able to access the dedicated services of the portal. At that point, the profile will be made visible on the portal’s noticeboard, where it can be consulted by registered companies looking for candidates.

Company Profile

For companies, registration on the portal requires filling out a form with the following data: email address, password, type of applicant (natural person, sole proprietorship, company, institution, temporary employment agency), company name, VAT number, fee item, registered office address and sector of activity. This data allows the company to access the profiles of registered candidates and to use the services offered by the portal.

All data collected are processed with the explicit consent of the user and are used exclusively for the provision of the services requested through Decreto Flussi Italia. Failure to communicate this data could prevent the provision of the services themselves.

Additional services offered by the portal

In addition to the main services related to registration and profile management, the portal offers additional features that allow users to better manage their experience and facilitate contact with the site’s support. These services include:
• Access to the Reserved Area: Registered users have access to a Reserved Area. In this section, it is possible to manage your profile, modify the data entered, view and update personal information, as well as manage the subscription plans purchased.

• Contacts and e-mail: The portal provides users with an e-mail contact system, enabled to receive requests and suggestions. When a user sends a communication via e-mail, the sender’s address is collected and any other information that the user chooses to provide voluntarily. This data will be used exclusively to respond to requests made and to improve the services offered.

• “Need Help?” Section: There is a section within the portal dedicated to user support, available at Need Help? . Here, users can find useful information and send specific support requests. The information collected through this section will be used to provide the requested support and improve the user experience.

• Newsletter: The portal also offers a newsletter service to allow users to stay up to date on the latest news. The newsletter is managed through the ActiveCampaign platform and to sign up you need to provide your name and email address. Specific information is provided when you sign up for the newsletter, detailing the methods of processing personal data and the purposes of the service.

All data collected through these additional features are treated with the utmost respect for user privacy and used exclusively for the declared purposes, in compliance with current regulations on the protection of personal data.

Social Media: The social media of Decreto Flussi Italia can be accessed through interaction with the so-called “Social buttons”. Currently, the links to the Facebook page, the Linkedin account and the YouTube channel are active.

Please note that using social media services may result in them tracking you and collecting personal information. This is done based on the privacy settings you have configured on your social media accounts. These services may use cookies and similar technologies to track your online activity, collecting data that can be used to personalize your browsing and target advertising.

We recognize the importance of our users’ privacy and invite you to control and limit data collection through the privacy settings available on your social media accounts. We strongly recommend that you consult the privacy policies of the social media services you use for more information on their tracking practices and management of personal data.

The collection and use of information obtained through the plugin are governed by the respective privacy policies of the social networks, to which please refer:

• Facebook : the User can refer to Facebook’s Privacy Policy.

• Linkedin: the User can refer to the Linkedin Privacy Policy.

• Youtube: the User can refer to the YouTube Privacy Policy.

Cookie law: The portal uses the Complianz plugin to ensure the management of cookies in compliance with current regulations such as the GDPR (General Data Protection Regulation). Complianz helps manage user consent and ensures that cookies are used only in accordance with the preferences expressed by the users themselves.

When the user accesses the portal, an information banner is displayed that requests consent to the use of cookies. Users can choose to accept or refuse the use of certain cookies, and can change their preferences at any time through the appropriate section dedicated to cookie management.

The portal uses cookies, small text files that allow you to store information about visitors’ preferences, to improve the functionality of the site, simplify navigation by automating procedures (such as login, site language) and for the analysis of site use. Specifically, these are strictly necessary technical cookies , essential for the correct functioning of the website. These cookies are used to manage various essential services, such as login or access to reserved functions. The duration of cookies is strictly limited to the work session, or they can have a longer duration to remember the user’s choices. It is important to note that disabling strictly necessary technical cookies can compromise the experience of using and browsing the website.

For more details on the cookies used and how they are managed, we recommend consulting the Cookie Policy available on the site.

Why does the Portal process my data? What are the legal bases of legitimacy of the processing?

The Decreto Flussi Italia portal processes users’ personal data for specific purposes, in accordance with the legal bases provided for by Regulation (EU) 679/2016 (GDPR). The purposes of the processing and the related legal bases are illustrated below.

Browsing data: Browsing data are necessary for the use of web services and are also processed for the purpose of:
 obtaining statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
 checking the correct functioning of the services offered.

The legal basis for the processing of navigation data is art. 6 par.1 lett. f) of Regulation (EU) 679/2016 and that is the legitimate interest to ensure the full functionality of the site as well as the security of navigation.

Data voluntarily communicated by the User:

• Purchase of subscription services or online forms for specific registrations: We process your personal data to manage your registration and purchase of subscription services. This processing is necessary for the performance of a contract to which the data subject is party, or for the performance of pre-contractual measures adopted at the request of the data subject, pursuant to art. 6 par. 1 lett. b) of Regulation (EU) 679/2016.

• Registration on the portal: In the case of registration on the portal, in particular for Workers who wish to find an employer to enter Italy with the flows decree, more detailed personal data may be requested, including potential sensitive data (for example, refugee status). This data is necessary to create a complete personal profile, which will be visible to registered companies. The processing of any sensitive data will be carried out in full compliance with art. 9 of Regulation (EU) 679/2016 , and will be based on the explicit consent of the user.

• Contacts and e-mail: We process the user’s personal data exclusively to manage his/her requests sent via the available contact channels (e-mail, contact form, etc.). This processing is based on art. 6 par. 1 lett. b) of Regulation (EU) 679/2016, which legitimises the processing for the execution of pre-contractual measures adopted at the user’s request;

•Communications: We process personal data to manage registration for the services offered, in accordance with art . 6 par. 1 lett. b) of Regulation (EU) 679/2016. In addition, we may use the data to send soft spam communications, i.e. promotional emails regarding products and/or services already purchased by the user. This processing occurs without the need for the express and prior consent of the user, as provided for by art. 130, 4th paragraph, of the Privacy Code (Legislative Decree no. 196/2003), and on condition that the user does not exercise the right to object. The legal basis for this processing is art . 130, 4th paragraph of the Privacy Code, as amended by Legislative Decree no. 101/2018;

• Newsletter: We process the user’s personal data (name and email address) to manage the subscription to the newsletter and send periodic updates regarding the portal’s news. This processing is based on the user’s explicit consent ( art. 6 par. 1 lett. a GDPR ), collected when subscribing to the newsletter. A specific information is available and can be consulted during the newsletter subscription process.

• Payment management: payment management services allow the portal to process payments by credit card, bank transfer and other instruments. The data used for the payment are acquired directly by the manager of the requested payment service, without being processed by the portal, with the exception of bank transfers, which are managed directly by the Owner. Some of these services can also send the user scheduled messages, such as emails containing invoices or notifications regarding the payment. The available payment methods include:
– PayPal (Paypal Europe S.à.rl et Cie, SCA Inc.). PayPal is a payment service provided by PayPal Europe S.à.rl et Cie, SCA Inc., which allows the User to make online payments using their PayPal credentials. Personal data collected: Cookies and various types of Data as specified in the privacy policy of the service. Place of processing: Luxembourg – Privacy Policy.

– Klarna: Payment option provided by Klarna Bank AB (publ), which allows the user to choose different flexible payment methods. Personal data collected: Cookies and various types of Data as specified in the privacy policy of the service. Privacy Policy.

– Credit cards: Visa, MasterCard, Maestro, American Express

– Bank Transfer: Managed directly by the owner of the portal, which allows payment via bank transfer

Payment security is guaranteed by payment service providers, who use advanced encryption systems and security protocols to protect users’ financial information.

• Statistical analysis on aggregated and anonymous data: We process aggregated and anonymous data to conduct statistical analysis, in order to understand user behavior, improve our products and services, and meet user expectations. Since the data is anonymous and does not identify any user, this processing does not require a specific legal basis.

Who will have access to my information?

Only authorized and specifically trained personnel, collaborators and external service providers identified pursuant to Art. 28 of the GDPR as External Data Processors will have access to users’ personal information.

We remind you that in accordance with the provisions of Chapter IV of Regulation (EU) 2016/679, each external supplier guarantees security measures aimed at preventing data loss, illicit or incorrect use and unauthorised access (e.g. profiling of access authorisations to databases).

Where will this information be stored? For how long?

In accordance with art. 5, co. 1, lett. e) of the GDPR, personal data are stored for the time necessary for their processing in relation to the performance of the service requested by the user or in accordance with the purposes described in this information. The storage methods and storage times for each category of data are indicated below:

• Browsing data: Browsing data is stored on cloud servers provided by VHosting Solution Srl , with headquarters and datacenters located within the European Union, specifically in Italy. This data is not stored for more than 30 days, except for any need to ascertain crimes by the competent authorities.

• Data communicated voluntarily by the User: The storage of data communicated by users occurs mainly on the servers and databases managed by VHosting Solution Srl For processing aimed at executing the user’s requests pursuant to art. 6, par. 1, letter b) of Regulation (EU) 679/2016 (for example, requests made via contacts or e-mail), personal data will be processed for the time necessary to provide feedback to the interested party and for a further period in compliance with the legislation in force regarding the conservation of contracts.

• Data collected for contractual obligations: This data will be stored for the time necessary to complete the aforementioned purposes and as required by law.

• Data collected based on user consent: This data will be retained until consent is revoked by the user.

The data may be retained by the Owner for a longer period in compliance with legal obligations or by order of a competent authority. At the end of the retention period, the personal data will be deleted, and it will no longer be possible to exercise the rights of access, deletion, rectification and portability of the data.

Processing related to web services: The processing related to the web services of the site takes place at the headquarters of the Data Controller and/or at the headquarters of the service providers, all located in EU territory. Personal data will not be transferred outside the European Union, nor to countries or international organizations that do not guarantee an adequate level of protection recognized pursuant to art. 45 GDPR, on the basis of an adequacy decision of the EU Commission.

International Transfers: In the event that it is necessary for the provision of the site’s services, the transfer of personal data to non-EU countries or international organizations, for which the European Commission has not adopted an adequacy decision pursuant to art. 45 GDPR, will occur only in the presence of adequate guarantees provided by the recipient country or organization, pursuant to art. 46 GDPR, and provided that the data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision or adequate guarantees, pursuant to art. 46 GDPR, the cross-border transfer will occur only if one of the conditions indicated in art. 49 GDPR occurs.

Transfers to the USA: If the site uses service providers from the United States, it is important to note that the data stored on the servers of these providers may be subject to the investigative and executive powers of the US Federal Trade Commission, with the possible transfer to non-European territory at the request of the US authorities. In such cases, the processing will be subject to the specific consent of the interested party, pursuant to art. 49, par. 1, letter a) of Regulation (EU) 679/2016.

Data Privacy Framework (DPF): From 10 July 2023, the transfer of personal data to the United States can take place on the basis of the new “Data Privacy Framework” agreement, which is based on the Biden administration’s Executive Order (EO 14086). This agreement, recognized by the European Commission, establishes that US companies adhering to the DPF offer sufficient guarantees for the protection of personal data of European Union citizens. Therefore, transfers to the USA can take place without any additional measures, provided that the companies are registered with the DPF.

What are my rights?

In your capacity as data subject, you have the right to request:
 Confirmation as to whether or not data concerning you is being processed and to obtain access to your personal data in accordance with the indications of art. 15 of the GDPR;
 the rectification of your inaccurate personal data and the integration of incomplete data;
 the deletion of your data, except for those contained in documents that must be mandatorily retained by the owner and unless there is a legitimate overriding reason to proceed with the processing;
 the limitation of the processing where one of the hypotheses referred to in art. 18 of the GDPR applies;
opposition to the processing of your personal data, except for compelling legitimate reasons that prevail over the interests, rights and freedoms of the data subject;
 the portability of the data, provided for in the case of contractual basis of the processing, will consist only in the availability of the data presented by you and processed electronically.
 The revocation of consent

How can I exercise my rights?

It’s very easy! Just contact the Data Controller at the email address info@decretoflussiitalia.it to get all the assistance you need to exercise your rights.

In your capacity as interested party, you also have the right to lodge a complaint with the Data Protection Authority pursuant to art. 77 of the GDPR.

Further information on the protection of personal data can be found on the website of the Authority for the protection of personal data https://www.garanteprivacy.it/ .

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Therefore, please consult this page often, taking as a reference the date of the last modification indicated at the bottom. In case of non-acceptance of the changes made to this Privacy Policy, the User is required to cease using this Website and can request that the Data Controller removes his/her Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point. The Data Controller is not responsible for updating all the links that can be viewed in this Privacy Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by that link.

Privacy policy updated August 2024

CHANGE LANGUAGE:

  • Italiano
  • English
  • Français

CHANGE LANGUAGE:

  • Italiano
  • English
  • Français

Help and support