Policy

1. Data Controller, Processors and appointees
The data controller is the Company LASER S.R.L. with headquarters in Via Ivrea 44 Strambino (To), and on its behalf the administrator domiciled for the function at the aforementioned location.

The Data Protection Officer (DPO) is domiciled at the office in Via Ivrea 44 Strambino (To). The names of the aforementioned subjects and the list of Controllers or categories of subjects to whom the data may be communicated can be consulted in the "privacy" section of the website www.laser-group.com. The detailed and updated list of names of data Processors and persons in charge of processing is kept at the headquarters of the Data Controller.

2. Personal data subject to processing

The Data Controller processes personal, identifying and non-sensitive or particular data as defined by art. 9 of the GDPR (without limitation, first name, last name, company name, address, telephone number, e-mail - hereinafter, "personal data" or even "data") communicated by you to the website www.laser-group.com of the Data Controller (hereinafter, "Site") and/or other digital tool (by way of example and not exhaustive mobile app of the Data Controller), participation in opinion polls and satisfaction, the completion of registration form through the Site to services offered by the Data Controller, the on-line request for clarification or requests for support and the sending of newsletters.

3. Purpose of the treatment

Your personal data are processed:

A) without your express consent [art. 6 lett. b), e) GDPR], for the following Service Purposes:

• manage and maintain the Site;
• allow you to use the services you may have requested;
• to fulfil the obligations provided for by law, by a regulation, by Community legislation or by an order of the Supervisory Authority;
• prevent or detect fraudulent activity or abuse harmful to the Site and the Data Controller;
• exercise the rights of the Data Controller, such as the exercise of a right in court.

In the cases mentioned above, the legal basis for the processing of your personal data is to execute a contract with you or to provide the service you have specifically requested or to comply with a legal obligation or to protect our legitimate interest.

B) Only with your specific and distinct consent (art. 7 GDPR) for the following Other Purposes:

• send you by e-mail opinion and satisfaction polls, newsletters and/or invitations to events or subscribe to events of which it is part or which organizes the Data Controller.

 For any additional optional purposes, your consent will always be requested in advance by sending an e-mail to the registered address.

4.  Mode of treatment

The processing of your personal data is carried out by means of the operations indicated in [art. 4 n. 2) GDPR] and precisely: “means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”. Your personal data are subject to both paper and electronic and/or automated processing.

The Data Controller has adopted a wide variety of security measures to protect your data against the risk of loss, abuse or alteration. In particular: it has adopted the measures referred to in art. 32 GDPR; uses, among other things, the technology of pseudonymisation and data encryption and protected data transmission protocols.

5. Communication of data

Without your express consent [art. 6 lett. b) and c) GDPR], the Data Controller may communicate your data:

• for the purposes referred to in art.3.A) to supervisory bodies, judicial authorities and all other subjects to whom communication is mandatory by law for the accomplishment of said purposes. Your data will not be disclosed.
• for the purposes referred to in art. 3.A) and 3.B) to employees and collaborators of the Data Controller, in their capacity as persons in charge and/or internal data Processors formally appointed;
• to third-party companies or other persons who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data Processors.
  
  

 6. Data transfer

The management and storage of personal data will take place in Europe, on servers located in Italy of the Data Controller and/ or third-party companies appointed and duly appointed as external data processors. The Data Controller has no intention of transferring your data outside the EEA area.

7.Storage time of the processed data

The Data Controller will process personal data for the time necessary to fulfil the purposes mentioned above and in any case for no more than 10 years from the termination of the relationship for the Service Purposes, always respecting the terms of law, if applicable, set from time to time.

The Data Controller retains the personal data of users for the period necessary to fulfil the above purposes.

To determine the appropriate retention period for personal data, Laser S.r.l. takes into account the quantity, nature and sensitivity of the data, the potential risk of damage resulting from unauthorised processing or disclosure, the purposes for which they are processed, the possibility of achieving the same objectives by other means, as well as legal requirements.

In the case of the sending of your CV for the "Work with us" section, if there is no specific interest from the Data Controller, the Resume may be deleted from our electronic archives at the Data Controller’s discretion within 30 days of receipt of the same.

The Data Controller reserves the right to retain certain information following the closure of the user account, for example if this is necessary to comply with legal obligations or to protect, prevent fraud or abuse and defend or exercise its rights.

 8. Rights of the data subject

As data subjects, you have the rights referred to in art. art. 15 GDPR and precisely the rights to:

• i. to obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
• ii. to obtain information on: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic means; d) the identification details of the Data Controller, of the responsible persons and the appointed representative pursuant to art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or persons in charge;
• iii. obtain: a) the updating, rectification or, when you have an interest, the integration of data; b) the cancellation, the transformation into anonymous form or the blocking of data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the right protected;
• iv. to oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, by the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the person concerned, set out in point b above), for direct marketing purposes by means of automated methods extends to the traditional ones and that however the possibility for the interested party to exercise the right of opposition even in part. Therefore, the interested party may decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication.

Where applicable, you also have the rights referred to in Arts. 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Supervisory Authority.

Please note that anyone who has provided their personal data may exercise the rights referred to in Articles 12, 15 to 22, 34 of the GDPR and subsequent amendments and additions, such as in particular access to data, their portability, rectification and cancellation of the same, opposing the processing or limiting the scope in the cases provided for by the Regulation. For the exercise of these rights, the interested party may apply, by formal request, to the Data Protection Officer, as well as to the Supervisory Authority, if it finds violations. For any contact related to any problems or concerns or assistance on the management of personal data you can write to the email address: privacy@laser-group.com.

9. Minors

This Site and the Services of which the Data Controller proposes are not intended for children under 14 years of age and the Data Controller does not intentionally collect personal information relating to minors. In the event that information about minors are involuntarily registered, the Data Controller will delete them in a timely manner, at the formal request of users proving parental authority.

10. External links

The Site may include links to websites, plug-ins and third-party applications. If the user accesses other websites from the links provided on the Site, the operators of such websites may collect or share information of the user. This information will be processed in accordance with the privacy regulations of these sites, which may differ from this Privacy Information. the Data Controller does not control third-party websites, it is therefore advisable to read the privacy regulations published on these sites in order to understand the procedures for collecting, processing and disclosure of personal data.

11.Changes to this Policy

This Information may change. We therefore recommend that you regularly check this Policy and refer to the most up-to-date version. The updated version of the Privacy Information, in any case, is published on this page, with an indication of the date of its last update.

 
Last updated on 15 June 2021.