Privacy Policy

Expert System S.p.A., with registered offices at Rovereto (38068 – Trento, Italy), Via Fortunato Zeni, n. 8, VAT number 02608970360 (hereinafter, “Expert System” or the “Data Controller”) is committed to protecting the online privacy of the users of the website expertsystem.com (hereinafter, “Website“). As such, this document (hereinafter, “Privacy Policy“) has been written, under Article 13 of EU Regulation 2016/679 (hereinafter, the “Regulation“), in order to allow you to understand Expert System’s policy regarding your privacy, and how your personal information will be handled when using the Website. This Privacy Policy will also provide you with information so that you are able to consent to the processing of your personal data in an explicit and informed manner, where appropriate.

The information and data you may provide, or which may otherwise be collected through the Website, in the context of your use of Expert System’s services (hereinafter, the “Services“) as defined in Section 3, will be used by Expert System in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity and confidentiality.

CONTENTS

1. Data Controller and Data Protection Officer

The Data Controller regarding all personal data processing operations carried out through the Website is Expert System, as identified at the start of this Privacy Policy.
It is possible to contact the Data Protection Officer (DPO) by writing to: dpo@expertsystem.com.

2. Personal Data processed

As you use the Website, we inform you that the Data Controller may collect and process information related to you as an individual and which allows you to be identified (either directly, or together with additional information), or which is related to other individuals (“Personal Data”), such as your name, an identification number, an online ID.
Your Personal Data may be collected either because you voluntarily provided it (for example, when filling out an online form) or simply by analysing your behaviour on the Website.

Personal Data which may be processed through the Website are as follows :

a. Name, contact details and other Personal Data

In some sections of the Website (e.g. Contact page, Resources, Newsletter, online training platform, etc.), you may be asked to enter information such as your name, surname, telephone number, email address, etc.

b. Job applications. Special Categories of Personal Data

By sending your CV to the contacts and addresses on the Website, you authorise the Data Controller to process your Personal Data.
Expert System asks that you do not disclose Personal Data which may fall under the category of Personal Data referred to in Article 9 of the Regulation – i.e. “[…] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”, unless you consider this to be strictly necessary, and to provide your consent if you decide to share them by authorization to be included in the CV.
The processing of such Personal Data may be permitted as it is based on the release of your consent according to the applicable rules on personal data protection. Expert System asks that you do not disclose any such types of Personal Data, unless you consider this to be strictly necessary. In any case, Expert System would stress the importance of providing your explicit consent to process this sort of Personal Data, if you decide to share it nonetheless.

c. Third party Personal Data provided voluntarily by the user

As mentioned above, in some parts of the Website such as the Contact section you may insert text messages or information, visible to the Data Controller, which may contain third party Personal Data.
In any situation where you decide to share Personal Data related to other persons through the Website, you will be considered as an independent data controller regarding that Personal Data and will have to assume all inherent legal obligations and responsibilities. To this end, you must fully indemnify Expert System against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, initiated by the third parties whose Personal Data have been processed through the use of the Website in violation of the applicable rules on personal data protection. In any case, if you provide or in other way process Personal Data of third parties in using the Website, you henceforth guarantee – assuming all related responsibilities – that this specific processing is grounded on an appropriate legal basis in accordance with art. 6 of the GDPR, which legitimizes the processing of the information in question.

d. Browsing Data

The Website’s operation, as is standard with any website on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While Expert System does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information is also considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
These data are used exclusively to compile anonymous, statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website – the data is deleted immediately after processing, unless it must be used to identify responsible parties in the event of cybercrime committed which harms the Website or third parties, in which case information on web contacts may be kept for a period of 7 (seven) days.

e. Cookies

Definitions, characteristics and application of the legislation
Cookies are small text files on websites that are visited by users send and record on their computer or mobile device, and then that are transmitted back to the associated sites during their next visit. Thanks to cookies the website remembers the actions and preferences of the user (such as login data, the language by default, font sizes, additional display settings, etc.) so that the user doesn’t need to specify them again when they re-visit the site and browses its pages. Cookies are therefore used to perform authentication information, session monitoring and the storing of information about the activities of users access of a website and may also contain a unique identifier that allows for the monitoring of user experiences on the site for statistical or advertising purposes. During the navigation of a site, the user may also receive cookies on their computer or mobile device from websites or web servers other than the one they are visiting (so-called “third party” cookies). Some operations cannot be performed without the use of cookies, which in some cases are technically necessary for the website to be operational.
There are various types of cookies, depending on their features and functions, and these may remain on the computer or mobile device of the user for different periods of time: so-called session cookies, which are automatically deleted when you close your browser; so-called persistent cookies, which remain on the user’s device until a pre-established date.

Under the legislation in force in Italy, prior explicit consent for the use of cookies is not always required. In particular, such consent is not required for “technical cookies”, i.e. those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary to provide a service explicitly requested by the user. In other words, cookies which are indispensable for the operation of the site or to perform tasks requested by the user.

On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.

Types of cookies used by the Website

The Website uses first party cookies:

  • Technical cookies – session or navigation , are strictly necessary for the operation of the Website or to allow the users to make use of the content and services they have requested.
  • Technical-analytics cookies , which allow for an understanding of how the Website is used by users. These cookies do not collect information about the identity of the user or any personal data. The data is processed in an aggregate and anonymous form.
  • Technical-functional cookies , i.e. used to activate specific functionalities of the Website and a number of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided.

The Data Controller also uses third-party cookies – i.e. cookies from websites / web servers other than the Website, and which are used for specific purposes of the third parties owning those websites / webservers (including profiling of users). These third parties will typically be considered independent data controllers regarding their cookies, and therefore you must refer to their privacy policies, information notices or other materials to obtain more information on them, as specified below (as provided in the General Measure “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies – May 8, 2014”):

Cookies Present on the Website

In detail, the cookies sent from Expert System via their own Website are specified below:

 

Type of cookies Technical name of cookies Cookie type, function and purpose Duration
Hubspot

(technical)

_hssc This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. 30 minutes
Hubspot

(analytics)

_hstc

 

This is the main cookie for tracking Website visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). 2 years
Expert System

(technical)

_ss Cookie HTTP 24 hours
Expert System

(technical)

_ss_referrer Cookie HTTP 1 hour
Expert System

(technical)

_ss_tk Cookie HTTP 25 years
Google Analytics

(analytics)

_ga Google Analytics is an essential cookie which enables us to understand how users are navigating the Website so that we can measure and improve user experience.

Examples of information collected by this cookie:
•Tracking which pages users visit and when they visit these pages

•Measure devices used to access the Website
• Errors tracking to ensure the website is working as expected.

 

26 months

Google Universal Analytics

(analytics)

_gid This appears to be a new cookie and as of Spring 2017 no information has been available from Google. It appears to store and update a unique value for each page visited. The main purpose of this cookie is: performance. 24 hours
Expert System

(technical)

complianceCookie

 

Cookie HTTP 15 days
Hubspot

(technical)

hubspottutk This cookie is used for to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts. 10 years
youtube.com

(technical)

GPS Registers a unique ID on mobile devices to enable tracking based on geographical GPS location. 1 day
doubleclick.net

(analytics)

IDE Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 year
youtube.com

(analytics)

PREF Registers a unique ID that is used by Google to keep statistics on how the visitor uses YouTube videos across different websites. 8 months
youtube.com

(technical)

VISITOR_INFO1_LIVE Tries to estimate the users’ bandwidth on pages with integrated YouTube videos. 179 days
youtube.com

(technical)

YSC Registers a unique ID to keep statistics of which videos from YouTube the user has seen. session
training.expertsystemelearning.com

(technical)

PHPSESSID This cookie only contains a reference to a session stored on the web server. No information is stored in the user’s browser. session
expertsystemelearning.com

(analytics)

intercom-session-g4iweqc2 This is a cookie which enables to understand how users are navigating the Website so that users’ experience can be improved. session
training.expertsystemelearning.com

(technical)

WWWID This cookie is defining which application server is currently in use for the user’s session. session


Cookie settings

The user can authorise, block or delete (entirely or partly) cookies through the specific functions of their navigation program (so-called browser). However, in the hypotheses in which all or some of the cookies are disabled it is possible that the site may not be consulted or that certain services or certain features of the Website will not be available or will not work properly and/or the user may be forced to change or manually enter some information or preferences each time he/she visits the Website.

The user’s selections regarding site cookies will be, in turn, registered in a specific cookie. However, this cookie could, in certain cases, not function correctly: in these cases we recommend that the user deletes unwanted cookies and disables use also via the functions in the browser being used.

The user’s cookies’ preferences will be reset if different browsers are used to access the Website.

How to view and modify cookies via your browser

The user can authorize, block or delete (entirely or partly) cookies through the specific functions of their navigation program (so-called browser). For more information on how to set preferences on the use of cookies through your browser, it is possible to consult these instructions:


CAUTION: deleting the technical and/or function cookies of the Website could make it impossible to browse or render unavailable certain services or functions of the Website, causing some malfunctions, in which case the user would be obliged to modify or manually enter some information or preferences each time he/she visits the Website.

 

3. Purpose of the processing

Data Controller intends to use your Personal Data, collected through the Website, for the following purposes:

  • to provide Services you request, such as the download of the materials shared on the Website (Resources), subscribing to events and/or the online training platform, responding to a request sent to addresses you may find on the Website (“Provision of the Service“);
  • to send you the newsletter (“Newsletter“);
  • to analyse the CV and to contact the candidates who submit their applications through the addresses you may find in the “Work with Us” section of the Website (“Recruitment“);
  • to carry out marketing activities, conduct studies, research, market statistics and send you advertising and information material via e-mail, telephone and/or through the official pages of the Data Controller on social media related to the activities, the products and the services of the Data Controller (“Marketing“). You can, at any time, withdraw your consent that you have previously granted to traditional or automated methods by giving notice to the Data Controller without any formality, simply by writing to the addresses indicated in Section 8 of the Privacy Policy, without prejudicing the lawfulness of the processing founded on your previous consent;
  • to carry out direct marketing activities via e-mail for services similar to those you have subscribed to through the Website, unless you objected to such processing initially or in subsequent communications (“Soft Spam“);
  • to create user profiles by analysing preferences, habits, interests and consumption choices expressed through the use of the Website and the services offered, and, where appropriate, by using profiling cookies, in order to send you material and commercial communications and personalized promotions on the services offered by Expert System (“Profiling”);

  • to fulfil the legal obligations which required the Data Controller to collect and / or further process certain types of Personal Data (“Compliance“);
  • to prevent or identify any fraudulent conduct by using the Website in order to allow Data Controller for legal defence (“Abuse/Fraud“);
  • to carry out statistical analysis without the possibility of identifying the user (“Statistic“);
  • to disclose, where a subscription to the Expert System online training platform occurs, Personal Data (name, surname, company role, and – if applicable – LinkedIn account) of the contractual representative or another contact point of the partners of Expert System on the social media accounts of the Data Controller, in order to promote the certification obtained (“Disclosure“).

4. Legal basis and mandatory / discretionary nature of the processing

The legal basis for the processing of Personal Data for the purposes referred to in aforementioned Section 3 , are as follows:

  • Provision of the Service: : the processing for this purpose is necessary to provide the Service and the performance of the contract. The provision of your Personal Data for this purpose is optional, however, failure to provide them would imply the inability to initiate the requested Services provided through the Website or to respond to requests.
  • Newsletter: the processing for this purpose is necessary to send you our newsletter. The provision of your Personal Data for this purpose is optional, however, failure to provide them would imply the inability to send the newsletter.
  • Recruitment: the processing for this purpose is necessary to allow Data Controller to schedule interviews. The provision of your Personal Data is optional, but any failure to provide it would make it impossible for Expert System to evaluate your profile. If you decide to provide special categories of Personal Data (e.g. data concerning health, religious beliefs, etc.), the processing operations carried out by Expert System may be permitted as they are based on the release of your consent pursuant to art. 9(2)(a) of the Regulation and according to the applicable rules on personal data protection. Expert System asks that you do not disclose any such types of Personal Data, unless you consider this to be strictly necessary. In any case, Expert System would stress the importance of providing your explicit consent to process this sort of Personal Data, if you decide, nonetheless, to share it. In the absence of your consent to the processing of special categories of Personal Data referred to you, if you provide such data, your application cannot be taken into consideration.
  • Marketing: the processing for this purpose is based on your consent or, if applicable, on the legitimate interest of the Data Controller. It is not mandatory for you to give your consent to the Data Controller for this purpose and you can withdraw your consent at any time without any consequences (except for the fact that you will no longer receive marketing communications from the Data Controller). You may withdraw your previously granted consent or object every time to the processing by following the instructions provided in Section 8 of this Privacy Policy.
  • Soft Spam: the processing for this purpose is based on the interest of the Data Controller to send marketing communications by email regarding products and services similar to those requested through the Website. You may interrupt the receipt of these communications, without any consequence for you (with the exception of the failure to receive such further communications of the Data Controller) using the link at the bottom of each of these emails.
  • Profiling: the processing for this purpose is based on your consent. It is not mandatory to give your consent to the Data Controller for this purpose and you may withdraw it at any time without any consequences (except the impossibility to benefit from the personalization of the commercial offers that will be received by Expert System). You may withdraw your previously granted consent by following the instructions provided in Section 8 of this Privacy Policy.
  • Compliance: the processing for this purpose is necessary for Expert System in order to fulfil any legal obligations. When providing Personal Data to the Data Controller, they must be processed according to the applicable regulations, which could entail their retention and disclosure to the Authorities for accounting, tax or other obligations.

  • Abuse / Fraud : the information collected for this purpose will be used exclusively to prevent and / or identify any fraudulent activity or abuse in the use of the Website and therefore allows the Data Controller to protect himself in court.
  • Statistics : it is specified that such processing is not performed on Personal Data and therefore can be freely carried out by the Data Controller.
  • Disclosure: processing for this purpose is based on your consent. It is not mandatory to give your consent to the Data Controller for this purpose and you may withdraw it at any time without any consequences (except from the impossibility – after the subscription to the Expert System online training platform – to disclose your Personal Data on the social media accounts of the Data Controller in order to promote the certification you obtained). You may withdraw your previously granted consent by following the instructions provided in Section 8 of this Privacy Policy

 

5. Recipients of Personal Data

Your Personal Data may be shared with the subjects mentioned below (collectively “Recipients“):
• subjects typically acting as data processors, namely: i) persons, companies or professional firms providing Data Controller with advice and consulting in accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services;
• subjects to engage with in order to provide the Services (for instance hosting providers or email platform providers);
• persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
• persons authorized by the Data Controller to process the Personal Data required for carrying out activities strictly related to the provision of the Services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality, for example Expert System employees;
• subjects, bodies or authorities to disclose your Personal Data to in accordance with Compliance, Abuse/Fraud purposes or under the orders of the authorities.

6. Transfers of Personal Data


Some of your Personal Data are shared with Recipients who may be located outside the European Economic Area. The Data Controller ensures that your Personal Data are processed by these Recipients in accordance with the applicable rules on data protection. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. Further information is available from Expert System by writing to the following email address: privacy@expertsystem.com

7. Retention of Personal Data

Personal Data processed for the Provision of the Service and Newsletter purposes will be kept by the Data Controller for the period deemed strictly necessary to fulfil such purposes. In any case, as these Personal Data are processed for the provision of the Services, the Data Controller will retain the Personal Data for the period allowed by Italian law to protect its interests (art. 2946 et seq. of the Italian Civil Code).
Personal Data processed for Recruitment purposes will be kept by the Data Controller for 18 months in case of your spontaneous application and they may be used for contacts and future interviews. In the event that, after submitting the application, a selection process has started with Expert System without the establishment of a working and / or collaboration relationship, your Personal Data will be kept on the basis of the legitimate interest of the Company for 3 years starting from the date of the submittal in order to contact you for any future job opportunities at Expert System.
Personal Data processed for Marketing, Profiling and Disclosure purposes will be kept by the Data Controller until you withdraw your consent. Once the consent has been withdrawn, the Data Controller will no longer use your Personal Data for such purposes, but it may retain them in any case, in particular if it may be deemed necessary in order to protect the interests of the Data Controller from potential complaints based on such processing.
Personal Data processed for Soft Spam purposes will be kept by the Data Controller until you object such processing through the link at the bottom of each of the Soft Spam e-mails.
Personal Data processed for the Compliance purpose will be retained by the Data Controller for the period provided for by specific legal obligations or applicable law.

Personal Data processed to prevent Abuse/Fraud will be retained by the Data Controller for the time deemed strictly necessary for the aforementioned purpose, and thus until the Data Controller is bound to keep them so as to protect himself in court to communicate such data to the competent Authorities.
Further information about the data retention period and the criteria used to determine this period can be asked by writing to the Data Controller at the email addresses provided for in Section 8 of the Privacy Policy.

8. Data subjects’ rights

Under Article 15 et seq. of the Regulation, you, as a data subject, are entitled to request at any time, from Expert System, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing, pursuant to Article 21 of the Regulation. You are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the Regulation, as well as to obtain the Personal Data you have provided to Expert System in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.
You may interrupt the reception of Soft Spam, by using the appropriate link found at the bottom of each e-mail you receive.

Requests should be made in writing to: privacy@expertsystem.com or to the work address of the Data Controller listed above.
In any case, please note that, as a data subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out through this Website violates applicable law.

9. Amendments

This Privacy Policy entered into force on April, 4 2019. The Data Controller reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law. The Data Controller will inform you of such changes as soon as they are introduced. The Data Controller therefore invites you to regularly visit this Privacy Policy in order to keep up with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how the Data Controller collects and uses Personal Data.

Menu