The information and data you may provide, or which may otherwise be collected through the Website, in the context of your use of Expert System’s services (hereinafter, the “Services“) as defined in Section 3, will be used by Expert System in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity and confidentiality.
- Data controller and Data protection Officer
- Personal Data processed
a. Name, contact details and other Personal Data
b. Job applications. Special Categories of Personal Data
c. Third party Personal Data provided voluntarily by the user
d. Browsing data
- Purpose of the processing
- Legal bases and mandatory / discretionary nature of the processing
- Recipients of Personal Data
- Transfers of Personal Data
- Retention of Personal Data
- Data subjects’ rights
1. Data Controller and Data Protection Officer
It is possible to contact the Data Protection Officer (DPO) by writing to: email@example.com.
2. Personal Data processed
As you use the Website, we inform you that the Data Controller may collect and process information related to you as an individual and which allows you to be identified (either directly, or together with additional information), or which is related to other individuals (“Personal Data”), such as your name, an identification number, an online ID.
Your Personal Data may be collected either because you voluntarily provided it (for example, when filling out an online form) or simply by analysing your behaviour on the Website.
Personal Data which may be processed through the Website are as follows :
a. Name, contact details and other Personal Data
In some sections of the Website (e.g. Contact page, Resources, Newsletter, online training platform, etc.), you may be asked to enter information such as your name, surname, telephone number, email address, etc.
b. Job applications. Special Categories of Personal Data
By sending your CV to the contacts and addresses on the Website, you authorise the Data Controller to process your Personal Data.
Expert System asks that you do not disclose Personal Data which may fall under the category of Personal Data referred to in Article 9 of the Regulation – i.e. “[…] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”, unless you consider this to be strictly necessary, and to provide your consent if you decide to share them by authorization to be included in the CV.
The processing of such Personal Data may be permitted as it is based on the release of your consent according to the applicable rules on personal data protection. Expert System asks that you do not disclose any such types of Personal Data, unless you consider this to be strictly necessary. In any case, Expert System would stress the importance of providing your explicit consent to process this sort of Personal Data, if you decide to share it nonetheless.
c. Third party Personal Data provided voluntarily by the user
As mentioned above, in some parts of the Website such as the Contact section you may insert text messages or information, visible to the Data Controller, which may contain third party Personal Data.
In any situation where you decide to share Personal Data related to other persons through the Website, you will be considered as an independent data controller regarding that Personal Data and will have to assume all inherent legal obligations and responsibilities. To this end, you must fully indemnify Expert System against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, initiated by the third parties whose Personal Data have been processed through the use of the Website in violation of the applicable rules on personal data protection. In any case, if you provide or in other way process Personal Data of third parties in using the Website, you henceforth guarantee – assuming all related responsibilities – that this specific processing is grounded on an appropriate legal basis in accordance with art. 6 of the GDPR, which legitimizes the processing of the information in question.
d. Browsing Data
The Website’s operation, as is standard with any website on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While Expert System does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information is also considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
These data are used exclusively to compile anonymous, statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website – the data is deleted immediately after processing, unless it must be used to identify responsible parties in the event of cybercrime committed which harms the Website or third parties, in which case information on web contacts may be kept for a period of 7 (seven) days.
Definitions, characteristics and application of the legislation
There are various types of cookies, depending on their features and functions, and these may remain on the computer or mobile device of the user for different periods of time: so-called session cookies, which are automatically deleted when you close your browser; so-called persistent cookies, which remain on the user’s device until a pre-established date.
On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.
Types of cookies used by the Website
The Website uses first party cookies:
- Technical cookies – session or navigation , are strictly necessary for the operation of the Website or to allow the users to make use of the content and services they have requested.
- Technical-analytics cookies , which allow for an understanding of how the Website is used by users. These cookies do not collect information about the identity of the user or any personal data. The data is processed in an aggregate and anonymous form.
- Technical-functional cookies , i.e. used to activate specific functionalities of the Website and a number of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided.
The Data Controller also uses third-party cookies – i.e. cookies from websites / web servers other than the Website, and which are used for specific purposes of the third parties owning those websites / webservers (including profiling of users). These third parties will typically be considered independent data controllers regarding their cookies, and therefore you must refer to their privacy policies, information notices or other materials to obtain more information on them, as specified below (as provided in the General Measure “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies – May 8, 2014”):
- Google: https://www.google.com/policies/privacy/partners/ https://tools.google.com/dlpage/gaoptout?hl=en
- Hubspot: https://legal.hubspot.com/privacy-policy
Cookies Present on the Website
In detail, the cookies sent from Expert System via their own Website are specified below:
|Type of cookies||Technical name of cookies||Cookie type, function and purpose||Duration|
|_hssc||This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.||30 minutes|
|This is the main cookie for tracking Website visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).||2 years|
|_ss||Cookie HTTP||24 hours|
|_ss_referrer||Cookie HTTP||1 hour
|_ss_tk||Cookie HTTP||25 years|
|_ga||Google Analytics is an essential cookie which enables us to understand how users are navigating the Website so that we can measure and improve user experience.
Examples of information collected by this cookie:
•Measure devices used to access the Website
|Google Universal Analytics
|_gid||This appears to be a new cookie and as of Spring 2017 no information has been available from Google. It appears to store and update a unique value for each page visited. The main purpose of this cookie is: performance.||24 hours|
|Cookie HTTP||15 days|
|hubspottutk||This cookie is used for to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.||10 years|
|GPS||Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.||1 day|
|IDE||Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.||1 year|
|PREF||Registers a unique ID that is used by Google to keep statistics on how the visitor uses YouTube videos across different websites.||8 months|
|VISITOR_INFO1_LIVE||Tries to estimate the users’ bandwidth on pages with integrated YouTube videos.||179 days|
|YSC||Registers a unique ID to keep statistics of which videos from YouTube the user has seen.||session
|PHPSESSID||This cookie only contains a reference to a session stored on the web server. No information is stored in the user’s browser.||session
|intercom-session-g4iweqc2||This is a cookie which enables to understand how users are navigating the Website so that users’ experience can be improved.||session
|WWWID||This cookie is defining which application server is currently in use for the user’s session.||session
The user can authorise, block or delete (entirely or partly) cookies through the specific functions of their navigation program (so-called browser). However, in the hypotheses in which all or some of the cookies are disabled it is possible that the site may not be consulted or that certain services or certain features of the Website will not be available or will not work properly and/or the user may be forced to change or manually enter some information or preferences each time he/she visits the Website.
The user’s selections regarding site cookies will be, in turn, registered in a specific cookie. However, this cookie could, in certain cases, not function correctly: in these cases we recommend that the user deletes unwanted cookies and disables use also via the functions in the browser being used.
The user’s cookies’ preferences will be reset if different browsers are used to access the Website.
How to view and modify cookies via your browser
CAUTION: deleting the technical and/or function cookies of the Website could make it impossible to browse or render unavailable certain services or functions of the Website, causing some malfunctions, in which case the user would be obliged to modify or manually enter some information or preferences each time he/she visits the Website.
3. Purpose of the processing
Data Controller intends to use your Personal Data, collected through the Website, for the following purposes:
- to provide Services you request, such as the download of the materials shared on the Website (Resources), subscribing to events and/or the online training platform, responding to a request sent to addresses you may find on the Website (“Provision of the Service“);
- to send you the newsletter (“Newsletter“);
- to analyse the CV and to contact the candidates who submit their applications through the addresses you may find in the “Work with Us” section of the Website (“Recruitment“);
- to carry out direct marketing activities via e-mail for services similar to those you have subscribed to through the Website, unless you objected to such processing initially or in subsequent communications (“Soft Spam“);
- to create user profiles by analysing preferences, habits, interests and consumption choices expressed through the use of the Website and the services offered, and, where appropriate, by using profiling cookies, in order to send you material and commercial communications and personalized promotions on the services offered by Expert System (“Profiling”);
- to fulfil the legal obligations which required the Data Controller to collect and / or further process certain types of Personal Data (“Compliance“);
- to prevent or identify any fraudulent conduct by using the Website in order to allow Data Controller for legal defence (“Abuse/Fraud“);
- to carry out statistical analysis without the possibility of identifying the user (“Statistic“);
- to disclose, where a subscription to the Expert System online training platform occurs, Personal Data (name, surname, company role, and – if applicable – LinkedIn account) of the contractual representative or another contact point of the partners of Expert System on the social media accounts of the Data Controller, in order to promote the certification obtained (“Disclosure“).
4. Legal basis and mandatory / discretionary nature of the processing
The legal basis for the processing of Personal Data for the purposes referred to in aforementioned Section 3 , are as follows:
- Provision of the Service: : the processing for this purpose is necessary to provide the Service and the performance of the contract. The provision of your Personal Data for this purpose is optional, however, failure to provide them would imply the inability to initiate the requested Services provided through the Website or to respond to requests.
- Newsletter: the processing for this purpose is necessary to send you our newsletter. The provision of your Personal Data for this purpose is optional, however, failure to provide them would imply the inability to send the newsletter.
- Recruitment: the processing for this purpose is necessary to allow Data Controller to schedule interviews. The provision of your Personal Data is optional, but any failure to provide it would make it impossible for Expert System to evaluate your profile. If you decide to provide special categories of Personal Data (e.g. data concerning health, religious beliefs, etc.), the processing operations carried out by Expert System may be permitted as they are based on the release of your consent pursuant to art. 9(2)(a) of the Regulation and according to the applicable rules on personal data protection. Expert System asks that you do not disclose any such types of Personal Data, unless you consider this to be strictly necessary. In any case, Expert System would stress the importance of providing your explicit consent to process this sort of Personal Data, if you decide, nonetheless, to share it. In the absence of your consent to the processing of special categories of Personal Data referred to you, if you provide such data, your application cannot be taken into consideration.
- Soft Spam: the processing for this purpose is based on the interest of the Data Controller to send marketing communications by email regarding products and services similar to those requested through the Website. You may interrupt the receipt of these communications, without any consequence for you (with the exception of the failure to receive such further communications of the Data Controller) using the link at the bottom of each of these emails.
- Compliance: the processing for this purpose is necessary for Expert System in order to fulfil any legal obligations. When providing Personal Data to the Data Controller, they must be processed according to the applicable regulations, which could entail their retention and disclosure to the Authorities for accounting, tax or other obligations.
- Abuse / Fraud : the information collected for this purpose will be used exclusively to prevent and / or identify any fraudulent activity or abuse in the use of the Website and therefore allows the Data Controller to protect himself in court.
- Statistics : it is specified that such processing is not performed on Personal Data and therefore can be freely carried out by the Data Controller.
5. Recipients of Personal Data
Your Personal Data may be shared with the subjects mentioned below (collectively “Recipients“):
• subjects typically acting as data processors, namely: i) persons, companies or professional firms providing Data Controller with advice and consulting in accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services;
• subjects to engage with in order to provide the Services (for instance hosting providers or email platform providers);
• persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
• persons authorized by the Data Controller to process the Personal Data required for carrying out activities strictly related to the provision of the Services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality, for example Expert System employees;
• subjects, bodies or authorities to disclose your Personal Data to in accordance with Compliance, Abuse/Fraud purposes or under the orders of the authorities.
6. Transfers of Personal Data
Some of your Personal Data are shared with Recipients who may be located outside the European Economic Area. The Data Controller ensures that your Personal Data are processed by these Recipients in accordance with the applicable rules on data protection. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. Further information is available from Expert System by writing to the following email address: firstname.lastname@example.org
7. Retention of Personal Data
Personal Data processed for the Provision of the Service and Newsletter purposes will be kept by the Data Controller for the period deemed strictly necessary to fulfil such purposes. In any case, as these Personal Data are processed for the provision of the Services, the Data Controller will retain the Personal Data for the period allowed by Italian law to protect its interests (art. 2946 et seq. of the Italian Civil Code).
Personal Data processed for Recruitment purposes will be kept by the Data Controller for 18 months in case of your spontaneous application and they may be used for contacts and future interviews. In the event that, after submitting the application, a selection process has started with Expert System without the establishment of a working and / or collaboration relationship, your Personal Data will be kept on the basis of the legitimate interest of the Company for 3 years starting from the date of the submittal in order to contact you for any future job opportunities at Expert System.
Personal Data processed for Marketing, Profiling and Disclosure purposes will be kept by the Data Controller until you withdraw your consent. Once the consent has been withdrawn, the Data Controller will no longer use your Personal Data for such purposes, but it may retain them in any case, in particular if it may be deemed necessary in order to protect the interests of the Data Controller from potential complaints based on such processing.
Personal Data processed for Soft Spam purposes will be kept by the Data Controller until you object such processing through the link at the bottom of each of the Soft Spam e-mails.
Personal Data processed for the Compliance purpose will be retained by the Data Controller for the period provided for by specific legal obligations or applicable law.
Personal Data processed to prevent Abuse/Fraud will be retained by the Data Controller for the time deemed strictly necessary for the aforementioned purpose, and thus until the Data Controller is bound to keep them so as to protect himself in court to communicate such data to the competent Authorities.
8. Data subjects’ rights
Under Article 15 et seq. of the Regulation, you, as a data subject, are entitled to request at any time, from Expert System, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing, pursuant to Article 21 of the Regulation. You are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the Regulation, as well as to obtain the Personal Data you have provided to Expert System in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.
You may interrupt the reception of Soft Spam, by using the appropriate link found at the bottom of each e-mail you receive.
Requests should be made in writing to: email@example.com or to the work address of the Data Controller listed above.
In any case, please note that, as a data subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out through this Website violates applicable law.