PRIVACY POLICY OF THE PLATFORM pursuant of the EU Regulation 2016/679

The data controller of the Talent4Comp (T4C) Platform (hereinafter referred to as “Platform”) is Learlab S.r.l, located in via di Monserrato, 48, 00186 Roma (IT).

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Users (Talents and Partners) have already received the information on the processing of personal data (pursuant to article 13 GDPR) during the registration process.

CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING

Browsing data

The information systems and software procedures relied upon to operate this Platform acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.

This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.

These data are necessary to use the Platform-based services and are also processed in order to:

  • extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);
  • check functioning of the services.

Browsing data are kept for no longer than seven days and are erased immediately after being aggregated (except where judicial authorities need such data for establishing the commission of criminal offences).

Cookies and other tracking devices

No cookies are used to profile users nor are other user tracking systems implemented.

So-called session (non-persistent) cookies are used exclusively to the extent this is necessary to enable secure, efficient browsing. Storage of session cookies in terminal equipment or browsers is under the user's control, whilst cookie-related information is stored server-side after HTTP sessions in the service logs for no longer than seven days like all other browsing data.

DATA RECIPIENTS

Edisfera provider of the Platform  development and maintenance services The following entities are recipients of the data collected in the course of  using the Platform. The company has been appointed as data processor by the Lear pursuant to Article 28 of the Regulation.

The personal data collected as above are also processed by staff from Lear, acting on specific instructions concerning purposes and arrangements of such processing. Edisfera has an infrastructure that is compliant to GDPR and may help their clients to be so too.

In particular, Edisfera (hereinafter “processor”) ensures that the data retained by Lear on the developed Platform are saved in its systems maintaining a specific database for the controller.

In addition to ensuring the physical separation of data for each client, the processor has provided specific encryption and data recovery functions. The access permissions to key functions for clients (contact visibility, web users, registrations, statistics, import and export of data) are personalized, according to a system configured by role and purpose of use, in order to ensure that only authorized persons can gain access to data or servers.

Web hosting service, data center and backup and recovery procedures

This service consists in making the Platform accessible via the Internet by hosting the related files and programs on servers in a datacenter located in Germany.

The servers store the data on encrypted support.

The data in the servers and databases are subject to an automatic daily backup. The backups are kept in the datacenter and at the same time transferred encrypted to a different location in the cloud. Specifically, the cloud servers are located in a datacenter in Seattle (Washington, USA) outside the European Economic Area, managed by Code42 Software. The transfer is authorized on the basis of the Commission implementing decision 2017/1250 of 21 July 2016 on the adequacy of the protection offered by the EU-US Privacy Shield regime (also called “Privacy Shield”), to which the company mentioned above has certified its membership.