”) and is referred to the processing of data of the contact person of companies using services provided by Cosmico S.r.l., who fill-in their information on behalf of the companies through the websites https://www.wearecosmico.com
or any landing page thereto (the “Website
”) when requesting a service and information or creating an account for the company (the “Data Subject
In accordance with the principles of the Regulation, the processing of personal data is carried out in accordance with the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, minimization and confidentiality as set out in art. 5 of the Regulation.
- Data controller
The data controller is Cosmico S.r.l. (the “Data Controller” or “Cosmico”) with registered office in Milan, Italy, via Francesco Restelli no. 1, VAT no. 11186440969.
- Which personal data are processed?
The processing of personal data, carried out for the purposes indicated below, will concern the following categories of personal data:
(i) contact data, email address and telephone number;
(ii) personal data, such as name and surname;
(iii) log-in credentials provided at the time of registration;
(iv) data concerning the professional role held and the company to which the user belongs;
(v) any additional personal data, information or request communicated to the Data Controller (collectively, the “Personal Data”).
- What is the purpose of the processing of your Personal Data? Is the data processing lawful, compulsory, or optional?
Your Personal Data will be processed for the following purposes:
(i) to provide the services offered by Cosmico and to fulfil contractual obligations, for administration and accounting purposes related to the performance of the services. The processing is needed to provide the service to the Data Subject and finds is legal ground in Art. 6(1)(b) of the Regulation;
(ii) fulfill any obligations under applicable laws and regulations or to comply with requests from Authorities. Such processing is legitimized by the existence of a legal obligation to which the Data Controller is subject (Art. 6(1)(c) of the Regulation);
(iii) if you access Cosmico’s services, to send you by e-mail invitation to Cosmico’s events, offers and promotions and other marketing communications, including newsletters, pursuant to Article 130, paragraph 4 of Legislative Decree No. 196/2003, unless you expressly refuse to receive such communications;
(iv) with your prior consent, send you promotional and marketing communications by automated means (sms, email, push notifications) and standard means (mail and phone calls); please note that we collect one consent for the marketing purposes described herein, pursuant to the General Provision of the Garante per la Protezione dei Dati Personali "Linee guida in materia di attività promozionale e contrasto allo spam" of 4 July 2013. Should you wish to withdraw your consent to any of such means or object to all of the processing of your Personal Data for marketing purposes, you may do so at any time by contacting us at the email address indicated under point 1 above, without prejudice to the lawfulness of the Personal Data processing prior to such objection;
(v) for purposes related to customer satisfaction surveys. This processing is not performed on personal data since data are anonymous.
- Are the data disclosed to any third party?
With regard to the Data Controller's activity and exclusively for the purposes mentioned above and for the time strictly required, Personal Data may be shared with the following entities (the “Recipients”):
- talent benefiting from the services offered by Cosmico;
- parties acting as data processors pursuant to Article 28 of the Regulation or data controllers i.e.:
i) persons, companies or professional firms providing assistance and consultancy to the Data Controller in accounting, administrative, legal, tax and financial matters;
ii) parties delegated to perform technical maintenance activities;
iii) credit institutions, insurance companies and brokers;
iv) providers of services imbedded in Cosmico’s services, in particular with regard to the talent retention services (e.g. companies offering experiences, accommodations, training);
- persons, entities or authorities to whom Personal Data must be disclosed under provisions of the law or orders of the authorities;
- individuals authorized by the Data Controller, pursuant to art. 29 of the Regulation, to process Personal Data in order to carry out the activities strictly related to the provision of services offered by Cosmico, who are legally obliged to keep Personal Data confidential.
Some of the Personal Data may be shared with Recipients outside the European Economic Area. The transfer of Personal Data to these Recipients is subject to the safeguards set out in articles 44 - 49 of the Regulation.
- For how long will the Personal Data be retained?
Personal Data will be retained, pursuant to Article 32 of the Regulation, in observance of the security measures adopted by the Data Controller with regard to data protection, and only the necessary individuals specifically involved and duly authorized to process the data will have access to them.Personal Data processed for the purposes set out in Article 3(i) will be retained for the time strictly necessary to achieve the aforementioned purposes. In any case, since the processing is carried out for the provision of the services, Cosmico will retain Personal Data for the period of time provided under Italian law in order to protect its own interests (Art. 2946 Italian Civil Code and following).Personal Data processed for the purposes mentioned under point 3(ii) will be kept as long as necessary in order to comply with the applicable legal obligation or rule of law.For the purposes mentioned under point 3(iii), Personal Data will be processed until the Data Subject objects to the processing.For the purposes described in point 3(iv), Personal Data will be processed until the Data Subject withdraws the consent given for data processing carried out for those purposes.
- Which are the rights of the Data Subjects?
Pursuant to Articles 15 to 22 of the Regulation, you have the right to withdraw at any time the consent given without prejudice to the lawfulness of the processing carried out before the withdrawal, to obtain confirmation of the existence or non-existence of the Personal Data processing and to have access to the Personal Data, verify their accuracy or request their integration or update, or rectification; to request the erasure of Personal Data in the cases provided for by Art. 17 of the Regulation; to request the restriction of data processing in the cases provided for by Art. 18 of the Regulation, where technically possible; to obtain in a structured, commonly used and machine-readable format your Personal Data, in the cases provided for by Art. 20 of the Regulation; and to object to the processing in the cases provided for by Articles 21 and 22 of the Regulation.You always have the right to file a complaint with Italian Personal Data Protection Authority, pursuant to Art. 77 of the Regulation, if you believe that the processing of the Personal Data is not compliant with law.