Privacy Policy

At Extra, we value your privacy. In compliance with current regulations, here’s everything you need to know about how your data is handled.

Information for Site Users and Customers of Extra Group Companies

This notice is addressed to all those who interact with Extrasys s.r.l. and with other companies controlled by and/or affiliated with it – Società Agricola Podere Del Pari s.r.l., La Formica s.r.l., Frantoio del Monte Pisano s.r.l. (referred to as “Extra Group” or simply “Group” hereinafter) – through the pages of various websites managed by Group Companies such as https://www.extrasys.it, corresponding to the home page of the official Extra Group website, other pages referred to by this site (identifiable by the suffix “extrasys.it“), and other sites and pages related to the commercial proposal of Group Companies.

This page describes the methods of processing personal data of users who consult and adhere to the services present on our websites previously described and interact via web, email, or other telematic tools with our organization.

1) Data Controller Identity

Data Controller: Extrasys s.r.l., headquartered in Pontedera (PI), Via Salvo D’Acquisto 40/P; pec: extrasys@legalmail.it, hereinafter also referred to as “The Company”.

Data Protection Officer: Lawyer Paolo Mascitelli, domiciled for the position at the Data Controller’s registered office, email: dpo@extrasys.it.

The company that develops and manages the site, qualified and designated as Data Controller, is Extra Magnet s.r.l., with registered office in Pontedera (PI), Via Salvo D’Acquisto 40/P.

The list of all data processors can be consulted at the company’s headquarters.

Extrasys s.r.l. acts on its behalf and on behalf of other companies controlled by Extrasys s.r.l. and/or affiliated with it, identified as Extra Group.

Processing is always based on principles of lawfulness and fairness in compliance with all current regulations, and suitable security measures are adopted to protect the data.

2) Processing Purposes

A) Personal data collected through telematic/telephonic services

  • Personal data for newsletter subscriptions, where, with prior consent, we request simple contact details through the forms on various pages of our website (name, surname, phone number, email, and requested service).
  • Personal and contact data for event registrations organized by Extra Group, obtained through forms on various pages of our website or on other external sites specialized in this type of activity, to which the site automatically redirects for form completion.
  • Contact personal data for information about our activities and services through various contact forms on the site or via the integrated chat within the site itself.
  • Personal data obtained through requests for information made via email to various addresses with the domain suffix @extrasys.it (for example, but not exhaustively: info@extrasys.itjobs@extrasys.it, etc.), or with suffixes related to Extra Group company domains or PEC addresses corresponding to various Extra Group companies.
  • Personal data obtained from received phone calls, made by potential clients to request information or clarifications about products/services offered by Extra Group companies.

Such data may be used, with explicit consent, for newsletter sending purposes, commercial information, or advertising material or for direct sales purposes or for conducting market research or interactive commercial communication.

All data are minimized to those related to the forms on the respective sections of the website.

B) Personal data collected for the provision of our services

  • Personal data for the establishment and execution of the contractual relationship and for compliance with related legal obligations (art. 6 lett. b GDPR) obtained during the commercial negotiation with the customer and during the provision of services.

Such data may be used, with explicit consent, for newsletter sending purposes, commercial information, or advertising material or for direct sales purposes or for conducting market research or interactive commercial communication.

The provision of data is necessary to achieve the mentioned purposes, and failure to provide the data would not allow the establishment of the contractual relationship. Furthermore, for processing related to these purposes, the Law does not require Your consent.

C) Data resulting from CURRICULA management

The Company reserves the right to evaluate curricula received spontaneously or following the publication of announcements for potential candidacies.

However, candidates are kindly requested to respect the following rules when submitting curricula in electronic format:

  • respecting the European format in compiling their curriculum;
  • transmitting the curriculum in pdf format;
  • avoiding the inclusion of sensitive data in their curriculum (related, in particular, to health status, religious, philosophical, or political beliefs) not relevant to the job offer;
  • giving consent to the processing of sensitive data relevant to the establishment of an employment relationship (for example, membership in protected categories).

It will be the Company’s responsibility to provide suitable information to candidates during any interviews.

The purpose of the processing related to curriculum management will involve activities strictly related to the evaluation, recruitment, or selection of personnel, with collaboration objectives, hiring for fixed-term or permanent positions, internships, or theses.

D) Voluntarily provided data through EMAIL submission

The optional, explicit, and voluntary sending of electronic mail to various addresses with the domain suffix @extrasys.it (for example, but not exhaustively: info@extrasys.itjobs@extrasys.it, etc.), or with suffixes related to Extra Group company domains or PEC addresses corresponding to various Extra Group companies, involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the message.

E) Visitor profiles

During visits to our offices, or our conference events, meetings, private parties, or events organized by third parties in which we may participate as sponsors or guests, we will record the specifics of the event or meeting, date, number of guests, personal and contact details (email and phone) of speakers, participants, companions, visitors, sponsor contacts, journalists.

F) Information from third parties

In the organization of events or in special cases where it is intended to offer the interested parties entry packages or subscriptions to our services, we collect personal and contact data by third parties of the beneficiaries, who are guaranteed the right to cancellation.

Similarly, we may collect personal data from social media services consistently with your settings on such services. We may add such information to those already in our archive and share them with others as established in this Policy.

G) Browsing data

The computer systems and software procedures used to operate our website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error,…), and other parameters relating to the operating system and the user’s computer environment.

This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing (cookie policy). The data could also be used to ascertain responsibility in case of hypothetical computer crimes against the site.

3) Processing Methods

The processing of Your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Personal data are subject to processing both paper and electronic and/or automated. Processing operations are carried out in such a way as to ensure the logical, physical security, and confidentiality of Your personal data.

4) Nature of Personal Data

Your personal data, common, concerning the performance of the activities described above, are processed. As for any special, sensitive, and health data, minimization is guaranteed, i.e., collection, use, protection, and storage only in cases of absolute necessity and relevance to the purpose and after obtaining free informed consent.

5) Obligatory or Optional Nature of Providing Data

Apart from what is specified for browsing data, the user is free to provide personal data. Failure to provide the data prevents access to some services, such as, but not limited to, receiving the newsletter, accessing reserved areas of the site or reserved “premium” content, or establishing contractual relationships and the consequent provision of services. Voluntary registration for the newsletter, by entering personal data, implies explicit and unequivocal consent of the data subject to the processing of personal data based on the privacy policy of the site from which the subscription is made (you will still be required to accept this notice) or through the signing of specific documents.

The data subject may refuse to provide the Data Controller with browsing data; to do so, they must disable cookies following the instructions provided by the browser in use as per separate cookie policy. Disabling cookies may impair the functionality of the site’s features.

6) Scope of Communication and Dissemination of Data

The data transmitted to any of the Extra Group companies are processed by all Extra Group companies. Extra Group processes data exclusively through personnel officially appointed and instructed on confidentiality and personal data security.

We disclose Your data to third parties only in these circumstances:

  • during events, the list of participants with only the indication of name, surname, and company of affiliation (without other contact details such as email or phones) is communicated to the main sponsor for our legitimate interest in the correct and profitable financing of activities and their commercial success also in the interest of the interested parties; the same information can be communicated through our website and other communication tools and means (for example, but not limited to, magazines, paper and online, press releases, press agencies, etc.).
  • by Order of the Public Authority.

Each of these disclosures of information from us to third parties will be made only on condition of maintaining a confidential status so that this information is used only for the purposes for which it was disclosed.

7) Location of Processing and Transfer of Personal Data to a Third Country

The management and storage of personal data will take place on servers within the European Union, and the data will not be transferred outside the European Union.

In some situations, when the user is redirected to external sites for the execution of particular services (such as, for example, event registration, or to the social media channels of Extra Group companies to which the User is directed by the Site, etc.), registration takes place on external servers, and each of these services exposes its policies, which could also derogate from what is written and transfer data outside the European Union.

8) Methods and Duration of Personal Data Retention

The Data Controller will process personal data:

  • for the entire duration of subscription services and newsletter subscription.
  • 10 years for accounting documentation conservation purposes pursuant to art. 2220 cc.
  • 10 years marketing, unless consent is revoked and newsletters are deleted.

9) Data Subject’s Right of Access (art. 15 GDPR EU 679/2016)

The data subject has the right to obtain from the data controller confirmation of whether or not personal data concerning them are being processed and, if so, to obtain access to personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right of the data subject to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

10) Withdrawal of consent

With reference to the art. 6 of GDPR 679/16, the interested party can revoke consent at any time.

11) Other rights of interested parties.

With reference to the following rules of GDPR 679/2016: art. 16 “right of rectification”, art. 17 “right to cancellation”, art. 18 “right to limit processing”, art. 20 “right to portability”, art.21 “right to object to the automated decision-making process”, the interested party exercises his rights:

by writing to the Data Controller a registered letter with return receipt to the following address: Extrasys s.r.l., Via Salvo D’Acquisto 40/P – 56025 Pontedera – PI

or by sending a certified email to: extrasys@legalmail.it.

Any violations of personal data, pursuant to art. 33 “Notification of a personal data breach to the supervisory authority”, can be reported to the email address: privacy@extrasys.it. Data and information on processing may then be requested from the DPO indicated above, at his email address dpo@exytasys.it, as required by the GDPR.

12) Filing complaints

The interested party has the right to lodge a complaint with the supervisory authority of the state of residence.

13) Processi decisionali automatizzati

The Data Controller does not carry out processing that consists of automated decision-making processes that involve profiling, or an action that may have a significant effect on the rights and prerogatives of the interested parties; on the other hand, the only process that is carried out is related to a filtering of the information we offer, to make it more suitable to the interests of the person who comes to our site.

14) Automated decision-making processes

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact information.

15) Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by publicizing them to Users on this page. Please therefore consult this page often, taking as reference the date of last modification indicated at the bottom. In the event of non-acceptance of the changes made to this privacy policy, the User is required to cease using this Application and may request the Data Controller to remove their Personal Data. Unless otherwise specified.

16)  Privacy of minors

Our website is aimed at a general audience and does not offer services aimed at children. If we discover that a minor has provided us with personal information without parental or guardian permission, we will immediately delete that information.

17) External links

If any pages of this website or sections of our applications contain links to other sites, they are not bound by this Privacy Policy. We recommend that you carefully read the privacy policy available on these external sites and examine their procedures for the collection, use and disclosure of personal information they use.

18) Defense in court

The User’s Personal Data may be used for the defense by the Owner in court or in the preparatory stages of its possible establishment, against abuses in the use of the same or related services by the User. Following a subpoena, judicial order or other legal initiative; in order to establish or exercise the rights granted to us by law; to defend ourselves in the event of legal action against us or for other purposes dictated by law. The User declares to be aware that the Owner may be required to reveal the Data upon request of public authorities.

19) Legal references

This information is drawn up in fulfillment of the obligations established by GDPR 679/16 by art. 10, of Directive no. 95/46/EC, as well as the provisions of Directive 2009/136/EC regarding Cookies.

Update date 01/31/2024