Who are we and what do we do with your personal data?
Harken, Inc., hereinafter the Data Controller, protects the confidentiality of your personal data and provides it with the necessary protection from any event that may put it at risk of violation.
For this purpose, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of your rights under applicable law. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.
The Data Controller appointed a Data Protection Officer (DPO) who you can contact if you have questions about adopted policies and practices. The contact details of the DPO are the following:
How does the Data Controller collect and process your data?
The Data Controller collects and/or receives information about you, such as: IP address and cookies issued while browsing the website. They are used by the Data Controller to manage the website and to collect information of an aggregated nature. The communication of your personal data is mainly to third parties and/or recipients whose activities are necessary for the carrying-out of the activities related to the aforementioned purposes, as well as to comply with certain legal obligations or provided for the control and supervision of the working activity. Any communication that does not comply with these purposes will be subject to your consent.
Your personal data will not be in any way disseminated or disclosed to unspecified subjects.
What are cookies and what are they used for
A "cookie" is a small text file created by certain websites on the user’s computer when he accesses a particular website, for the purpose of storing and transporting information. Cookies are sent from a web server (which is the computer on which the visited website is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on his computer; they are then re-sent to the website at the time of subsequent visits.
Cookies may remain in the system even for long periods and may also contain a unique identification code. This allows the websites that use them to keep track of the browsing within the website itself, for statistical or advertising purposes, to create a personalised profile of the user from the pages he visited and show and/or send him targeted advertising (known as Behavioural Advertising).
Which cookies are used and what are their main purposes
This website uses different types of technical but not profiling cookies.
The Data Controller shows below the specific categories of cookies used, the purposes and the consequences deriving from their deselection:
- Technical cookies
- Purpose: Management of the website. They allow the functioning and the safe and efficient exploration of the website.
- Time of Storage: Valid for the browsing session
- Consequences in Case of Deselection: These are the cookies necessary for the use of the website, blocking them does not allow its functioning.
- Analytical Cookies
- Purpose: Collecting information in aggregated form about the users’ browsing in order to optimize the browsing experience and the services.
- Time of Storage: Established by the third party
- Consequences in Case of Deselection: It would no longer be possible for the Data Controller to acquire the aggregated information.
On this website, also third-party cookies are operative, i.e. cookies created by a website other than the one the user is currently visiting.
The Data Controller is required to provide the updated link to the privacy policies and to the consent forms of third parties with whom special agreements have been concluded for the installation of cookies through its website.
Particularly, users are informed that the website uses the following services issuing cookies:
The website contains special "buttons" (called "social buttons/widgets") that represent the icons of social networks (for example, LinkedIn). These buttons allow users who are browsing the websites to interact with a "click" directly with the social networks represented there. In this case, the social network acquires data relating to the user's visit, while the Data Controller will not share any browsing information or user data acquired through its website with social networks accessible through Social buttons/widgets.
Deselecting and activating cookies
By accessing the website and clicking on the initial banner containing the policy in brief, the user has given his or her express consent to the use of the third-party cookies indicated above.
The selection/deselection of individual cookies can be done freely through your browser (by selecting the settings menu, clicking on the Internet options, opening the privacy tab and choosing the desired level of cookie block). For more information, please refer to the following links: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Explorer.
In most of the latest generation browsers, the Do Not Track option can also be activated.
1. Communication to third parties and recipients
Your personal data is processed under the contract and the legal and regulatory obligations resulting from it.
Your data will not be disclosed to third parties/recipients for their own purposes unless:
- you authorise to do so;
- it is necessary for the fulfilment of obligations depending on the contract and on law regulations governing it (e.g. for the defence of your rights, etc.);
The personal data that the Data Controller processes for this purpose is, among others:
- IP address and cookies issued while browsing the website
2. IT Security
The Data Controller processes, also through its suppliers (third parties and/or recipients), your personal, IT (e.g. logical access) or traffic data collected or obtained in the case of services displayed on the website, to the extent strictly necessary and proportionate to ensure the security and capacity of a network or its servers to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of retained or transmitted personal data.
For these purposes, the Data Controller envisages procedures for the management of personal data breach.
What happens if you do not provide your data?
We invite you to take a look at the consequences of deselecting individual cookies, as shown in the table above.
Data processing is carried out through IT procedures by internal subjects authorised and trained for this purpose. They are granted access to your personal data to the extent and within the limits required for carrying out the processing activities that concern you. Your data is processed separately from other data also by means of pseudonymisation or aggregation methods that do not allow to easily identify you.
The Data Controller periodically checks the tools by means of which your data is processed and its security measures, which it constantly updates; it makes sure, also through the subjects authorised to process data, that personal data for which processing is not necessary is not collected, processed, stored or retained; it makes sure that the data is retained with the guarantee of integrity and authenticity of its use for the purposes of the processing actually carried out.
The data is retained in computer and electronic files located within the European Economic Area.
We invite you to read the terms of retention of personal data as indicated in the table above.
What are your rights?
In substance, at any time and free of charge and without any special charges or formalities for your request, you can:
- obtain confirmation of the processing carried out by the Data Controller;
- access your personal data and know its origin (when the data is not obtained directly from you), the purposes of the processing, the data of the subjects to whom it is communicated, the period of retention of your data or the criteria used to determine it;
- update or rectify your personal data so that it is always accurate and correct;
- erase your personal data from the databases and/or files, including backup files, of the Data Controller, if, among other things, it is no longer necessary for the purposes of the processing or if this is deemed unlawful, and provided that the conditions laid down by law are met; and in any event if the processing is not justified by another equally legitimate reason;
- limit the processing of your personal data in some circumstances, for example if you have contested its accuracy, for the period required for the Data Controller to check its accuracy. You must also be informed, in reasonable time, of when the period of suspension has ended or the cause of the restriction of processing has ceased to exist, and therefore the restriction itself withdrawn;
- obtain your personal data, if received or processed by the Data Controller with your consent and/or if its processing is carried out on the basis of a contract and with automated tools, in electronic format also in order to transmit it to another data controller.
The Data Controller must do so without delay and, in any case, at the latest within one month of receipt of your request. The time limit can be extended by two months, if necessary, taking into account the complexity and the number of requests received by the Data Controller. In such cases, the Data Controller will inform you of the reasons for the extension within one month of receipt of your request.
For any further information and to send your request, please contact the Data Controller at firstname.lastname@example.org.
How and when can you oppose the processing of your personal data?
For reasons relating to your specific situation, you may oppose at any time the processing of your personal data if this is based on legitimate interest, by sending your request to the Data Controller at the address email@example.com.
You have the right to have your personal data erased if there is no legitimate reason overriding the one that gave rise to your request.
Who can you complain to?
Without prejudice to any other administrative or judicial action, you may submit a complaint to the competent supervisory authority or to the authority that carries out its tasks and exercises its powers in Italy where you have your habitual residence or work or, if different, in the Member State where the violation of Regulation (EU) 2016/679 occurred.
Any update of this privacy notice will be communicated to you in a timely manner and by appropriate means and you will also be informed if the Data Controller will process your data for purposes other than those referred to in this privacy notice before carrying it out and in time to give your consent if necessary.