Privacy

1) Introduction

Caledonian Srl takes the privacy of its users extremely seriously and undertakes to provide protection for it. This privacy policy (“Privacy Policy”) describes the activities of processing of personal data by Caledonian Srl through the site www.caledonian.it and the related commitments in that regard made by the company. Caledonian Srl may process users’ data when they visit its site and use the services and functions available on the site. Normally, specific information is made available in the sections of the site where users’ personal data are collected, pursuant to Article 13 /15 of EU Regulation 2016/679. Where required by EU Regulation 2016/679 users will be asked to give their consent before going ahead with the processing of their personal data. If users provide personal data of third parties, they must ensure that  the communication of such data to Caledonian Srl and the subsequent processing for the purposes specified in the applicable information complies with the requirements of EU Regulation 2016/679 and with the applicable law.

2) Identifying details of the Data Controller

Maria McCarthy, Viale Vigliani 55 - Milan, 02/48020486, maria@caledonian.it 

3) Type of data processed

Visiting and viewing the site does not generally entail the collection and processing of personal data save with regard to navigation data and cookies as specified further below. In addition, so-called “navigation data” (see below), may form the subject matter of personal data processing supplied voluntarily by users when interacting with site functions or following requests for use of the services offered on the site. Caledonian Srl may, acting in compliance with the Privacy Code, likewise collect users’ personal data from third parties in the conduct of its activities.

4) Cookies and navigation data

The site uses cookies. Users consent to the use of cookies in compliance with this Privacy Policy simply by their use of the Site. Cookies are small files saved to users’ computers’ hard disk. There are two macro-categories of cookies, technical and profiling cookies.

Technical cookies are necessary for the correct functioning of a web site as well as allowing users to navigate within it. In their absence users might not be able to view the Site’s pages correctly or use some services. Profiling cookies are required to create user profiles in order to be able to send advertising messages which match the preferences indicated by the latter while navigating.

Cookies can also be classified as:
- “session" cookies which are erased immediately on the closure of the navigation browser;
- “permanent” Cookies remain within the browser for a given period of time. They are used, for example, to recognise the device connecting to a site and thus simplifying the authentication process for the user;
- “own” cookies, generated and managed directly by the web master of the site the user is navigating on;  
- “third party” cookies, generated and managed by a party not being the web master of the site where the user is navigating.

5) Cookies used on the Site

The Site uses the following types of cookies:
1) Own session and permanent cookies, required to allow navigation on the Site, for the purposes of internal security and system administration;
2) Third party session and permanent cookies, required to allow third parties to use multi-media elements  on the Site as, for example, images and video;
3) third party permanent cookies, used by the Site to send statistical information to the Google Analytics system which carries out statistical analysis for Caledonian Srl in relation to visits to the Site. The cookies used are entirely for statistical purposes and collect information in aggregated form. Using two cookies, one permanent and the other session, (expiring on the closing of the browser), Google Analytics is able to save records including the time when the visit to the Site began and when it was left. It is possible to prevent Google from obtaining these data by means of cookies through their subsequent processing by downloading and installing the browser plug in from the following site: http://tools.google.com/dlpage/gaoptout?hl=it
4) Third party permanent cookies, used by the site for the inclusion of a number of social network buttons in its pages (Facebook, Twitter and Google+). Users are able to use these buttons to publish the contents of the web site they are visiting on their personal page of the related social network.

The Site may contain links to other sites (third party sites). Caledonian Srl does not access, or effect checks on, cookies, web beacons and other user-tracing technologies which may be used by third party sites that users may gain access to from the Site; Caledonian Srl does not carry out any checks on contents and materials published  by, or obtained from, third party sites or on the related procedures for the processing of users’ personal data, expressly declining all related liability for  such a possibility. Users are required to check the privacy policy of third party sites to which they gain access through the Site and to obtain their own information in relation to the conditions applied to the processing of their personal data. This Privacy Policy will only apply to the Site as defined above.

6) How to disable cookies in browsers

The majority of browsers permit the deletion of cookies from the computer’s hard disk, the blocking of the acceptance of cookies or the production of a warning message before cookies are stored in memory. 

Thus to remove cookies we would suggest that users should follow the instructions to be found in the pages concerned with this issue in the related browser:

Chrome

Firefox

Internet Explorer

Safari

Opera

Microsoft Edge

7) Storage of personal data

Personal data will be stored and processed by means of computerised systems owned by Caledonian Srl and managed by Caledonian Srl or by third party suppliers of technical services. For greater details please refer to the section “Ambit of the Communication of, and granting of access to the data” below. The data are processed exclusively by specifically authorised  staff including staff appointed to carry out extraordinary maintenance operations.

8) Purposes and methods of data processing

Caledonian Srl may process users’ ordinary and sensitive personal data for the following purposes: the use by users of services and functions present on the Site, management of requests and  reports by its users, the sending of newsletters, management of candidates for employment received by it through the Site, etc. In addition, with the further and specific discretionary consent by users, Caledonian Srl will be able to process personal data for marketing purposes, that is, to send users promotional materials and/or advertising communications relating to the Company’s services to the addresses indicated, both through traditional procedures and means of contact (such as paper-based post, phone calls through operators etc.) and through automated systems (such as communications by the Internet, fax, e-mail, sms, applications for mobile devices such as smart-phones and tablets – so-called APPS-, social network  accounts – on Facebook or Twitter -, phone calls with automatic operators etc.). Personal data are processed in both paper and electronic form and entered on the Company’s computer system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles – such processing is based on the application of principles of propriety and lawfulness. In compliance with EU Regulation 2016/679 they will be safeguarded and stored for 10 years.

9) Security and quality of personal data

Caledonian Srl undertakes to protect the security of users’ personal data and to comply with the provisions concerned with security laid down by the applicable law in order to avoid loss of data, the illegitimate or unlawful use of data and unauthorised access to the same with particular reference to the Technical Rules concerned with minimum security measures. Furthermore, the computerised systems and computer programmes used by Caledonian Srl have been configured in such a way as to reduce the use of personal and identifying data to a minimum. Such data are only processed for the achievement of the specific purposes pursued from time to time. Caledonian Srl uses a multiplicity of advanced security technologies and procedures designed to enhance the protection of users’ personal data. For example, the personal data are stored on secure servers located in places with protected and controlled access. Users can assist Caledonian Srl to update and keep their personal data correct, communicating any amendment  relating to their address, qualifications, contact information etc.

10) Ambit of the Communication of, and granting of access to, the data

Users’ personal data may be communicated to:

  • All those whose power to access the same is recognised under provisions of the law;
  • Our collaborators and staff within the context of their related duties;
  • All natural and/or legal individuals, public and/or private parties when the  communication is necessary for, or functional to, the conduct of our activities in the manners, and for the purposes, described above;
11) Nature of the provision of personal data

The provision of some personal data by users is obligatory to permit the Company to manage communications, requests received from users and to recon tact users to fulfil their requests. The above types of data will be indicated by an asterisk [*] and in such circumstance the provision of the personal data is obligatory to allow the Company to follow up the request which, in default, will not be possible to process. On the other hand, the collection of other data not marked with an asterisk is discretionary: the failure to provide such data will have no consequence for users. The provision by users of their personal data for marketing purposes, as stated in the section “Processing Purposes and procedures” is discretionary and refusal to provide them will have no consequences. The consent given for marketing purposes will be deemed to cover the sending of communications effected through both automated and traditional procedures and/or means of contact as described above.

12) Rights of the Data Subject

12.1 Article 15 (Right of access) and Article 16 (Right of Rectification) of EU Regulation 2016/679

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(a)     the purposes of the processing:

(b)     the categories of personal data concerned;

(c)     the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

(d)     where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e)     the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(f)      the right to lodge a complaint with a supervisory authority;

(g)     the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

12.2 The Right defined in Article 17 of EU Regulation 2016/679 – right to erasure ("Right to be forgotten")

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a)     the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b)     the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

(c)     the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

(d)     the personal data have been unlawfully processed;

(e)     the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f)      the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of EU Regulation 2016/679.

12.3 The Right defined under Article 18 – Right to Restriction of Processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

(a)    the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

(b)    the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c)    the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d)    the data subject has objected to processing pursuant to Article 21(1) of EU Regulation 2016/679pending the verification whether the legitimate grounds of the controller override those of the data subject.

12.4 The Right defined in Article 20 – Right to Data Portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

13) Revocation of consent to processing

Data subjects will have the power to revoke consent to the processing of their personal data by sending a registered letter with notice of receipt to the following address: Viale Vigliani 55 – 20148 Milan, accompanied by a photo-copy of their identity documents with the following text: “revocation of consent to the processing of all my personal data”. On the conclusion of this operation all his or her personal data will be removed from the archives in the shortest possible time.

If the data subject wishes for more information on the processing of his or her personal data or to exercise the rights described in point 7 above, he or she may send a registered letter with notice of receipt to the following address: Viale Vigliani 55 – 20148 Milan. Before being able to provide the same or to amend any information, it may be necessary to check his or her identity and to require responses to a number of questions.  A reply will be made in the shortest possible time.