Data Protection Regulation

INTRODUCTION

The EU Regulation 2016/679 "General Data Protection Regulation" (GDPR or Regulation) strengthens the protection of the right to personal data protection (Data Protection), in line with the recognition of data protection as a fundamental right within the EU. The Regulation also represents a necessary and urgent response to the challenges posed by technological developments that allow for the collection and processing of large amounts of personal data in real-time, enabling automated decision-making that bypasses human intervention. The Regulation addresses the growing need for privacy protection, increasingly felt by European citizens.

CREW S.r.l. considers the protection of its Clients', Employees', and Suppliers' personal data as an obligation that goes beyond mere regulatory compliance. For this reason, it has developed its own Data Protection Framework, which encompasses roles and responsibilities, internal rules, and methodologies aimed at managing and mitigating risks to individuals' rights and freedoms associated with personal data processing.

DATA SUBJECTS’ RIGHTS

The EU Regulation 2016/679 (articles 15 to 23) grants data subjects specific rights. In particular, with regard to personal data processing, the data subject has the right to request the following from CREW S.r.l.: access to data, data rectification, data erasure and portability, limitation of processing, and objection to processing. Specifically:

• Right of Access: The data subject may request confirmation from CREW S.r.l. as to whether personal data concerning them is being processed, and, if so, obtain access to the personal data.
• Right to Rectification: The data subject may obtain the rectification of inaccurate personal data from CREW S.r.l.
• Right to Erasure/Right to be Forgotten: Under certain circumstances, the data subject may obtain the erasure of personal data concerning them from CREW S.r.l.
• Right to Data Portability: Under certain circumstances, the data subject may receive their personal data in a structured, commonly used, and machine-readable format from CREW S.r.l. They also have the right to transmit that data to another data controller without interference from CREW S.r.l.
• Right to Restriction of Processing: Under certain circumstances, the data subject may obtain restriction of processing from CREW S.r.l.
• Right to Object to Processing: The data subject may object at any time, for reasons related to their particular situation, to the processing of personal data concerning them. CREW S.r.l. will abstain from further processing unless there are compelling legitimate grounds that override the data subject’s interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Furthermore, the data subject may lodge a complaint with the Supervisory Authority, which in Italy is the Data Protection Authority ("Garante per la Protezione dei Dati Personali"). They may exercise their rights at any time by contacting CREW S.r.l. at the email address titolaretrattamento@crew.it or by reaching out to the Data Protection Officer at protezionedati@crew.it.

USERS VISITING WWW.CREW.IT

This Privacy Notice (together with other documents mentioned herein) describes the personal data we collect from users and how we process it. This notice pertains solely to the processing of personal data of users who visit the crew.it website for the specific purposes detailed below and does not cover any information collected through other methods, sources, or other websites accessible through links on the website, unless explicitly specified otherwise.

Refer to specific notices provided at the time of data collection for details on each type of processing. CREW S.r.l. considers the protection of personal data of its Clients, Employees, and Suppliers as an obligation that goes beyond mere regulatory compliance. For this reason, we have developed a Data Protection Framework, which encompasses roles and responsibilities, internal rules, and methodologies aimed at managing and mitigating risks to individuals' rights and freedoms associated with personal data processing.

Below are the contact details for CREW S.r.l.:

• CREW S.r.l., Data Controller, is represented by the temporary Chief Executive Officer, with its registered office at Via Cefalonia, 70 - 25124 Brescia, and can be reached at titolaretrattamento@crew.it.
• Data Protection Officer can be contacted at protezionedati@crew.it.

The personal data processed via the website, within the scope of the purposes defined in this Privacy Notice, include:

• Voluntarily provided personal data (e.g., name, surname, email address, etc.) will be processed solely for the purposes described in the specific “Personal Data Protection Notices” prepared by the Data Controller for different online services. These notices, available at the time data is provided, will supply additional information, such as the legal basis for processing, potential recipients of personal data, the retention period for personal data (or the criteria to determine that period), the existence of automated decision-making processes, including profiling, along with all necessary information listed at the end of this section for the exercise of privacy rights.
• Voluntarily submitted email communications to addresses indicated on this site entail the acquisition of the sender’s email address, as well as any other personal data included in the electronic communication, necessary for responding to requests. This data is used solely to provide the requested information.
• Data will not be used for other purposes without the explicit consent of the data subject.
   
  By browsing the website, technical information about the hardware and software used by visitors is collected. This information does not provide personal data about the user but only technical/computer data that is used in aggregate and anonymous form solely to improve service quality and to provide statistics on site usage. For more information, refer to the dedicated cookie section.

Personal data will be processed for the time strictly necessary to achieve the purposes for which they were provided, and related IT systems will be protected by the adoption of adequate technical and organizational measures pursuant to Article 32 of the GDPR.

The accuracy and truthfulness of the personal data communicated to CREW S.r.l. are the responsibility of the individual transmitting it.

Information on Contract Management Procedures.

DISABLING COOKIES THROUGH BROWSER SETTINGS

Most web browsers can be configured to reject the use of cookies. However, the permanent deactivation of cookies may result in navigation difficulties or, in some cases, the inability to access certain functionalities of the websites.

Below are links to instructions for managing or disabling cookies in the most commonly used browsers:

• Apple Safari
• Google Chrome
• Microsoft Internet Explorer
• Mozilla Firefox
• Opera

For browsers not listed above, please refer to the support documentation provided by the browser developer.

For more detailed information on cookies and how to manage them, please refer to the English-language website www.allaboutcookies.org.

DATA CONTROLLER

The Data Controller is CREW S.r.l., represented by its acting Chief Executive Officer, with registered office at Piazza della Croce Rossa, 1 – 00161 Rome, Italy. The Controller can be contacted at the following email address: titolaretrattamento@crew.it.

AUTHORIZED PERSONS FOR DATA PROCESSING

Your personal data shall be accessed exclusively by individuals who are duly authorized by FS Sistemi Urbani S.p.A. and who have received specific instructions regarding data protection and processing obligations, in accordance with applicable legislation, in order to prevent loss, unauthorized access, or unlawful processing of personal data.

Furthermore, your data may be processed by external service providers acting on behalf of FS Sistemi Urbani S.p.A., and appointed as Data Processors pursuant to Article 28 of Regulation (EU) 2016/679. These entities carry out technical and organizational activities necessary for the operation and maintenance of the website. The relationship with such Processors is governed by a specific contract that clearly outlines the scope of processing and the data protection obligations.

An up-to-date list of authorized data processors is available upon request by contacting the Data Protection Officer at the following email address: protezionedati@crew.it.

DATA SUBJECT RIGHTS

Pursuant to Articles 15 to 23 of Regulation (EU) 2016/679, data subjects have the right, in the circumstances and under the conditions set out in the Regulation, to:

• obtain confirmation as to whether or not personal data concerning them are being processed;

• access the data and request rectification or erasure thereof;

• request the restriction of processing;

• object to the processing;

• request data portability.

Data subjects also have the right to lodge a complaint with the supervisory authority, which in Italy is the Garante per la Protezione dei Dati Personali.

Requests to exercise these rights may be submitted at any time by contacting the Data Protection Officer via email at: protezionedati@crew.it.