Privacy Policy

Version 1.0

e-Shock S.r.l.,n. REA MI-1880130, with registered offices at Via San Martino, 12 -20122 Milano (hereinafter, "e-Shock") is committed to protecting the online privacy of the users of its websites. As such, this Privacy Policy has been written, under Article 13 of EU Regulation 2016/679 (hereinafter, the "Regulation"), in order to allow you to understand e-Shock’s policy regarding your privacy, and how your personal information will be handled when using our website (hereinafter "Website"). This Privacy Policy will also provide you with information so that you are able to consent to the processing of your personal data in an explicit and informed manner, where appropriate.
Any personal data processing carried out by e-Shock will respect the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity and confidentiality.

CONTENTS
1 - Data controller
2 - Personal Data processed
a. Browsing Data
b. Special categories of Personal Data
c. Data provided voluntarily by the data subject
d. Cookies
3 - Purpose of processing
4 - Legal bases and mandatory / discretionary nature of the processing
5 - Recipients of Personal Data
6 - Transfers of Personal Data
7 - Retention of Personal Data
8 - Data subjects' rights
9 - Amendments

1. Data Controller
The data controller regarding all personal data processing operations carried out through the Website is e-Shock, as identified at the start of this Privacy Policy. For any information regarding the processing of Personal Data by e-Shock, including a list of e-Shock’s data processors, please contact: privacy@e-shock.it.

2. Personal Data processed
As you use the Website, we inform you that e-shock may collect and process information related to you as an individual and which allows you to be identified (either directly, or together with additional information), or which is related to other individuals (“Personal Data”), such as your name, an identification number, an online ID or one or more characteristic elements of your physical, physiological, mental, economic, cultural or social identity.
Personal Data which may be processed by e-Shock through the Website are as follows:

a. Browsing Data
The Website’s operation, as is standard with any website on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While e-Shock does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information is also considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
These data are used exclusively to compile anonymous, statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website – the data is deleted immediately after processing, unless it must be used to identify responsible parties in the event of cybercrime committed which harms the Website or third parties.

b. Special categories of Personal Data
In the "Work with Us" section of the Website, you are allowed to submit Personal Data which may fall under the category of Personal Data referred to in Art. 9 of the Regulation – i.e. “[...] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation”.
While this should not prevent you from submitting your CV for a job application through the Website, e-Shock asks that you do not disclose any such types of Personal Data, unless you consider this to be strictly necessary. Indeed e-Shock remind you that if you disclose such special categories of Personal Data in absence of an explicit consent to process them, e-Shock may not in any case be held liable and cannot receive complaints in this regard because in such case the processing is permitted as it is based on the fact that you have publicly disclosed this information, according to Art. 9(1)(e) of the Regulation.
In any case, e-Shock would stress the importance of providing your explicit consent to process this sort of Personal Data, if you decide, nonetheless, to share it.
Please note that, for purposes of selection of an applicant to a certain position, e-Shock may decide to analyse the professional social media profiles which you make freely available on the Internet (e.g. LinkedIn).

c. Data provided voluntarily by the data subject
When using some of the Website’s Services (e.g., when you apply for a job position in the "Work with Us" section), you are allowed to submit Personal Data related to other persons.
In any situation where you decide to share Personal Data related to other persons through the Website, you will be considered as an independent data controller regarding that Personal Data and must assume all inherent legal obligations and responsibilities. This means that you must also make sure that you have these third parties’ consent to their Personal Data being used in this manner before providing them to e-Shock, or another appropriate legal basis which may allow for lawful processing of this information.
To this end, you must fully indemnify e-Shock against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, initiated by the third parties whose information is processed via the Website by your initiative.

d. Cookies, definitions, characteristics and application of the legislation
Cookies are small text files that may be sent to and registered on your computer or mobile device by the websites you visit, to then be re-sent to those same sites when you visit them again. It is thanks to these cookies that those websites can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website. Cookies are, therefore, used for electronic authentication, monitoring of sessions and storage of information regarding your activities when accessing a website. They may also contain a unique ID code which allows tracking of your browsing activities within a website, for statistical or advertising purposes. Some operations within a website may not be able to be performed without the use of cookies which, in certain cases, are technically necessary for operation of the website. You can refuse to receive cookies by selecting the appropriate setting on your browser, but this may prevent the full use of the functionality of the Site. For more information on the use of cookies by e-Shock, please consult the "Cookie Policy".

3. Purpose of the processing
e-Shock intends to use your Personal Data, collected through the Website, for the following purposes:
a. To respond to any of your requests for assistance or information;
b. To analyse CVs submitted through the Website’s section “Work with us”, as well as to contact any candidates who submit their applications;
c. For compliance with laws which impose upon e-Shock the collection and/or further processing of certain kinds of Personal Data.

4. Legal basis and mandatory / discretionary nature of the processing
e-Shock’s legal bases to process your personal data, according to the purposes identified in Section 3, are as follows:
Section 3(a) and 3(b), the applicable legal basis is the necessity of the processing for the performance of a contract with you, as well as to take steps at your request prior to entering into a contract with you – Art. 6(1)(b) of the Regulation. It is not mandatory for you to give e-Shock your Personal Data for these purposes; however, if you do not, e-Shock will not be able to to answer any requests or assess any CVs you may submit.
Specifically regarding Section 3(b), in particular as to e-Shock’s analysis of professional social media profiles which you make freely available on the Internet, e-Shock relies on Art. 6(1)(f) of the Regulation – i.e., the necessity of the processing for the purposes of e-Shock’s legitimate interest in verifying whether there are any risks related to the candidate’s suitability for a given open position.
Section 3(c): processing for this purpose is necessary for e-Shock to comply with its legal obligations and, therefore, the applicable legal basis is the necessity of the processing for compliance with the data controller’s legal obligations – Art. 6(1)(c) of the Regulation. When you provide any Personal Data to e-Shock, e-Shock must process it in accordance with the laws applicable to it, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations.

5. Recipients of Personal Data
Your Personal Data may be shared, for the purposes listed in Section 3, with different persons / entities (hereinafter and collectively, “Recipients”):
• Entities acting as data processors on e-Shock’s behalf, in particular:
o Persons, companies or professional firms providing e-Shock with advice and consultancy regarding accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services;
o Entities engaged in order to provide the Services (e.g., hosting providers or e-mail platform providers); and
o Persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks).
• Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities;

• Persons authorised by e-Shock to process Personal Data needed to carry out activities strictly related to the provision of the Services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of e-Shock).

6. Transfers of Personal Data
Some of your Personal Data are shared with Recipients who may be located outside the European Economic Area. The Company ensures that your Personal Data are processed by these Recipients in accordance with the Regulation. Under the Regulation, these transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. Further information is available at the Company at the following address: privacy@e-shock.it.

7. Retention of Personal Data
Personal Data processed for the purposes set out in Section 3(a) and 3(b) will be kept by e-Shock for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of the Services, e-Shock will keep them for as long as the statute of limitations on liability related to the provision of the Services (as determined by the applicable law) lasts, so as to protect its interests.
Personal Data contained within CVs sent via the Website, as mentioned in Section 3(b), will be kept as long as the position for which the CV was sent remains open. As for spontaneous applications, this Personal Data may be kept for up to 1 (one) year. e-Shock may contact candidates before the mentioned periods end, in order to request an extension of this retention period.
Personal Data processed for the purposes set out in Section 3(c) will be kept by e-Shock for the period required by the specific legal obligation or by the applicable law.
For more information on e-Shock’s Personal Data retention periods and the criteria adopted in determining these periods, please contact: privacy@e-shock.it.

8. Data subject rights
Under Articles 15 and following of the Regulation, you, as a data subject, are entitled to request from e-Shock, at any time, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing. You are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the Regulation, as well as to obtain the Personal Data you have provided to e-Shock in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.
Requests should be made in writing at privacy@e-shock.it.
In any case, please note that, as a data subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out through this Website violates applicable law.

9. Amendments
This Privacy Policy entered into force on 2021 October, 4. e-Shock reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law. e-Shock. e-Shock therefore invites you to regularly visit this Privacy Policy in order to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how e-Shock collects and uses Personal Data.