PRIVACY POLICY

Information provided pursuant to Article 13 of EU Regulation 679/2016 (hereafter GDPR) to those who interact with Annayake sarl’s website and who use the services it offers.

This information is only provided for Annayake’s website and not for other websites that users may view via links.

The information is based on the recommendations of the " Working Party Article 29" of Directive 95/46 for the protection of personal data in order to identify certain minimum requirements for collecting personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to users when they connect to websites, regardless of the purpose for connecting.

This information was prepared based on the principles of lawfulness, accuracy, transparency, proportionality, and relevance in compliance with the provisions of the GDPR.

PURPOSE OF THE DATA PROCESSING

The data provided will be processed for:

1. Managing user accounts when registering on the Website to use its related services.
2. Complying with the obligations established by law, regulations, or EU law.
The provision of data for the above purposes is mandatory and refusal to provide consent for Processing it will make it impossible to register on the Website and for the Data Controller to process any related requests.

The data provided will also be processed for:

3. Allowing access to specific, additional services such as managing the "newsletter" section for communicating promotional offers and other information services, or for carrying out statistical work and/or market research activities.
4. Marketing activities including forwarding advertising and/or informative materials.
5. Managing the Websites’ "Work with us" section: the data provided will be used to evaluate the User's application for professional opportunities at the Data Controller’s organization.
6. Managing the "Contacts & info" section.
The provision of personal data for the purposes set out in points 3, 4, 5, and 6 is always optional although necessary for the aforementioned purposes. By not providing the requested information, you may not be able to use all of the services offered by this website.

For all of the aforementioned purposes, the Data Controller may hire external service providers to whom only data which is strictly necessary for carrying out the duties entrusted to them shall be transmitted.

The Service Providers will act as Data Processors appointed pursuant to Article 28 of the GDPR.

The list of the Data Processors is available by sending a request to the Data Controller via the contacts indicated in this policy.

THE DATA CONTROLLER

The data controller is Annayake sarl whose registered office is located at 49, Avenue Montaigne, 75008, Paris (France), represented by its legal representative pro tempore, who will be responsible for fulfilling the rights of the data subjects who may exercise them pursuant to Article 15-22 of the GDPR 679/2016.

DATA PROCESSING LOCATION

The data processing related to the web services of this Website is carried out at the Kelemata office located at Via alle Fabbriche nr. 75, Tenuta la Carignana, Caselle Torinese, and is only processed by the technical staff of the office in charge of data processing.

The data is stored on the company web server at the headquarters of Orange Pix S.r.l. located at via Milano 94, 13900 Biella, Italy.

The information generated by subscribing to the "newsletter" section is collected by MailChimp and the processing location is in the USA. For more information, you can view that company’s privacy policy.

DATA PROCESSING METHOD

Data processing will be carried out by means of the operations indicated in Article 4 of the GDPR and more precisely: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.

In relation to the purposes indicated above, the processing will be carried out on paper and computerized media by the Data Controller, the Data Processors and/or the processor(s) taking all precautionary measures to guarantee security and confidentiality.

The Data Controller and the Data Processors will process the users’ personal data by adopting appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction thereof.

The processing may be performed on behalf of the Data Controller according to the same methods and criteria above by authorized personnel involved in the organization of the Website (administrative, commercial, marketing personnel, system administrator) or by external parties (such as technical service providers, IT companies, communications agencies) duly appointed as Data Processors pursuant to Article 28 of the GDPR.

DATA RETENTION PERIOD

Users' personal data will be stored for the time necessary to pursue the purposes for which it was collected.

The data retention period depends on the purposes for which it is processed and may therefore vary.

The criteria used to determine the applicable retention period are as follows: the personal data will be stored for the time necessary to (i) manage the account of the site's registered users; (ii) carry out site hosting and maintenance activities; (iii) seek professional positions in line with the profiles of the job applicants resulting from their resume and the information sent via the form; (iv) assert legal rights as well as (v) for the time required by applicable law. Data collected for direct marketing purposes will be stored for a maximum period of 5 years from when the data subject gave his/her consent. When this period expires, if the party does not confirm consent for processing his/her data for marketing purposes, said data will be deleted.

DATA PROCESSED

1. Browsing data
During their normal operation, the computer systems and software procedures used to operate this website collect some personal data whose transmission is implicit in the use of internet communication protocols. This is information that is not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.

Users' IP addresses are always anonymized.

The URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s operating system are used for the sole purpose of obtaining anonymous statistical information on the use of the site and make sure it is working properly. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website: except for this possibility, at present, the data on web contacts are stored for 24 months.

2. Data voluntarily provided by the user
The optional, explicit, and voluntary sending of requests via forms and email to the addresses indicated on the Website entails the subsequent acquisition of the sender's address which is necessary to reply to requests, as well as any other personal data included in the message. Specific summary information dedicated to particular services on request will be provided and/or displayed on the website pages.

3. Cookies
No personal data of the users is collected by the Website in this regard. We do not use cookies to transmit information of a personal nature, nor do we use any kind of persistent cookies or systems for tracking users. The use of session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe, efficient browsing of the site. The session cookies used on this site avoid the use of other technologies that could compromise the privacy of users' browsing and do not permit the acquisition of personal data that may identify the users.

Google Analytics

This is a web analytics service provided by Google, Inc. (“Google”). The information generated by the cookie about the User’s use of the site (please note that the IP address is anonymized) is collected by Google and stored on Google's servers in the United States. Google will use this information for the purpose of tracking and examining the use of the site by the User, compiling reports on site activities and providing other services related to the site’s activities.

Google may also transfer this information to third parties where required to do so by law or where said third parties process the information on Google's behalf. Personal data collected: Usage data and cookies. Data processing location: USA.

For more information on how the data acquired through Google analytics can also be used by Google, please see the following link: Google’s Privacy Policy.

COMMUNICATION AND DISCLOSURE OF PERSONAL DATA

Personal data may be communicated for the purposes indicated above to our collaborators and employees specifically appointed and within the scope of their duties.

DATA SUBJECTS’ RIGHTS

In accordance with Articles 15-22 of the GDPR, the data subjects to whom the personal data refer are entitled at any time to exercise their right to:

• Obtain confirmation from the Data Controller as to whether or not personal data relating to the data subject is being processed and, in this case, obtain access to it.

• Obtain information on the purposes and methods of processing, the categories of personal data provided, the recipients and/or the categories of recipients to whom the data have been or will be communicated and, where possible, the retention period.

• Have their data completed, corrected, and deleted.

• Limit the processing of their data.

• Data portability, i.e. receive the data from the Data Controller, pursuant to Article 20 of the GDPR 2016/679, "in a structured, commonly used and machine-readable format" and transmit it to another Data Controller without hindrance.

• Object to the processing of personal data at any time, even in the case of processing for direct marketing purposes.

• Revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to revocation.

• File a claim with the Italian Data Protection Authority in the event that they believe that the processing of personal data referring to them carried out through this Website is done in violation of the provisions of the Regulations.

Requests should be sent to the Data Controller by registered mail with return receipt to the following address: Annayake sarl whose registered office is located at 49, Avenue Montaigne, 75008 Paris (France) or via email to privacy@kelemata.it.

INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS

This Website allows you to interact with social networks or other external platforms directly from its pages.

The interactions and information acquired from this Website will in any case be subject to the User's privacy settings for each social network.

The data entered via Facebook will be subject to the conditions in the policy that can be viewed here: Privacy Policy.
MailChimp (The Rocket Science Group, LLC.)

MailChimp is an address management and email message service provided by The Rocket Science Group, LLC.

Personal Data collected: Last name, Cookie, date of birth, email address and first name.

Data processing location: United States – Privacy Policy. Person adhering to the Privacy Shield.