Privacy Policy and Cookie Policy

Obrist GmbH, with registered office at Handwerkerstraße 11, IT-39040 Feldthurns (hereinafter Obrist GmbH), is always committed to protecting the online privacy of its users. This document has been drafted in accordance with Art. 13 of EU Regulation 2016/679 (hereinafter referred to as the "Regulation") so that you can get to know our Privacy Policy and understand how your personal information is treated when using our website, and, where appropriate, to provide your express and informed consent to the processing of your personal data (valid only for persons aged at least 16 years). The information and data provided by you or otherwise acquired by us during the use of our services on the website (hereinafter "Services") will be processed in accordance with the provisions of the Regulation and the confidentiality obligations that influence the activities of the Controller.

In accordance with the provisions of the Regulation, the processing carried out by Obrist LtD. is based on the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.

Table of Contents

1. The Controller
2. Personal Data Subject to Processing
   1. Browsing Data
   2. Special Categories of Personal Data
   3. Data Provided Voluntarily by the Data Subject
   4. Cookies
3. Purpose of Processing
4. Legal Basis and Mandatory or Optional Nature of Processing
5. Recipients of Personal Data
6. Transfer of Personal Data
7. Storage of Personal Data
8. Rights of Data Subjects
9. Amendments

1. The Controller

The Controller for the processing carried out on the website is Obrist GmbH, as identified above. For information regarding the processing of personal data by the Controller, including the list of data processors appointed to process the data, please write to the following address: info@obrist.bz.it.

The personal data processed via the website are as follows:

a. Browsing Data

The computer systems and software procedures used to operate the website collect certain personal data during their normal operation, the transmission of which is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified data subjects but may, by its nature, allow for the identification of users through processing and association with third-party data...

b. Special Categories of Personal Data

If you use our website for an application (or send one to us via email), it could result in the transfer of personal data that falls under the special categories of personal data according to Art. 9 of the Regulation, specifically "[...] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as [...] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation."

Please do not publish this data unless it is absolutely necessary. We explicitly point out that the Controller, regarding the transmission of special categories of personal data in the absence of express consent to process such data (you are naturally allowed to send a CV), can neither be held responsible, for whatever reason, nor receive complaints of any kind, as in this case, processing is permitted because it relates to data manifestly made public by the data subject, in accordance with Art. 9(1)e of the Regulation. We nonetheless point out that it is important, as mentioned above, to provide express consent to the processing of special categories of personal data if you decide to transmit this information.

We also inform you that for the purpose of candidate selection, the Controller may analyze social profiles for professional purposes (e.g., LinkedIn) that are freely accessible on the Internet.

c. Data Provided Voluntarily by the Data Subject

If you use certain services on the website (e.g., the inquiry, contact, or reservation form), we may process personal data of third parties that you send to the data controller. In these cases, you are the controller of the data processing and assume all legal obligations and liabilities. In this sense, you provide us with the greatest possible indemnity regarding any complaints, claims, damages resulting from the processing, etc., that the Controller may receive from third parties whose personal data was processed through the use of website functions in violation of applicable data protection regulations.

If you provide or otherwise process personal data of third parties in the course of using the website, you guarantee in any case that this specific instance of processing is based on an appropriate legal basis in accordance with Art. 6 of the Regulation, which legitimizes the processing of the information in question.

d. Cookies

Cookies are small text files placed on a client computer's hard drive by a website and using the browser to store small amounts of website information for a certain period. Generally, there are different types of cookies. Some are essential for the functioning of the website, such as navigation or shopping cart cookies. Furthermore, there are so-called analytics cookies that collect information—e.g., regarding the number of website visitors and the path visitors take on the website. Functional cookies allow the website to remember choices you have made (e.g., selected filter settings or automatic language pre-sets of a website).

In addition, there are cookies, so-called profiling cookies, that record user preferences and actions. A user profile is created based on this information. This serves to combine advertising messages with user interests, thus enabling more target-group-oriented advertising. Often, these are third-party cookies used by the website operator to display personalized advertising.

Consent Requirement for Cookies

Website visitors must actively consent to the setting of cookies that are not essential for website functionality and also have the right to withdraw their consent at any time. This website uses a technology called CMP (Consent Management Platform) to manage this right. When accessing the website, a banner appears informing the website user about the use of cookies, offering various options for consent, and providing detailed information about the different cookies.

Blocking Cookies via Browser Settings

Information on how to block cookies in common browsers can be found on the official support pages:

• Firefox
• Google Chrome
• Internet Explorer
• Safari

3. Purpose of Processing

The processing we intend to carry out (where necessary) with your express consent has the following purposes:

• To enable the provision of the services requested by you
• To respond to customer service requests, information inquiries, or reservations
• Analysis of CVs and contacting candidates who have submitted their applications
• To fulfill all legal, accounting, and tax obligations
• Marketing purposes: The data provided may, following prior express and specific consent, be processed for the sending of advertising and marketing communications, including the sending of newsletters and market research surveys, via automated (SMS, MMS, email, push notifications) and non-automated (postal, call center) systems.

The legal basis for processing your data for these purposes is Art. 6(1)(a) of the Regulation. Consent to processing for direct marketing is optional and depends on your free decision; therefore, failure to provide your consent for this purpose does not affect the use of the Services.

4. Legal Basis and Mandatory or Optional Nature of Processing

The legal basis for processing personal data for the purposes mentioned in Section 3 (a-b-c) is Art. 6(1)(b) of the Regulation (performance of a contract), as the data processing is necessary for the provision of the Services or for responding to inquiries from the data subject. Providing personal data for these purposes is optional, but failure to do so would make it impossible to activate the services provided by the website, process inquiries, or evaluate CVs.

With specific reference to purpose 3.c and the associated analysis of social media profiles of a professional nature made freely available on the Internet as per Section 2.b, Art. 6(1)(f) of the Regulation forms the legal basis for the processing—i.e., the legitimate interest of the Controller to assess possible risks regarding the candidate's suitability for the specific open position.

The purpose mentioned in Section 3.d constitutes a lawful processing of personal data within the meaning of Art. 6(1)(c) of the Regulation (compliance with a legal obligation). Once the personal data has been provided, the processing is indeed necessary to comply with a legal obligation to which the Controller is subject.

The legal basis for processing for the purposes mentioned in Section 3.e is Art. 6(1)(a) of the Regulation (user consent).

The Controller may, without your consent, carry out processing for the same purposes involving the direct sending of advertising material or direct sales or the conduct of market research or commercial communications regarding products or services of the Controller that are similar to those purchased, using email addresses and postal addresses in accordance with and within the limits permitted by Art. 130 para. 4 of the Privacy Code and the order of the Garante for the protection of personal data dated June 19, 2008. The legal basis for processing your data for this purpose is Art. 6(1)(f) of the Regulation (legitimate interest).

5. Recipients of Personal Data

Your personal data may be shared for the purposes mentioned in Section 3 with:

• Entities that typically act as data processors, i.e.:
  i) Persons, companies, or professional offices that provide assistance and advice to the Controller in accounting, administrative, legal, tax, financial, collection, marketing, and communication matters regarding the provision of Services;
  ii) Entities with whom cooperation is necessary for the provision of Services (e.g., hosting providers);
  iii) Entities tasked with performing technical maintenance work (including the maintenance of network equipment and electronic communication networks) (collectively referred to as "Recipients");
• Entities, bodies, or authorities to whom your personal data must be communicated due to legal provisions or administrative orders;
• Persons authorized by the Controller to process personal data who are necessary for carrying out activities regarding the provision of Services or for the other purposes mentioned in Section 3, and who have committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees of the Controller).

6. Transfer of Personal Data

Some of your personal data are shared with Recipients who may be located outside the European Economic Area. The Controller ensures that the processing of your personal data by these Recipients takes place in accordance with the Regulation. Indeed, transfers may be based on an adequacy decision, on standard contractual clauses approved by the European Commission, or on another appropriate legal basis. Further information is available from the Controller at the following address: info@obrist.bz.it.

7. Storage of Personal Data

Personal data processed for the purposes mentioned in Section 3(a-b) will be kept for as long as is strictly necessary to achieve those purposes. Since the data processing is for the provision of services, the Controller will in any case process the personal data until the time provided by Italian legislation for the protection of interests (Art. 2946 et seq. Civil Code).

Regarding CVs submitted via the website or by email in accordance with Section 3.c, personal data will be kept for a period deemed appropriate for the purpose for which the data were collected. This applies notwithstanding the possibility for the Controller to contact the applicant shortly before the end of the specified period to request an extension of this storage period.

Personal data processed for the purposes mentioned in Section 3.d will be stored until the time provided for by the specific obligation or applicable law.

On the other hand, personal data processed for the purposes mentioned in Section 3.e will be kept until consent is withdrawn by the data subject or, if no such withdrawal occurs, for a specific maximum period deemed appropriate.

Further information regarding the data retention period and the criteria for determining this period can be obtained from the Controller at the following address: info@obrist.bz.it.

8. Rights of Data Subjects

In accordance with Article 15 et seq. of the Regulation, you have the right to ask the Controller at any time for access to your personal data, to request that it be corrected or deleted, or to object to its processing. You have the right to request the restriction of processing in the cases provided for in Art. 18 of the Regulation, as well as, in the cases provided for in Art. 20 of the Regulation, to receive the data concerning you in a structured, commonly used, and machine-readable format.

Any request must be sent in writing to the Controller at the following address: info@obrist.bz.it.

You have the right at any time to lodge a complaint with the competent supervisory authority (Garante per la protezione dei dati personali) in accordance with Art. 77 of the Regulation if you consider that the processing of your personal data violates applicable law.

9. Amendments

This privacy policy is effective as of 31.10.2018. The Controller reserves the right to change or update its content in whole or in part, including due to changes in applicable legislation. Therefore, the Controller encourages you to visit this section regularly to stay informed about the latest and most current version of this privacy policy.