Last updated 17 September 2018
Your personal data (“the Data”) will be processed (using electronic means – local and remote – and, in the case of some operations, on paper) by Editions Condé Nast SpA, registered office 5 Piazzale Luigi Cadorna, Milan (“Condé Nast”) as Data Controller (“the Data Controller”), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and with its implementing regulations (together, “the Regulation”), so that you can – through its website socialtalentagency.condenast.it (“the Website”) – send and submit enquiries relating to the agency’s talents and/or offers of collaboration and project proposals involving those talents, in accordance with the current applicable laws and regulations and as stated in this Notice.
Your Data will be processed by the Data Controller in accordance with the principles of necessity, lawfulness, accuracy, propriety, proportionality and transparency, for the following purposes:
(i) to enable you to send and submit enquiries through the Website relating to the agency’s talents and/or offers of collaboration and project proposals involving those talents,
(ii) to contact you and reply to any enquiries you may send through the Website relating to the agency’s talents and/or offers of collaboration and project proposals involving those talents;
(iii) to assess and deal with your enquiries relating to the agency’s talents and/or offers of collaboration and project proposals involving those talents;
(iv) to discharge Condé Nast’s legal obligations or to comply with a court order or any demand from a person authorized under laws or secondary regulations to make such a demand.
The Data will be processed for Purposes (i – iii) of paragraph (A) above so that you can send us enquiries through the Website relating to the agency’s talents and/or offers of collaboration and project proposals involving those talents and be contacted with our replies to them, and your express consent is accordingly unnecessary under Article 6.1(b) of the Regulation. The processing of the Data for Purpose (iv) of paragraph (A) above is done to discharge legal obligations, and your express consent is accordingly unnecessary under Article 6.1(c) of the Regulation.
Provision of the personal data is optional. Failure to provide the Data marked “required” will make it impossible to submit your enquiry, offer of collaboration or project proposal through the Website. The provision of any other data is entirely voluntary and at your discretion.
The Data you provide will be processed in accordance with the Regulation and in any case in such a way as to guarantee their security and confidentiality and to prevent them either being disseminated or used without due authorization or being tampered with or destroyed. The Data will be processed on paper and/or remotely with the aid of electronic or other computerized means, by the Data Controller in person and/or by other persons delegated by the Data Controller, in ways strictly related to the purposes stated above. Such persons will be acting as external Data Processors as defined in Art. 28 of the Regulation.
The Data Controller will also process your Data in person using its own technological infrastructure and/or making use of the support and the technological infrastructure of external service providers which it will have designated as Data Processors. You can obtain a list of all the Data Processors so designated by the Data Controller by sending a request to email@example.com. The individual data processing operations will be entrusted to natural persons who will have been mandated to carry out those operations.
Your Data will be kept on servers located in the European Union and available to the Data Controller.
Whenever technical and/or operational requirements make it necessary to have recourse to persons located outside the European Union, or to transfer some of the Data to cloud-based technical systems or services located outside the European Union, their processing will be governed by the provisions of Chapter V of the Regulation and authorized on the basis of specific decisions by the European Union. All necessary precautions will accordingly be taken so as to guarantee the fullest protection of the personal data by basing any such transfer on: a) the European Commission’s decisions on the adequacy of the non-EU jurisdiction(s) in question; b) adequate safeguards provided by the third-party recipient as defined in Art. 46 of the Regulation; c) the adoption of binding corporate rules.
The Data will be kept only for as long as necessary to deal with your request, offer or proposal, and throughout any collaboration thereafter between you and Condé Nast and/or the agency’s talents, unless Condé Nast needs (exceptionally) to keep the Data in order to defend its rights in connection with any dispute which was already in existence when the enquiry was made, or unless a public authority has ordered otherwise.
A “cookie” is a small amount of data containing a unique but anonymous identifying code, sent to your browser by a web server and then stored in your computer’s non-volatile memory (eg HDD). The cookie is subsequently read and recognized by the website which sent it (and by that website only) on each subsequent occasion when your computer connects to it. The cookies used by the Data Controller are text files which the Website sends to the user’s computer in order to make it easier to navigate around that website. These cookies streamline the recognition of registered users, so avoiding (for instance) the need for authentication (by entering username and password) every time they access the Website. Cookies can in addition enable users to personalize their use of the Website by saving their personal preferences. Our cookies also record some details of the user’s online actions. Users who so wish can disactivate these cookies by means of functions in the browser used on their personal computer to consult the Web. The default setting of many browsers (their behaviour if the user makes no change) is to accept cookies. Through cookies and other means, the technical platform which makes the Website available to users automatically records certain information about their PCs and their online activities: the name of their Internet Service Provider, for instance, and the last website visited, the pages visited on the present website, the date and length of their visit, &c. These details are only used to enable access to the Website and/or in aggregate form for statistical purposes.
We remind you that you are entitled:
– to be told the purposes for which your Data are processed, how long they are processed and who they are disclosed to (“the right of access”);
– to have inaccurate or incomplete personal data concerning you rectified or completed (“the right to rectification”);
– to have personal data concerning you erased if and when: (a) the Data are no longer needed in relation to the purposes for which they were collected; (b) you have withdrawn your consent to the processing of the Data and that consent was the legal basis of their processing; (c) you object to the processing of personal data concerning you, when they are being processed for a legitimate interest of the Data Controller; or (d) your Data are being unlawfully processed. You should know, however, that it is lawful for the Data Controller to keep the Data when this is necessary to enable you to discharge a legal obligation or for the establishment, exercise or defence of legal claims (“the right to erasure”);
– to have personal data concerning you merely stored and not used in any other way, when (a) you contest the accuracy of the Data (and pending verification of the Data’s accuracy); (b) the processing is unlawful but you object to the Data’s erasure by the Data Controller; (c) you need the Data for the establishment, exercise or defence of legal claims; (d) you object to the processing, pending verification of whether the legitimate grounds of the Data Controller override those of the Data Subject (“the right to restriction of processing”);
– to have the processing stopped, when your Data are being processed for a legitimate interest of ours but you contest the existence of that interest (“the right to object);
– to receive personal data concerning you in a structured, commonly used and machine-readable format, if the processing is carried out by automated means and the basis of the processing is either that you registered at the Websites or that you gave your consent (“the right to data portability).
Lastly, we give you notice that you are entitled to have recourse to the Privacy Regulator (Garante per la protezione dei dati personali, Piazza di Monte Citorio, 121 – 00186 Roma RM) in order to exercise your rights in relation to the processing of your personal data.
The Data Controller for your personal data is Editions Condé Nast SpA. As provided for in Arts. 37ff of the Regulation, the Data Controller has appointed a Data Protection Officer (DPO), whose address for this purpose is c/o Editions Condé Nast SpA, and who can be contacted at firstname.lastname@example.org if you have any queries relating to the processing of your Data. You can also exercise the rights indicated in the section above by writing to the same email address.
Though the Data Controller will under no circumstances conduct processing operations other than as expressly authorized by you and/or requested by the individual user, this Notice may be amended to maintain compliance with new statutory provisions or with amendments to the Data Controller’s personal data processing policy, and/or following changes to the Website’s characteristics. Revised versions of this Notice will always be made available in the appropriate section of the Website, which you are therefore advised to consult from time to time in order to ensure that you are aware of the latest published version.