Welcome to the website www.conai.org (hereinafter the “Website”) of CONAI – National Packaging Consortium (hereinafter “CONAI”).

Through this policy, CONAI provides users with information regarding the processing of personal data that is collected automatically or provided voluntarily by the users when accessing and browsing the Website and using the services offered therein.

Users can browse the website freely without needing to register; personal data is requested only in the “Contact us” and “Work with us” sections, for which specific privacy notices on data processing by CONAI are provided.

Within the Website there may also be hyperlinks to websites, web pages or online services of third parties. By clicking on such links, users may access multimedia content which, being solely the responsibility of said parties, falls outside the control of CONAI and is in no way subject to the provisions of this policy. CONAI therefore invites users to exercise caution when using services provided by third parties and to read carefully the data processing policies provided by those parties, over which CONAI has no control and for which it cannot be held liable.

1.Data Controller

The Data Controller, meaning the entity responsible for decisions regarding the purposes, methods and security of personal data processing, is CONAI, with registered office in Rome, Via Tomacelli No. 132 and operational office in Milan, Via Pompeo Litta 5 (hereinafter “CONAI”).

2.Data Protection Officer

The Data Protection Officer (DPO) appointed by CONAI can be contacted by sending an email to dpo@conai.org.

3.Types of personal data processed

“Personal data” means any information that relates to the user and can be linked to them.

Specifically, the processing shall concern:

– Personal data relating to browsing

When accessing and browsing the Website, CONAI generally collects browsing data. In particular, the IT systems and software procedures used to operate the Website acquire, during their normal operation, certain personal browsing data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with identified users, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes, for example, the “IP addresses” or domain names of the computers used to connect to the Website, the URL (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

This data makes it possible to verify the correct functioning of the Website and to ensure the provision of the services available therein, to obtain anonymous statistical information on visits and to carry out statistical analyses, as well as to identify anomalies and/or misuse. For further information regarding the technologies used to collect such data, please refer to point 5 below and to the Cookie Policy.

– Data provided voluntarily by the user

CONAI also processes personal data voluntarily provided by the user when interacting with the services offered by the Website, such as when requesting information. The “Contact us” and “Work with us” sections contain specific information on data processing in accordance with Article 13 of the Regulation, which specifies that the data subject to processed are:

• • forename, surname, email address, telephone number, company name and any additional data provided when completing the form to request information;
  • forename, surname, email address, and further data indicated in the CV (such as educational background, professional experience, personal interests, image), including data revealing racial or ethnic origin and data concerning health, for the purpose of submitting an application.

Hereinafter, these are collectively referred to as “Data”.

The optional and voluntary sending of emails to the addresses indicated on this Website entails the acquisition of the sender’s email address, as well as any additional personal data voluntarily included in the message. Such data are used solely for the purpose of replying to the sender and are not disclosed in any way.

4.Purposes of processing, legal basis and nature of data provision

In the context of browsing the Website and using the services provided therein, the Data is processed for the following purposes:

a) to allow browsing of the Website, to obtain anonymous statistical information on its use, as well as to monitor its proper functioning and to establish liability in the event of cybercrimes (hereinafter “Browsing”). The legal basis is the performance of a contract (Article 6.1 (b) of the Regulation) and the legitimate interest of CONAI (Article 6.1 (f) of the Regulation);

b) to respond to and handle requests received from the user (hereinafter “Contacts”). The legal basis is the consent given by the user (Article 6.1 (a) of the Regulation);

c) to assess the professional profile and to initiate any selection process aimed at establishing an employment or professional collaboration relationship (hereinafter “Selection”). The legal basis is the performance of pre-contractual measures (Article 6.1 (b) of the Regulation; Article 111-bis of Legislative Decree 196/2003) and the consent provided in relation to any special categories of data supplied (Article 9.2 (a) of the Regulation);

d) exercise and defence of the Company’s rights in all forms, including judicial, administrative, arbitration and/or mediation and conciliation proceedings (hereinafter “Defence”). The legal basis is the legitimate interest of the Company (Article 6.1 (f) of the Regulation).

With the exception of browsing data (collected automatically), the provision of Data is necessary for the purposes referred to in points (b) and (c) above. Therefore, failure by the user to provide the Data marked with (*) will make it impossible for CONAI to fulfil the request (to respond to and process any requests and initiate the selection process), without, however, affecting Browsing and Defence. Failure to provide data not marked with (*) does not, however, affect the fulfilment of the request, nor does it affect Browsing and Defence.

5.Cookies

The Website uses technical, analytical and profiling cookies, including those of third parties, in order to allow normal browsing and use of the Website, to carry out statistical analyses and to create profiles enabling the sending of advertising in line with the user’s preferences. Further information on the characteristics of the cookies used on the Website can be found in the Cookie Policy.

6.Methods of processing

For the purposes referred to in point 4 above, the Data will be processed primarily by electronic means, as well as in paper form, in compliance with the regulatory provisions on the processing of personal data, and adopting appropriate security measures. The processing of Data will be managed by CONAI internal staff, who are specifically authorised, trained and instructed to ensure adequate security and confidentiality, and to avoid the risks of loss and/or destruction or access by unauthorised parties.

7.Communication and dissemination of Data

The Data will not be disclosed. Within the limits strictly relevant to the purposes listed in point 4 above, the Data may be communicated to:

• entities authorised by law or regulation, such as, by way of example and without limitation, public authorities and judicial authorities;
• entities which, as independent data controllers or data processors pursuant to Article 28 of the Regulation, are involved in processing the Data (such as, by way of example and without limitation, internet service providers, and the company responsible for management and maintenance of the IT systems and the Website).

The updated list of Data Processors is available at CONAI’s operational office.

8.Data retention period and criteria used

CONAI retains the Data for the period strictly necessary to achieve the purposes for which the Data were collected. Without prejudice to what is expressly provided in point 5 above, Data for the purposes of:

• Contacts shall be retained for a period not exceeding 15 (fifteen) days from the date of their collection;
• Selection shall be retained for 24 (twenty-four) months from the date of their collection; without prejudice, however, to the right to withdraw consent for processing based on such legal basis, the right to object to processing, as well as compliance with specific legal retention obligations and the exercise of the right of defence in the event of a dispute.

9.Rights of the data subject

With regard to your Data, users have the right to request CONAI, in the manner indicated in the Regulation and without prejudice to the provisions and limitations set out in Legislative Decree 196/2003 (Part I, Title I, Chapter III):

• Right to access: Article 15 of the Regulation allows users to obtain confirmation from the Data Controller of whether or not data concerning them is being processed and, where that is the case, to access such data.
• Right to rectification: Article 16 of the Regulation allows users to obtain rectification from the Data Controller of inaccurate personal data without undue delay. Given the purposes of the processing, users have the right to obtain completion of incomplete data, including by providing a supplementary statement.
• Right to erasure: Article 17 of the Regulation allows users to obtain erasure from the Data Controller of personal data without undue delay when one of the grounds provided by the Regulation applies.
• Right to restriction: Article 18 of the Regulation allows users to obtain restriction of processing from the Data Controller when one of the conditions provided by the Regulation applies.
• Right to portability: Article 20 of the Regulation allows users to receive the personal data they have provided to a data controller in a structured, commonly used and machine‑readable format, and to transmit such data to another data controller under the conditions provided by the Regulation.
• Right to object: Article 21 of the Regulation allows users to object at any time, on grounds relating to their particular situation, to processing of personal data under Article 6, paragraph 1, points (e) or (f), including profiling based on those provisions.

Users also have the right to withdraw their consent at any time, without prejudice to the lawfulness of the processing carried out prior to the withdrawal.

All the rights listed above may be exercised by sending a communication to CONAI by certified email (PEC) to conai@conai.legalmail.it or by registered letter to the operational office in Milan, Via Litta 5.

If it is believed that the processing of the Data infringes the Regulation, they can lodge a complaint with the Italian Data Protection Authority, as provided by Article 77 of the Regulation.

10.Transfer abroad

The Data is stored on servers located within the European Union. In the event of the transfer of Data abroad, CONAI undertakes to ensure that adequate safeguards are in place, in compliance with the regulatory provisions governing the processing of personal data.

11.Further information and cooperation

Data protection and compliance with the principles established by legislation, particularly the principle of transparency, are of primary importance for CONAI. CONAI’s Legal and Corporate Affairs Division is available to provide any clarification regarding the exercise of rights. Requests may be submitted in writing to the aforementioned department. It is also possible to report any unclear parts of this document or suggest improvements.