Last updated January 29, 2021

Below, you will find the privacy policy (hereinafter, the “Privacy Policy”) that has been provided by CyberEthics Lab. srls, having its registered office in Corso Cesare Battisti 69, Cardito (Napoli) – Italy (hereinafter the “Data Controller” or “CyberEthics Lab.”) to inform visitors of CyberEthics Lab. website (hereinafter, the “Website”) on how the Data Controller is going to process their Personal Data.

Any term indicated in capital letter shall have the meaning attributed to it within the EU General Data Protection Regulation no. 2016/679 (hereinafter, “GDPR”) or otherwise provided hereto. For any further information and/or clarifications, it is possible to contact the Data Controller at the following address: via Antonio Salandra 18, 00187 Rome (Italy) email: info@cyberethicslab.com.

Who we are

Our website address is: http://www.cyberethicslab.com. The Website has been designed to minimise the collection as well as the processing of your Personal Data, applying the principles of necessity and proportionality to any Processing activities that the Data Controller carries out.

Why we collect your personal data

CyberEthics Lab. will only process your personal data for the following purpose: to answer to the requests and messages, received through the Website section “Contacts”, and for enrolling you in the “Newsletter”.

What kind of personal data we collect

Personal Data provided directly by you

Provided that you decide to send CyberEthics Lab. an email, or you otherwise interact with CyberEthics Lab. (for instance, via email to ask a question with regards to your privacy rights, or more in general to request information), CyberEthics Lab. may collect your email, name, the content of your message, and any other information necessary to address your request. The legal basis for CyberEthics Lab. to process these Personal Data shall be your informed Consent given at the moment of the interaction.

Website navigation data

If you visit the Website, CyberEthics Lab. may collect technical information such as information about your interaction with the pages of the Website (scrolling, clicking, etc.) or the type of operating system you are using. However, such data will be collected on an aggregate basis, and the collection of said data will not permit the identification any individual user, and in any case the data will not be processed together with other data for the sole purpose of identifying the user.

Lawful basis

We process your Personal Data, as long as you, in your quality of Data Subject, have provided us with your Consent for one or more specific purposes.

We also may process your Personal Data if it is necessary for compliance with a legal obligation to which we as Data Controller are subject. Your Personal Data will not be used for any automated decision-making including profiling.

How long we retain your data

CyberEthics Lab. only keeps your Personal Data for the time strictly necessary to fulfil the purpose of the Data Processing for which the data have been collected, and, in any case, within the limits set forth by applicable laws and regulations.

How we protect your data

All the Processing Activities are carried out in compliance with article 32 of the GDPR, with the adoption of appropriate security measures.

In particular, our technical measures include appropriate actions to address online security, risk of data loss, alteration of data or to prevent unauthorised access, taking into consideration the risk of the Processing and of the nature of the Personal Data. The organisational measures that we put in place include restricting access to the Personal Data solely to authorised personnel of the Data Controller.

Who may access your personal data

As a general rule, we are not going to share your Personal Data with third parties, unless we obtain your specific Consent previously.

In particular, access to your Personal Data is allowed by the Data Controller to its authorised staff according to the ‘need to know’ principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

However, we may disclose your information to third parties, such as police or judicial authorities, in order to comply with the law or a judicial order issued by a competent regulatory authority.

We may share your information with our service provider, SiteGround Spain S.L., which is located in Spain.

What rights you have over your data

Pursuant to GDPR, you have several rights concerning the Personal Data we hold about you. If you wish to exercise any of these rights, please use the contact details set out above.

  • The right to be informed. You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
  • The right of access. You have the right to obtain access to your Personal Data subject matter of the data Processing. This will enable you, for example, to check that we’re using your Personal Data in accordance with the relevant data protection law. If you wish to access the information, we hold about you in this way, please get in touch.
  • The right to rectification. You are entitled to have your Personal Data corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us.
  • The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of part or all of the Personal Data that we hold about you by contacting us. Please remember that it is possible that, pursuant to any applicable law, you may not have all your Personal Data erased.
  • The right to restrict processing. You have rights to ‘block’ or ‘suppress’ certain further use of your Personal Data. When processing is restricted, we can still store your Personal Data, but we will not use it further.
  • The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right, however and there are exceptions. To learn more please get in touch.
  • The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your Personal Data with the relevant national Data Protection Authority.
  • The right to withdraw consent. If you have given your consent to anything we do with your Personal Data (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do so by contacting us. Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
  • The right to object to processing. You have the right to object to certain types of processing. You can, for instance, object to the publication of pictures taken of you within the context of a conference.

Please provide the description of your enquires, indicating also the rights you wish to exercise in your written request Where to us if you wish to exercise said rights in the context of one or several specific processing operations. Your requests will be handled within a maximum of 30 (thirty) working days. 

Privacy Notice for job’s openings

CyberEthics Lab. srls, having its registered office in Corso Cesare Battisti 69, Cardito (Napoli) – Italy (hereinafter the “Data Controller” or “CyberEthics Lab.”), cares about your privacy. We always collect and process personal data responsibly and with your privacy in mind.

This Privacy Notice describes how we collect and use your personal data as an applicant, sourced or referred candidate, before, during and after the recruitment process. It also describes your rights and how to exercise them.

Any term indicated in capital letter shall have the meaning attributed to it within the EU General Data Protection Regulation no. 2016/679 (hereinafter, “GDPR”) or otherwise provided hereto. For any further information and/or clarifications, it is possible to contact the Data Controller at the following email:info@cyberethicslab.com.

Data Controller

The data controller of your personal data is:

CyberEthics Lab. Srls
Corso Cesare Battisti 69
Cardito, Napoli (Italia)
email: info@cyberethicslab.com

To properly assess your application, your application and therefore your personal data might be processed by CyberEthics Lab.’s HR Team, whose members are bound by strict non-disclosure obligations and are well aware of privacy and data protection aspects.

Purpose of the processing

The purpose of the processing is to find and hire suitable candidates to the CyberEthicsLab. The personal data collected may also be aggregated and the anonymised to be used by CyberEthics Lab. for statistical and diversity analysis and business reporting purposes.

The personal data we process

The personal data we process is contact details, education, work experience, skills, CV, publicly available profiles (such as LinkedIn, Xing, etc.), as well as any additional information provided by the applicants.

CyberEthics Lab. may decide to conduct background checks as a final step in the recruitment process. This background check includes processing additional information that is deemed relevant to the role that you have been offered. Your contact person at CyberEthics Lab. will inform you about the specific contents of your background check.

The legal basis for the processing

When you submit an application for a role at CyberEthics Lab., our legal basis for collecting, storing and processing your information is Article 6(1)(b), i.e. steps necessary to enter into a contract. We will store your information for a maximum of 2 years.

In the case where candidates who have been approached by CyberEthics Lab with an invitation to apply for a role (“referred candidates” or “sourced candidates”), our legal basis for collecting, storing and processing your information is Article 6(1)(f) –legitimate business interest. We have conducted a legitimate interest assessment and balanced our legitimate interest (finding suitable candidates) against the candidates interests, and concluded that our interest outweighs the candidates’. We will only process information which you have made publicly available yourself (like for example, Linkedin profile).

The time we will keep your personal data

Personal data about applicants, “referred candidates” or “sourced candidates” who choose to enter our application process will be retained for a period of up to 2 years after the completion of the hiring process. Personal data about “referred candidates” or “sourced candidates” who choose not to enter our application process, will be stored for a maximum of 30 days.

How we protect your data

All the Processing Activities are carried out in compliance with article 32 of the GDPR, with the adoption of appropriate security measures.
In particular, our technical measures include appropriate actions to address online security, risk of data loss, alteration of data or to prevent unauthorised access, taking into consideration the risk of the Processing and of the nature of the Personal Data. The organisational measures that we put in place include restricting access to the Personal Data solely to authorised personnel of the Data Controller.

Who may access you data

As a general rule, we are not going to share your Personal Data with third parties, unless we obtain your specific Consent previously. In particular, access to your Personal Data is allowed by the Data Controller to its authorised staff according to the ‘need to know’ principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
However, we may disclose your information to third parties, such as police or judicial authorities, in order to comply with the law or a judicial order issued by a competent regulatory authority.
We might share you personal data with our service provider, Google Ireland Ltd. In this respect please be aware that any transfer of your personal data to countries outside the European Economic Area made by Google Ireland Ltd. shall be made in compliance with articles 44 and subsequent of GDPR.

What rights you have over your data

Pursuant to GDPR, you have several rights concerning the Personal Data we hold about you. If you wish to exercise any of these rights, please use the contact details set out above.

  • The right to be informed. You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.
  • The right of access. You have the right to obtain access to your Personal Data subject matter of the data Processing. This will enable you, for example, to check that we’re using your Personal Data in accordance with the relevant data protection law. If you wish to access the information, we hold about you in this way, please get in touch.
  • The right to rectification. You are entitled to have your Personal Data corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us.
  • The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of part or all of the Personal Data that we hold about you by contacting us. Please remember that it is possible that, pursuant to any applicable law, you may not have all your Personal Data erased.
  • The right to restrict processing. You have rights to ‘block’ or ‘suppress’ certain further use of your Personal Data. When processing is restricted, we can still store your Personal Data, but we will not use it further.
  • The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right, however and there are exceptions. To learn more please get in touch.
  • The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your Personal Data with the relevant national Data Protection Authority.
  • The right to withdraw consent. If you have given your consent to anything we do with your Personal Data (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do so by contacting us. Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
  • The right to object to processing. You have the right to object to certain types of processing. You can, for instance, object to the publication of pictures taken of you within the context of a conference.

Please provide the description of your enquires, indicating also the rights you wish to exercise in your written request Where to us if you wish to exercise said rights in the context of one or several specific processing operations. Your requests will be handled within a maximum of 30 (thirty) working days.

Changes

Where appropriate, we will inform you in case of any changes in our privacy notice by contacting you via email.

Analytics and social networks

Google Analytics

On this Website, the Data Controller has integrated the Google Analytics component (with the anonymizer function) to analyse website traffic. For further information, the applicable data protection provisions of Google may be retrieved at https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained at the following Link https://www.google.com/analytics/.

LinkedIn and Twitter

The Data Controller has integrated on this Website, LinkedIn and Twitter (“Social Media”) plug-in components, through which the internet browser used by a visitor is directly connected to the server of the relevant Social Media.

During this technical procedure, if the Data Subject is logged in at the same time on one of the Social Media, the relevant Social Media gains knowledge of what specific sub-page of the Website was visited by the Data Subject.

This information is collected through the relevant Social Media component and associated with the respective Social Media account of the Data Subject. If the Data Subject clicks on one of the Social Media plug-ins integrated on our Website, then the relevant Social Media assigns this information to the personal Social Media user account of the Data Subject and stores the Personal Data.

To avoid that the Social Media gains this information, the Data Subject should disconnect from relevant Social Media.

In any case, to get more information, the applicable data protection provisions of:

Cookies policy

The present cookies policy (hereinafter the “Cookies Policy”) has been provided by CyberEthics Lab. srls, having its registered office in Corso Cesare Battisti 69, Cardito (Napoli) – Italy (hereinafter the “Data Controller” or “CyberEthics Lab.”) to inform visitors of CyberEthics Lab. website (hereinafter, the “Website”) on how cookies on the Website are used.

Any term indicated in capital letters shall have the meaning attributed to it within the EU General Data Protection Regulation no. 2016/679 (hereinafter, “GDPR”) or otherwise provided hereto. For any further information and/or clarifications, it is possible to contact the Data Controller at the following address: via Antonio Salandra 18, 00187 Rome (Italy) email: info@cyberethicslab.com.

To this extent, this document shall be considered as an integral part of the here above described privacy policy on the processing of personal data.

Definition of cookies

Cookies are short strings of text that the websites on which a user navigates con send to his or her terminal equipment in order to be memorised and subsequently transmitted back to the website upon the user’s subsequent visit to the same website. Cookies facilitate and expedite the loading of a given web page.

Cookies can be “session” or “persistent” cookies. A session cookie is a cookie that is automatically deleted when the user closes the browser, whereas a persistent cookie is a cookie that remains stored in the user’s terminal device until it reaches a pre-determined expiration date.

Furthermore, additional classification of cookies includes:

Typology of cookies

An explanation of the main two typologies of cookies is below.

Depending on the source

First party cookies: cookies that a visitor receives from the same website that he/she is visiting.

Third party cookies: cookies that a visitor receives from websites or web servers provided by a third party.

Depending on the purposes

Necessary cookies: these cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Marketing or profiling cookies: these cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

Cookies implemented on the Website and how to disable them

On our Website, we have implemented only Necessary cookies as follows:

  • cookie_notice_accepted
  • qtrans_front_language
  • wordpress_5026114dd243560e3a8b006c7a2b3b11
  • wordpress_logged_in_5026114dd243560e3a8b006c7a2b3b11
  • wordpress_test_cookie
  • wp-saving-post
  • wp-settings-1
  • wp-settings-time-1

The Data Subject may, at any time, prevent the setting of cookies through our Website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies.

Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all of the most commonly used Internet browsers. If the Data Subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable. Please consult the following link if you need further clarification on how to disable cookies: https://www.aboutcookies.org.

Changes

Where appropriate, we will display a new privacy policy and cookies policy, on the Website.