This document has been prepared pursuant to EU Regulation 2016/679 (the “GDPR”) to enable users to understand what cookies are installed when they use the website Dedalus External Career Site (the “Website”).

1. Data controller and data protection officer
Dedalus S.p.a, with registered office in Milano, Piazza Santissima Trinità 6 (“Dedalus”) is the data controller of the personal data (the “Data”) of the users of the Website collected using cookies. For any request it is possible to write to Dedalus at the above-mentioned physical address.
Dedalus has appointed a Data Protection Officer (“DPO”), who can be contacted at the following address: [email protected]

2. Data processed by Dedalus
The navigation on the Website involves the use of cookies, short strings of text that the websites visited send to the user’s browser, where they are stored and then transmitted to the same websites during subsequent visits. While browsing a site, the user may also receive cookies on their computer from sites or web servers other than the one he/she is visiting (so-called “third party” cookies). It is possible to distinguish:
a.technical cookies, which allow to carry out activities related to the operation of the Site.
b. profiling cookies, used to analyse user behaviour and, if necessary, to send advertising messages in line with the preferences expressed by the user during navigation.

This Website uses the following cookies:

1. Technical cookies

Name	Host	Duration	Category	Description
Session management cookies	Workday	Expire at the end of the session	Technical	User, device, and session ID cookies along with timestamp cookies for timing out sessions after inactivity. These cookies expire at the end of the session.
Routing cookies	Workday	Expire at the end of the session	Technical	To forward requests for a single session to the same server for consistency of service. These cookies expire at the end of the session.
Application Security Management (ASM) cookies	Workday	Expire at the end of the session	Technical	To help protect web applications and infrastructure from security attacks. These cookies expire at the end of the session.

 

While technical cookies cannot be refused by the user of the Website, as they are strictly functional to the Website itself, the user can freely choose to accept or refuse the use of profiling cookies. The user can set and review their choices regarding cookies here.

3. Purposes and legal basis of the processing
By using cookies, the following purposes are pursued:
3.1 to enable the navigation of the Website and its smooth functionality. The legal basis for the processing is the provision to users of services related to the Website and the legitimate interest of Dedalus to have a functional website.
3.2 to fulfil any obligations under applicable laws, regulations, or EU legislation, or to comply with requests from the authorities. The legal basis for the processing is the obligation of Dedalus to comply with mandatory legislation.
3.3 analyse user behaviour and possibly send him advertising messages in line with the preferences expressed by the same during navigation. The legal basis for processing in this case is the consent of the interested party.
3.4 for the needs of defence of the rights of Dedalus in the context of any litigation, even in court. The legal basis of the processing is the legitimate interest of the Owner to protect its rights.
The conferment of Data is optional, but (except in cases of processing based on consent) the failure to provide Data prevents the Controller from allowing the navigation of the Website.

4. Recipients of the Data
The Data may be communicated:
(a) to third parties who need to perform specific activities in relation to the Data, in accordance with the purposes of the processing, or to service providers to the Data Controller.
(b) to authorities, entities and/or parties to whom the Data must be disclosed, pursuant to binding legal or contractual provisions.
(c) in other circumstances, such as acquisitions and sales to potential third-party companies, when we expect to sell or transfer part of or all our business.

6. Transfer of Data outside the European Economic Area
As for the possible transfer of Data to countries not belonging to the European Economic Area, the processing will take place according to one of the legally permitted methods and therefore through the selection of recipients established in countries considered adequate by the European Commission or through the stipulation of standard contractual clauses.

7. Data retention
The Data will be kept only for the time necessary for the purposes for which they were collected, respecting the principles of conservation limitation and minimization. More precisely, the terms of duration of the cookies are defined in the previous section 2. For the Data whose processing is based on the consent of the interested party, it is specified that the same will be kept until such consent is revoked.

8. Data subjects’ rights
In the presence of the relevant legal prerequisites, the data subject may ask the Data Controller or the DPO for access to their Data, to rectify or erase them or to object to their processing, to request the restriction of processing in the cases provided for by Article 18 GDPR, as well as to obtain in a structured, commonly used, and machine-readable format the data concerning him/her, in the cases provided for by Article 20 GDPR.
In addition, the user has the right to revoke any consent to processing at any time, without affecting the lawfulness of the processing carried out by the Controller before the revocation.
Requests should be made in writing to the Data Controller at the addresses indicated above.
In any case, the interested party may lodge a complaint with the Guarantor for the Protection of Personal Data if he believes that the processing of his Data is contrary to the regulations in force.