Privacy policy

WELCOME TO OUR WEBSITE!
The website www.hesacore.com including its microsites, databases, online stores and apps (“website”) as well as social media channels, are operated by SEVENTY SEVEN SRL, Viale Mercato Nuovo 44/F, Vicenza, Italia (“Controller”, “we”, “us”). The use of any content or functions provided on our website is exclusively based on our applicable Terms of Use, which you can find here.
Protecting your personal data is an important concern for us. We therefore comply with the applicable legal provisions regarding the protection, lawful scope and confidentiality of personal data, and regarding data security. Below, you will learn which information we might collect and process when you visit and use our websites, particularly when you shop via our online store, participate in prize games, participate in prize games, promotions or other advertising activities. If the processing of your data should deviate from the statements made in this Privacy Policy in a specific case, you will be informed of this separately, and this will only be done based on your consent provided that such consent is required by law.
If necessary, we must update this Privacy Policy in connection with the further development of the Internet and changes in the legal situation legal precedents. We therefore recommend that review this page in regular intervals to ensure that you have read the most up- to-date version.

CONTENT OF THE PRIVACY POLICY
General provisions
What is personal data?
Which data do we collect from you, and how or for what purposes do we process your data?
Data of persons under 16 years of age/sensitive data
Handling personal data for website’s informational use
Cookies
Google Services
Google Analytics and Universal Analytics
Google Ads (formerly Google Adwords)
Google Remarketing
Google Campaign Manager (formerly Google DoubleClick)
Google reCAPTCHA
Google Maps
Google Fonts
Google Tag Manager
YouTube videos
Facebook Business Manager
Facebook Pixel and CAPI
Facebook/Instagram lead ads

Operation of social media accounts
Handling personal data during proactive use be the user
Making contact
Applications
Transmission of your personal data to third parties
Transmission of your personal data to third parties outside of the EU/EEA
Data security
Storage period
your rights

1. GENERAL PROVISIONS
The EU General Data Protection Regulation (“GDPR”) and the corresponding national data protection laws protect the fundamental rights and freedoms of individuals and their rights to the protection of personal data.

1.1. WHAT IS PERSONAL DATA?
Personal data is information about data subjects, whose identity is determined or at least can be determined. Personal data includes, for example, names, addresses, telephone numbers, e-mail addresses, user IDs, credit card numbers, social media account IDs, user names, IP addresses etc.

1.2. WHICH DATA DO WE COLLECT FROM YOU, AND HOW OR FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?
We collect user data (for example, information provided during registration, ordering, subscribing to newsletters or when contacting us) and technical data (log files; for example, IP addresses, dates, times) from you, provided that this is permitted by law or required as part of contract performance or to preserve our legitimate interests, or you have provided your consent for this purpose.

1.3. DATA OF PERSONS UNDER 16 YEARS OF AGE/SENSITIVE DATA
Unless parental or guardian consent has been obtained, SEVENTY SEVEN does not wish to collect information from persons under the age of 16. However, as it is not always possible for us to accurately determine the age of users, we cannot rule out the possibility that our offers/services may nevertheless occasionally contain personal data of persons under the age of 16 without the consent of their parents or guardians. Should we discover that persons under the legally permissible age have registered on our website or used our services without the consent of their parents or legal guardians, we reserve the right to exclude these persons from such offers/services, to block them or to delete the data.
Furthermore we do not wish to collect sensitive data such as your religious belief, health data or other special categories of personal data mentioned in Art 9 GDPR, unless you have been expressly requested by us to transmit such data.

2. HANDLING PERSONAL DATA FOR WEBSITE’S INFORMATIONAL USE
If you use our website purely for informational purposes, in other words if you do not register or if you transfer information to us otherwise, we only collect those personal data that are transferred by your browser to our server. If you would like to view our website, we collect the following data that are technically necessary for us in order to show you our website and guarantee stability and security (in addition to any data voluntarily provided by you based on your cookie settings – see section 2.1).
IP address
date and time of the request
time zone difference from Greenwich Mean Time (GMT)
content of request (actual web page)
access status/HTTP status code
respectively transferred data amount
website from which the request is received
browser
operating system and its interface
language and version of the browser software

2.1. COOKIES
Like most websites, we also use cookies, provided that this is required from a technical standpoint for use of the website or you have provided your consent for this purpose, which you can withdraw at any time. For more information please see our Cookie Policy.
The legal basis for this processing is Art. 6 Para 1 (f) GDPR.

2.2. GOOGLE SERVICES
All services mentioned under sections 2.2 are provided by Google Ireland Gordon House, Barrow Street, Dublin 4, Ireland and/or Google Inc. 1600 Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (”Google”).
You can prevent participation in various Google services in several ways: a) by adjusting your browser software accordingly, in particular, the suppression of third-party cookies results in you not receiving any third-party ads; b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain ”www.googleadservices.com”, https://adssettings.google.com, although this setting will be deleted if you delete your cookies; c) by deactivating the interest-based advertisements of the providers that are part of the ”About Ads” self-regulation campaign via the link https://www.aboutads.info/choices, although this setting will be deleted if you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link https://www.google.com/settings/ads/plugin, e) by setting your cookie preferences accordingly. We point out that, in this case, you may not be able to use all features of this offer in full.
For detailed information on how Google secures and handles your personal data please see https://policies.google.com/technologies/product-privacy and https://policies.google.com/privacy.
Please also visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org/ to find out more about responsible data collection and its use for digital advertising.

2.2.1 GOOGLE ANALYTICS AND UNIVERSAL ANALYTICS
This website uses Google Analytics, a web analytics service that uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
This website uses Google Analytics with the extension “_anonymizeIp ()”. We have activated IP anonymization on this website by using the extension “_anonymizeIp ()”, so your IP address will be shortened beforehand by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area. As a result of this IP anonymization reference to particular individuals can be excluded. Therefore, as far as the data collected about you contains a personal reference, it is immediately excluded and the personal data deleted immediately. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to us Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google.The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information.
You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all the functions of this website in full. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available at the following link and installing it: https://tools.google.com/dlpage/gaoptout. If you want to deactivate the tracking via Google Analytics for your mobile devices please follow the following link http://tools.google.com/dlpage/gaoptout to activate the respective opt-out cookie.
We use Google Analytics to analyze and regularly improve the use of our website. With the statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US,
The legal basis for the use of Google Analytics is Art. 6 Para. 1 (f) GDPR.
For further information please see the following links: Google Analytics Terms of Service: https://marketingplatform.google.com/about/analytics/terms/gb/, Overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245.
This website also uses Google Analytics for a cross-device analysis of visitor traffic conducted via a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.
Universal Analytics enables cross-device tracking of users and leads to more refined information for those responsible (generally https://support.google.com/analytics). The opinion of the supervisory authorities is not yet available. In any case, the data subject must be informed about the extended use and be shown the possibility to opt-out.

2.2.2. GOOGLE ADS
We use the offer of Google Ads, in order to draw attention to our attractive offers with the help of advertising (so-called Google Ads) on external web pages. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.
These advertising materials are supplied by Google via so-called “ad servers”. To do this, we use ad server cookies, from which certain performance metrics such as ads or user clicks can be measured. If you access our website through a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days and should not serve to personally identify you. As a rule, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wants to be addressed) are usually stored as analysis values for this cookie.
These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may discover that the user clicked on the advertisement and was redirected to that page. Each Ads customer is assigned a different cookie. Thus cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We receive only statistical evaluations provided by Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Ads Conversion, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.
The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

2.2.3 GOOGLE REMARKETING
In addition to Ads Conversion, we use the Google remarketing application, which enables you to see our ads after visiting our website as you continue to use the internet. This is done by means of cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. This is how Google determines your previous visit to our website. Consolidation of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur by Google according to its own statements. In particular, according to Google, pseudonymization is used in remarketing.
With the use of remarketing, information about your browsing behavior is collected for marketing purposes in anonymous form and stored on your computer using cookies (targeting / retargeting). Based on an algorithm, we can then show you targeted product recommendations as personalized banner ads on other websites (so-called publishers). If you do not want this to occur, you can disable it via the Ads Preferences Manager (https://www.support.google.com/ads/answers/2662922).
The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

2.2.4 GOOGLE CAMPAIGN MANAGER
This website uses the online marketing tool Campaign Managerby Google. Campaign Manager uses cookies to place ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to determine which ads are shown in which browser and can prevent them from being displayed multiple times. In addition Campaign Manager uses cookie IDs to track so-called conversions related to advertising requests. This is the case if, for example, a user sees a Campaign Manager advertisement and later goes to the advertiser’s website with the same browser and buys something there. According to Google, Campaign Manager cookies do not contain personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server when you visit our website. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Campaign Manager, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.
Furthermore Campaign Manager cookies (DoubleClick Floodlight) help us to understand whether you complete certain actions on our website after viewing any of our display/video ads on Google or other platforms through Campaign Manager or clicking through one of these ads (conversion tracking). Campaign Manager applies this cookie to understand the content with which you have interacted on our website to be able to send you targeted advertising later on.
If you want to prevent Google from collecting the data generated by the cookies please download and install the browser plugin available under “Display settings”, “Extension for Campaign Manager deactivation” at https://support.google.com/adsense/answer/142293.
Further information on Campaign Manager is available at https://www.google.de/doubleclick.
The legal basis for the processing of your data is Art 6 Para. 1 (a) GDPR.

2.2.5 GOOGLE RECAPTCHA
This website uses Google reCAPTCHA to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program (“bots”).
reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website.
This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.
The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

2.2.6 GOOGLE MAPS
This website uses Google Maps to display our location and to provide directions (e.g. via our store finder and event calendars). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. All user settings and data are processed to display a location and describe a certain route.
By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.
The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

2.2.7. GOOGLE FONTS
This website uses Google Fonts to display external fonts. For this purpose, your browser loads the required web fonts into your browser cache to display texts and fonts correctly, which requires your browser to establish a direct connection to Google Servers. Google can identify the website from which your request has been sent and to which IP address the fonts are being transmitted for display.
The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

2.2.8. GOOGLE TAG MANAGER
This website uses the Google Tag Manager that allows website tags to be managed using an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, it remains valid for all tracking tags implemented with Google Tag Manager.
The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

2.2.9. YOUTUBE VIDEOS
We have also incorporated YouTube videos into our websites. The videos are stored at www.youtube.com and can be played directly from our websites. These videos are incorporated in such a way that no personal data related to you as the user is sent to YouTube if you do not play the videos.
If you do play the videos, YouTube cookies will be stored on your computer and data will be sent to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the YouTube operator. When playing videos stored with YouTube, the following personal data is sent to Google, Inc.: the IP address and cookie ID, the specific address of the page visited on our websites, language setting of the browser, system date and time of access and your browser’s identifier. The data is transmitted regardless of whether you are registered with or logged in to Google. If you are logged in, this data will be attributed directly to your account.
If you do not want this attribution to your profile, you must log out before activating the button. YouTube or Google, Inc., stores this data as use profiles and uses this data for the purposes of advertising, market research and/or designing its websites based on demand. Such use is meant in particular (not only for logged-in users) to provide advertising based on demand and to inform other users of your activities on our website. You have a right to oppose the creation of these user profiles, and to exercise this right, you must address yourself to Google Inc. as the operator of YouTube. Additional information on the purpose and scope of data collection and processing by Google, Inc., can be found at www.google.at/intl/policies/privacy/. We do not process the personal data collected when the YouTube video is accessed.

2.3. FACEBOOK BUSINESS MANAGER
The Facebook Business Manager is a tool that helps us to create, manage, monitor, and report on various business-related assets on Facebook and Instagram in an organized and targeted way, such as our Facebook company pages, Instagram profiles, and advertising. The Facebook Business Manager also includes a wide range of Facebook Business Tools that are explained below:
The Facebook Business Tools are technologies offered by Facebook Inc. and Facebook Ireland Limited that help website owners and publishers, app developers, and business partners, including advertisers and others, integrate with Facebook, understand and measure their products and services, and better reach and serve people who use or might be interested in their products and services.
All of these tools can be used for the so called „Facebook Products“ which include Facebook (including the Facebook mobile app and in-app browser), Messenger, Instagram (including apps like Boomerang), Facebook Shops, Audience Network and any other features, apps, technologies, software, products, or services offered by Facebook Inc. or Facebook Ireland Limited under the Data Policy of Facebook. For details please also see sections 2.3.1 and 2.3.2 below.
All services mentioned under section 2.3.1 and 2.3.2 are provided by Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook“).

2.3.1. FACEBOOK PIXEL AND CAPI
For conversion measurement, our website uses the pixel visitor promotion as well as the Conversions Application Programming Interface (“CAPI”) of Facebook.
Because we use the “Custom Audiences” remarketing feature, which you can disable an time as described below, your behaviour can be tracked after you have been redirected to our website by clicking on a Facebook ad. As a result, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures optimized.
The data collected is anonymous to us as operators of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage directive. As a result, Facebook can enable advertising to be displayed on Facebook sites and outside of Facebook. This use of the data cannot be influenced by us as a site operator.
See the data protection notice of Facebook for more information on how to protect your privacy: https://www.facebook.com/about/privacy/.
You can also disable the “Custom Audiences” remarketing feature in advertisement settings at https://www.facebook.com/ads/preferences/. For this you have to be logged in to Facebook.
If you do not have a Facebook account, you can opt out of Facebook Commercial Advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/uk/your-ad-choices.
The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

2.3.2. FACEBOOK/INSTAGRAM LEAD ADS
To enable subscription to our newsletter and/or your participation in a prize game or contest via Facebook/Instagram we use lead ads on our Facebook and Instagram accounts.
Please note that
if you register for our newsletter via lead ads, the information provided under 4.7 applies mutatis mutandis with the following deviation: Apart from you IP address, which we don’t collect, we use the same personal data (namely first name, email address, country and language) but we included a mandatory field “country” and your language is automatically allocated based on the language that you used on your social media channel when signing up for the newsletter (instead of allocating the country/language via the Browser Regional Manager);
if you register for our newsletter in connection with your participation in one of our prize games or contests via lead ads, the information provided under section 4.8 applies with the following deviation: We don’t process your IP address.
Based on your freely granted consent to receive the newsletter and after confirmation of the double opt-in e-mail by clicking on the button contained therein, your first name, your e-mail address, country and your IP address will be processed by us for the purposes of sending (i) personalised marketing and product information related to goods and services from SEVENTY SEVEN, (ii) personalised promotional information and news matching your interest categories and based on your website use (for example, frequent viewing of products within your selected interest categories and geolocalisation), (iii) satisfaction surveys regarding services and demand analyses, (iv) contests, coupons, discount campaigns and prize games, (v) electronic greeting cards via e-mail, and will be transmitted for these purposes to SEVENTY SEVEN.
Subscription via the form is only effective if you activate the subscription by “clicking” on the confirmation link in the confirmation e-mail that you receive. At the time of subscription, only your personal data recorded with Facebook/Instagram or entered voluntarily by you, such as your e-mail address and name in all cases (and usually also your country), are required in the form. We use the personal data provided exclusively to send to you via e-mail our newsletter as described above, provided that you have explicitly provided consent. You may revoke your consent to receive the newsletter at any time with effect for the future without specifying the reasons. For details on how we generally handle your personal data when you sign up for our newsletter please see section 4.7.
The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

3. OPERATION/USE OF SOCIAL MEDIA ACCOUNTS
We are operating several accounts on social media networks or platforms or using such social media networks or platforms in order to communicate with our customers, interested parties and other users and to inform them about our brands, products and services.
We would like to point out that user data may be processed outside the European Union by the Social Media companies when visiting their websites which can result in risks for users (e.g. it could be difficult to enforce data subject rights of users).
Please note that your data is usually processed for market research and advertising purposes by the Social Media platforms when visiting their websites. For example, user profiles can be created on the basis of user behaviour and the documented interests of users. The user profiles can then be used to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are registered users of the respective platforms and are logged in).
The processing of your personal data when visiting our social media channels is carried out on the basis of our and the social media platform’s legitimate interests (effective information of and communication with customers, prospects and users) pursuant to Art. 6 Para.1 (f) GDPR. If you are requested to consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para 1 (a) GDPR.
With regard to the exercise of your data subject rights under the GDPR we point out that these can be asserted most effectively with the Social Media providers. Only the social media providers have access to your personal data and can directly take appropriate measures and provide information to you. Should you nevertheless need help, please let us know.
For a detailed description of the respective processing operations and the opt-out options, please refer to the privacy policy of the respective service provider:
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings, www.youronlinechoices.com
Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://tools.google.com/dlpage/gaoptout
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: https://help.instagram.com/519522125107875
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/en/privacy, Opt-Out: https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads ◦ LinkedIn (For users in EU/EEA/Switzerland: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; for all other users: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, User Agreement: https://www.linkedin.com/legal/user-agreement, Cookie Policy / Opt-Out: https://www.linkedin.com/legal/cookie-policy
4. HANDLING PERSONAL DATA DURING PROACTICE USE BY THE USER
In addition to the purely informational use of our website we offer you several services on our website that you may use if you are interested and which we have described in the following sections. For this purpose, as a rule you must provide further personal data that we will use to provide the respective service. You will receive more detailed information on this when you provide your personal data or in the service description below.

4.1. MAKING CONTACT
When the user actively makes contact with us (for example, via e-mail or via our contact form as part of a promotion), the data and information of the user will be stored for the purpose of processing the inquiry and in the event that follow-up questions arise, and forwarded to the responsible person (for example, the IT department, the legal department, logistics etc.).
We process your personal data according to Art. 6 Para. 1 (a) GDPR and because of our legitimate interest according to Art. 6 Para. 1 (f) GDPR.

4.2. APPLICATIONS
Depending on which job you are applying for, you have the chance to send your documents either by e-mail or using our online application form or by ordinary mail. Based on the consent you provide, we process the following data:

If you apply by e-mail or ordinary mail, please send us a cover letter, your CV and any certificates that are relevant for the position advertised.
If you apply using our online application form, you will also be required to enter certain personal data that are marked as mandatory in this form, namely your first and last name(s), gender, date of birth, nationality, native language, postal and e-mail address, phone number, and to upload your CV. You also have the change to transfer further data voluntarily, by completing the fields that are not marked as mandatory or by uploading further data and/or files in addition to your CV (e.g. certificates or a cover letter).

All the data provided by you (such as any personal data that is sent by e-mail or ordinary mail, uploaded in files or otherwise collected as part of the application process) (“DATA”) will be collected, stored and processed exclusively for the purpose of dealing with your application. Only the employees of the human resources department of the company with which you have applied for a job, the employees of the relevant department for which you apply, as well as the employees of the international human resources department, will have access to your DATA. All people who are involved in the processing of your application are obligated to maintain data secrecy.
You may revoke your voluntary consent to the processing of your DATA at any time, without specifying the reasons and with effect for the future (e.g. by sending an e-mail to the contacts named in the job advertisement).
If your application is successful, all DATA relating to the employment relationship with you will be processed further; you will then receive more detailed information on this in our employee information leaflet on data protection. If your application is not successful, all your DATA will be stored for a further 6 months (from the date of rejection, even in the case of a revocation received before expiry of this period), to enable us to answer any questions connected with your application and/or rejection, and will subsequently be erased; any applications sent by ordinary mail will either be returned to you by post or destroyed.
We process your personal data according to Art. 6 Para 1 (a) GDPR and because of our legitimate interest according to Art. 6 Para 1 (f) GDPR.

5. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES OUTSIDE OF THE EU/EEA
We might transmit your personal data to companies and contractual partners outside of the EU/EEA for the provision of our services, the operation of the website, the handling of your order, the maintenance of our IT systems and software etc. However, such transmission does not change anything in our obligation to protect your personal data in accordance with this Privacy Policy. If your personal data is forwarded outside of the EU/EEA, we guarantee an adequate measure of security by forwarding them to countries that have an appropriate level of protection based on confirmation by the European Commission, or by concluding an appropriately formulated contract between us and the legal person outside of the EU/EEA who receives the data. In other cases, the data transfer might be based art. 49 para. 1 GDPR. You may receive a copy of the suitable guarantees by sending an e-mail to us at info@hesacore.com.

7. DATA SECURITY
We take appropriate technical and organisational security measures to protect your personal data from unintentional or unauthorised deletion or modification, and from loss, theft and unauthorised viewing, forwarding, reproduction, use, alteration or access. We and our employees are also bound to data secrecy and confidentiality. Likewise, performance agents and authorised agents of SEVENTY SEVEN who must have access to your personal data to fulfil their professional duties will receive access and will be subject to the same obligations to observe data secrecy and confidentiality.

8. STORAGE PERIOD
We will save the personal data processed via our website as long as they are required for the fulfilment of our contractual obligations. If processing depends upon your consent, we will store this data as long as you do not withdraw your consent. We will also store your data only as long as we are obligated by law to store them and as long as claims can be asserted against us.

9. YOUR RIGHTS
You have the right to receive information in a clear, transparent and intelligible manner regarding how we process personal data and regarding your rights as a data subject (Art. 13 et seqq. GDPR):
You therefore have the right to information and to receive a copy of the personal data about you that is processed; (Art. 15 GDPR);
If the personal data is incorrect or no longer current, you have the right to rectification; (Art. 16 GDPR);
You also have the right to erasure of your data (“right to be forgotten”); (Art. 17 GDPR)
You also have the right to unsubscribe from marketing campaigns and to opt out in this regard at any time; (Art.21 Para. 2 GDPR);
You may also revoke your consent to the processing of personal data at any time with effect for the future if processing is based on your consent; (Art 7 GDPR)
You also have the right to data portability (Art. 20 GDPR) in a commonly used and machine-readable format. This applies exclusively to
data that you have provided, with which processing is based on a contract or consent and with which processing takes place automatically;
Finally, you have the right to request that the processing of data by us be restricted (Art. 18 GDPR), so that we may only continue to store them and no longer use or process them. However, this applies only in the following situations:
The accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data;
The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
We no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims;
You have objected to processing based on our legitimate interests and the verification of whether legitimate grounds on our side override those on your side is not yet certain.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).
You also have the right to lodge a complaint with the competent data protection authorities if you are of the opinion that the processing of the personal data about you violates the applicable data protection laws (Art. 77 GDPR).
Before you lodge a complaint with the data protection authorities, or if you have questions, you may also contact us:

Seventy Seven srl
Viale Mercato Nuovo 44/F
36100 Vicenza
Italia
Via e-mail at info@hesacore.com.

Your right to object
As the data subject, you may object to the use of your data at any time if the processing serves the purposes of direct marketing. If we process your data for legitimate purposes, you also have the right to object at any time if grounds for this arise from your specific situation. In this case, we ask you to provide reasons as to why the data should not be processed in the future.
So that we can process your inquiry regarding your rights specified above and ensure that personal data is not given to unauthorised third parties, please address the inquiry with a short description regarding the scope of the exercise of your data subject rights listed above.

Version date: October 2022