Pursuant to Articles 13 and 14 GDPR, the Data Controller communicates through this Privacy Policy how and why it collects and processes personal data of users and customers ("Data Subjects") of the website https://www.dreamjobsystem.com/ ("Website").
This Privacy Policy must be read and applies to the processing of personal data of Data Subjects together with the Website's Cookies Policy and Terms and Conditions.
Please note: This Privacy Policy does not concern and does not apply to the processing of personal data that Data Subjects may provide and/or publish on third-party websites, applications and/or services that may be integrated on the Website, if such third parties do not act on behalf of the Data Controller.
Please read this Privacy Policy carefully before browsing, registering, using the Website and purchasing the products offered through it.
1. Definitions
The terms used in this Privacy Policy and defined in Art. 4 GDPR have the same meaning attributed by the GDPR and apply in addition to the definitions identified in this Privacy Policy:
Data Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Personal data
Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject
The identified or identifiable natural person to whom the personal data refers.
Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Types of Personal Data
The Data Controller collects and processes personal data provided and/or indicated by Data Subjects at different times during interaction with them through the Website.
2.1 During navigation and use of the Website
The mere navigation by Data Subjects on the Website entails that the Data Controller may collect and process some data concerning them:
- System and maintenance logs: files that record the interactions of Data Subjects within the Website, and which may also contain personal data, such as the IP address of the Data Subject's device
- Usage data: personal data collected automatically through the Website, including through tracking tools such as cookies, as regulated in the Website's Cookies Policy
- Segmentation and/or profiling data: personal data collected automatically through tracking tools such as cookies
2.2 At the time of requesting information and/or registering an account
To allow interaction with the Data Controller in relation to the services promoted on the Website, Data Subjects can ask questions and register on the Website. The Data Controller may collect and process:
- Personal details: name, surname, date of birth
- Contact details: email address, mobile phone number
- Registration data: username and password
- Request data: questions, preferences, opinions related to the services promoted and offered on the Website
2.3 During the use of services through the Website
The Data Controller may also collect and process personal data of Data Subjects as part of the process of using services on the Website:
- Personal details: name and surname, citizenship
- Contact details: email address, mobile phone number, physical address
- Payment data: payment method, credit card data and/or PayPal account details
- Billing data: tax code, VAT number
- Service data: type of service, usage history
3. Purposes and Legal Bases of Processing
The Data Controller collects and processes the personal data of Data Subjects for the following purposes, relying on the following legal bases:
Contractual and Pre-contractual Purposes:
- Response to Data Subject's requests for information
- Management of Data Subject's registration on the Website
- Management of communications about services offered
- Management of payment verification
- Management of accounting and tax obligations
- Processing of service orders
- Processing and management of invoices
Legal basis: Performance of a contract or pre-contractual measures at the request of the Data Subject
Legal Obligation Purposes:
- Compliance with accounting and tax obligations
- Execution of orders from judicial and/or administrative authorities
Legal basis: Compliance with a legal obligation to which the Data Controller is subject
Legitimate Interest Purposes:
- Provision of the Website for navigation and use
- Management of IT security of the Website and infrastructure
- Management of complaints and grievances
- Exercise and/or defense of interests and/or rights
- Management of extraordinary corporate operations
Legal basis: Legitimate interest of the Data Controller
Consent-based Purposes:
- Sending promotional and/or marketing communications
- Management of analytical and/or profiling functionalities
- Collection of information and creation of profiles for personalized communications
Legal basis: Consent of the Data Subject
4. Nature of the Provision of Personal Data
Regarding personal data whose processing is necessary for compliance with laws and regulations or for the performance of pre-contractual measures or a contract, the provision of the Data Subject's personal data is mandatory; any refusal would make it impossible for the Data Controller to make the Website available and/or offer its services to Data Subjects.
For the processing based on the legitimate interest of the Data Controller, the provision of personal data is necessary and any refusal would make it impossible to provide services.
For processing requiring consent, the provision of personal data is optional and any refusal does not prejudice or prevent the use of the Website and services.
5. Processing Methods
The Data Controller processes personal data through electronic or automated IT and telematic tools, with organizational methods and logic strictly related to the purposes indicated in this Privacy Policy and in compliance with applicable privacy legislation.
During the processing, the Data Controller adopts appropriate security measures aimed at preventing unauthorized or unlawful access, disclosure, modification or destruction of personal data.
6. Retention Period
The Data Controller keeps personal data only for the time strictly necessary to fulfill the purposes for which the personal data are collected and processed.
- Account data: Until account closure by Data Subjects (deactivated within 2 days, deleted within 30 days)
- Contractual data: Up to 10 years based on legal requirements
- Accounting and tax data: 10 years from invoice issuance
- Website usage data: 3 years from last interaction
- Dispute-related data: Until exhaustion of judicial/administrative proceedings
- Consent-based data: Until consent is revoked (verified every 24 months)
7. Communication and International Transfers of Personal Data
7.1 Authorized Personnel
The Data Controller's personnel, duly trained, authorized and instructed for data processing, may have access to personal data based on the principle of minimum privilege.
7.2 Data Processors and Third Parties
The Data Controller may communicate personal data to external subjects such as:
- Technology service providers (acting as Data Processors)
- Third parties for service provision (independent data controllers)
- Online advertising and social network services
- Payment services (PayPal, banking institutions)
- Professional consultants (legal, tax, commercial)
- Authorities and institutions (when legally required)
- Corporate operation counterparties (mergers, acquisitions)
7.3 International Data Transfers
Personal data may be transferred outside the European Economic Area/European Union to service providers. In such cases, the Data Controller adopts appropriate measures (e.g., standard contractual clauses) to ensure adequate protection equivalent to that provided by privacy legislation.
8. Automated Processing
The Data Controller may perform automated processing in the following circumstances:
- Collecting and managing consent logs for marketing communications
- Managing preferences for cookies and tracking technologies
- Creating profiles for personalized communications and marketing optimization
9. Rights of Data Subjects
Data Subjects may exercise their privacy rights under Articles 7, 15 et seq. GDPR:
Available Rights:
- Right of access: Obtain confirmation and access to personal data being processed
- Right to rectification: Obtain correction of inaccurate personal data
- Right to erasure (right to be forgotten): Obtain deletion of personal data in certain circumstances
- Right to restriction of processing: Obtain limitation of processing in specific situations
- Right to data portability: Receive personal data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests or for marketing purposes
- Automated decision-making: Right not to be subject to solely automated decision-making
- Withdrawal of consent: Withdraw consent for consent-based processing
Data Subjects also have the right to lodge a complaint with the national supervisory authority.
10. Contacts of the Data Controller
The Data Controller is Dream Job System
Email: Support@Dreamjobsystem.com
11. Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Data Subjects by publishing updates and changes on the Website.
Please regularly consult the page dedicated to the Privacy Policy of the Website, referring to the date of last modification.
If changes concern processing whose legal basis is consent, the Data Controller will collect such consent from Data Subjects if necessary.