Privacy Policy

PRIVACY
POLICY

Unregistered users

Data controller

Xchangesacchetti sede legale in Via della stamperia 73a , 00187 Roma VAT number 09748581007, wishes to inform its user/visitor of the site, regarding the types, purposes and methods of processing of personal data relating to the site, as well as the candidates, regarding the methods of processing of personal data provided spontaneously, following a search and/or during the personnel evaluation and selection phase.

Data Protection Officer

The Data Controller has not appointed a data protection officer pursuant to art. 38 of EU Regulation 2016/679 (“GDPR”), however the interested party has the possibility to contact the Privacy Contact for all matters relating to the processing of your personal data and the exercise of the rights provided by the GDPR to the email address: privacy@xchangesacchetti.com

Type of data being processed

With reference to users/visitors of the site, the collection concerns:

Browsing data
The computer systems and software procedures used to operate this site acquire, during normal operation and only for the duration of the connection, some data which are then implicitly transmitted in the use of Internet communication protocols.
This is information not associated with directly identifiable users (IP address, domain name of the computer used by the interested party who connects to the site, name of the internet service provider, time of the request, etc.).

Cookies
A cookie is a small text file that a website saves on your computer or mobile device while you visit it.
The information encoded in cookies may include personal data, such as an IP address, a username, a unique identifier or an email address, but may also contain non-personal data, such as language settings or information about the type of device that a person is using to navigate the site.
Cookies can perform important and different functions, including monitoring sessions, storing information on specific configurations regarding users who access the server, facilitating the use of online content, etc.
The same result can also be achieved through the use of other tools (e.g. fingerprinting, i.e. the technique that allows the device used by the user to be identified through the collection of all or some of the information relating to the specific configuration of the device itself adopted by the interested party) which allow processing similar to those indicated above.
The website managed by XChange uses only technical cookies.
For further information, the interested party can consult the Cookie policy [provide link]

Data provided voluntarily by users
If the interested party by connecting to this site sends personal data to make requests via e-mail, such data will be processed to respond to the interested party’s request.

With reference to candidates, the collection concerns in particular common personal data: information relating to name, surname, residential address and telephone number, email address, place and date of birth, education or professional situation, photograph.

The interested party will not be required to indicate particular data, as qualified by the art. 9 of the GDPR, i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sexual life or sexual orientation of the person, without prejudice to the hypothesis in which the data must be known due to the establishment of the employment relationship, with particular reference to the possible belonging of the interested party to the protected categories.

Purpose of processing and legal basis

The processing of personal data relating to users/visitors of the site is carried out for the pursuit of the following purposes:
to. Checking the correct functioning of the service offered;
b. Saving preferences;
c. Carrying out operations strictly connected and instrumental to the management of the relationship with the interested party.
Legal basis: the processing of personal data for the purposes referred to in points a and c is necessary for the execution of the requested service.
Legal basis: the processing of personal data for the purposes referred to in point b requires the user’s prior consent

The processing of personal data provided voluntarily by candidates is carried out for the pursuit of the following purposes:
d. Personnel search and selection: personal data are collected from the interested party or from third parties used by the Data Controller for the selection procedures, they are processed and used to follow up on the interested party’s request and more precisely to proceed with the verification of the prerequisites for hiring or starting a professional collaboration;

Legal basis: processing is necessary for the execution of pre-contractual measures adopted at the request of the interested party, as well as for the pursuit of the legitimate interest of the Data Controller in carrying out activities aimed at the search and selection of personnel to fill vacant positions.
And. Quality control and certifications: personal data may be processed during activities aimed at verifying the quality management system and/or the information security management system;
Legal basis: processing is necessary for the pursuit of the legitimate interest of the Data Controller in satisfying the high expectations of its customers regarding the quality of the products and services provided, as well as the continuous improvement of its performance.
f. Risk management: personal data may be processed during activities aimed at verifying and analyzing risks regarding the protection of personal data.
Legal basis: processing is necessary for the pursuit of the legitimate interest of the Data Controller in evaluating the degree of compliance of its organization with the law, as well as for the fulfillment of an obligation deriving from the contractual relationship with the customer.

Harvesting Mode

The processing of data relating to visitors to the site is carried out through automated tools for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the relevant regulatory provisions.
The collection of personal data relating to candidates may occur following receipt by post, email, direct delivery, or by any other means of communication, of information relating to the interested party’s professional and study experiences (curriculum vitae). Receipt of the curriculum vitae may be following a spontaneous sending or in response to a personnel search and selection announcement. Further personal data may subsequently be collected during the personal interview during the selection phase.

Obligatory provision of data

The provision of data – with exclusive reference to candidates – is optional and is left to the will of the interested party to present his or her curriculum vitae. As regards data subsequently and possibly requested by the Data Controller, failure to provide the impossibility of proceeding with the verification of the prerequisites for hiring and/or starting the collaboration and therefore for the possible establishment of the working relationship with the Data Controller.

Treatment methods

Personal data are processed by the Data Controller in compliance with the principles of lawfulness, correctness and transparency.
Personal data are processed by the Data Controller in compliance with the principles of lawfulness, correctness and transparency, with the support of IT and telematic means, and are protected through adequate security measures suitable to guarantee their confidentiality and integrity.

Deletion period

Purpose of processing Deletion period
a, b and c For details on the storage of individual cookies, the interested party can consult the Cookie policy
d limited to the time necessary
and Limited to the duration of recruiting or, with reference to selected candidates not hired, no longer than 6 months from data collection
f Limited to the duration of the checks.
After this deadline, the data will be destroyed or anonymized, unless there are no further purposes for storing them.

Recipients and transfer of information

The data collected is not subject to dissemination.
The personal data relating to visitors to the site may be communicated to subjects designated by the Data Controller pursuant to art. 28 of the GDPR for the purposes indicated above.
Personal data relating to candidates may be communicated to:
to. Third parties such as independent owners or designated by the Data Controller pursuant to art. 28 of the GDPR for the purposes indicated above – consultants, auditors, certification bodies, service providers, personnel selection and evaluation companies;
b. Authority if required by applicable regulations;
c. Customers who verify compliance with the certifications acquired by the company or/and with current legislation regarding the processing of personal data.
The updated list of subjects appointed as Data Processors is available from the Data Controller.
The personal data collected are processed by people authorized by the Data Controller for the specific purposes and methods of processing.
Any transfers of personal data to a third country outside the European Union or to an international organization will take place on the basis of an adequacy decision by the Commission or, in the case of transfers referred to in the articles. 46, 47 or 49, par.1, paragraph 2 of the European Regulation, on the basis of appropriate and appropriate guarantees.

Rights of the interested party

The interested party has the right to ask the Data Controller, at any time, to access his/her personal data, to rectify or cancel them or to oppose their processing, and has the right to request the limitation of processing in the cases provided for by art. 18 of the GDPR, as well as to obtain the data concerning him in a structured, commonly used and machine-readable format, in the cases provided for by art. 20 of the GDPR.
Requests can be addressed to the email address privacy@xchangesacchetti.com
In any case, the interested party always has the right to lodge a complaint with the competent supervisory authority – Guarantor for the protection of personal data – pursuant to art. 77 of the GDPR, if you believe that the processing of your data is contrary to the legislation in force

Updating information

This information is subject to updates, also in relation to the relevant legislation. The interested party is therefore invited to periodically check its contents

---

Registered users

Data controller

Xchangesacchetti srl a socio unico, Via della Stamperia 73 a, 00187 Rome VAT number 09748581007, wishes to inform its user, regarding the types, purposes and methods of processing of personal data provided spontaneously, during registration on the site and subsequent use of currency exchange services

Data Protection Officer

The Data Controller has not appointed a data protection officer pursuant to art. 38 of EU Regulation 2016/679 (“GDPR”), however the interested party has the possibility to contact the Privacy Contact for all matters relating to the processing of your personal data and the exercise of the rights provided by the GDPR to the email address: privacy@xchangesacchetti.com

Type of data being processed

The collection concerns in particular the personal and contact data (name, surname, date of birth, country of birth and residence, tax code, e-mail, telephone, selected location) provided spontaneously by the user during registration on the site and in the subsequent booking phase of the currency exchange transaction at the designated offices.

The interested party will not be required to indicate particular data, as qualified by the art. 9 of the GDPR, i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sexual life or sexual orientation of the person, without prejudice to the hypothesis in which the data must be known due to the establishment of the employment relationship, with particular reference to the possible belonging of the interested party to the protected categories.

Purpose of processing and legal basis

The processing of personal data is carried out for the pursuit of the following purpose:
a) For the provision of currency exchange booking services offered by Xchangesacchetti and for the execution of the business services requested by the interested party.
Legal basis: the processing of personal data for the purposes referred to in point a) is necessary for example for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same.

Harvesting Mode

The method of collecting personal data may take place through spontaneous provision by the user, by completing the appropriate data collection form for registration on the site and subsequent booking of the transaction.

Obligatory provision of data

The provision of data is optional and is left to the will of the interested party to use the currency exchange service offered. Any refusal or incorrect communication of the data requested by the Data Controller makes it impossible to establish, execute and manage the contractual relationship

Treatment methods

Personal data are processed by the Data Controller in compliance with the principles of lawfulness, correctness and transparency, with the support of IT and telematic means, and are protected through adequate security measures suitable to guarantee their confidentiality and integrity .

Deletion period

Purpose of processing Deletion period
a Limited to 5 years from the termination of the contractual relationship

In relation to the purposes for which they were collected or for the use of the currency exchange booking service, the personal data are retained by the data controller exclusively for the period indicated above. After this deadline, the data will be destroyed or anonymized, unless there are no further purposes for storing them.

Recipients and transfer of information

The data collected are not subject to dissemination. Personal data may be communicated to:
to. Third parties such as independent data controllers or designated by the Data Controller pursuant to art. 28 of the GDPR for the purposes indicated above;
b. Authority if required by applicable regulations;
The personal data collected are processed by people authorized by the Data Controller for the specific purposes and methods of processing.
Any transfers of personal data to a third country outside the European Union or to an international organization will take place on the basis of an adequacy decision by the Commission or, in the case of transfers referred to in the articles. 46, 47 or 49, par.1, paragraph 2 of the European Regulation, on the basis of appropriate and appropriate guarantees.

Rights of the interested party

The interested party has the right to ask the Data Controller, at any time, to access his/her personal data, to rectify or cancel them or to oppose their processing, and has the right to request the limitation of processing in the cases provided for by art. 18 of the GDPR, as well as to obtain the data concerning him in a structured, commonly used and machine-readable format, in the cases provided for by art. 20 of the GDPR.
Requests can be addressed to the email address privacy@xchangesacchetti.com
In any case, the interested party always has the right to lodge a complaint with the competent supervisory authority – Guarantor for the protection of personal data – pursuant to art. 77 of the GDPR, if you believe that the processing of your data is contrary to the legislation in force

Updating information

This information is subject to updates, also in relation to the relevant legislation. The interested party is therefore invited to periodically check its contents