This privacy notice is provided in accordance with the European Regulation for the Protection of Personal Data No. 679/2016 – GDPR and national laws implementing it, to those who interact with the web services of Abstract S.r.l., accessible online from the address:
www.abstract.it – abstract.it
corresponding to the homepage of the Abstract S.r.l. website. This notice is provided only for the Abstract S.r.l. website. This notice is provided only for the Abstract S.r.l. website and not for other websites that users might access through links. The notice is also inspired by Recommendation No. 2/2001 that the European authorities for personal data protection, convened in the Group established by Article 29 of Directive No. 95/46/EC, adopted on May 17, 2001, to identify some minimum requirements for collecting personal data online. This includes the methods, timing, and nature of the information that data controllers must provide to users that connect to web pages, regardless of the purpose of the connection.
1. Data Controller
Following the consultation of the present website, data related to identified or identifiable individuals may be processed. The “data controller” responsible for their processing is Abstract S.r.l., with registered office in Milan (Italy), Foro Bonaparte 70 – 20121 Milano.
2. Data Processor
Complete lists of data processors and system administrators can be requested by sending an e-mail to dpo@abstract.it.
3. Location of Data Processing
The processing of data related to the web services of this site takes place at the operational offices of Abstract S.r.l. listed on the Contacts page. The processing is carried out only by technical personnel in charge of data processing.
4. Navigation Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, a number of personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature, it could allow the identification of users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc), and other parameters related to the user’s operating system and computer environment. This data is used solely for the purpose of obtaining anonymous statistical information about the use of the site and to ensure its proper functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, the contact webe data do not persist for more than seven days.
5. Data Provided Voluntarily by the User
The optional, explicit, and voluntary sending of electronic mail to the addresses indicated on this site, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. The optional, explicit and voluntary submission of the e-mail address through request forms on this site (newsletter subscription, information request, application for job positions at Abstract S.r.l.) entails the subsequent acquisition of the sender’s address, necessary to fulfill requests, as well as other personal data sent through the fields of the forms themselves.
6. Cookies
Detailed information about cookies and their use within this site can be found on our Cookie Policy.
7. Optional Nature of Data Provision
Apart from what is specified for navigation data, the user is free to provide personal data reported in the request forms (Forms) to Abstract S.r.l. for submitting spontaneous applications for job positions at Abstract S.r.l. or to request the newsletter, informational material, or other communications. Failure to provide them may result in the impossibility of obtaining what is requested.
8. Processing Methods
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.
9. Communication and Dissemination of Data
No data resulting from the web services of Abstract S.r.l. website is communicated or disseminated. The personal data provided by users through e-mail messages sent to e-mail addresses present on the Abstract S.r.l. website or request forms (forms) on the Abstract S.r.l. website is used solely for the purpose of performing the requested service or performance and is communicated to third parties only if necessary for legal purposes or necessary to fulfill the requested service (shipping, logistic services, curriculum analysis etc).
10. Rights of Data Subjects
Individuals to whom personal data refers, have the right to obtain confirmation of the existence or not of the same data at any time and to know its content and origin, verify its accuracy, or request its integration or updating, or correction (Article 8 of the Personal Data Protection Code). Pursuant to the same article, they have the right to request the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, as well as to object in any case, for legitimate reasons to their processing. Requests should be addressed to:
- By e-mail: to dpo@abstract.it
- Lawyer Matteo Pompilio
- By ordinary mail to: Abstract S.r.l., Foro Bonaparte, 70 – 20121 Milano
1. QUALITY, ENVIRONMENT, AND INFORMATION SECURITY POLICY
In order to ensure the utmost satisfaction of its customers and, more broadly, all stakeholders, the management of ABSTRACT S.R.L. (hereinafter referred to as Abstract) has defined this "Quality, Environment, and Information Security Policy," placing it within a broader corporate strategic vision.
Already certified for quality according to the UNI EN ISO 9001:2015 standard in the field of "Providing business support and consulting services, product development, installation of proprietary and third-party packages, integration of solutions, IT assistance and maintenance services," Abstract has decided to adopt and maintain an active Integrated Quality, Environment, and Data Security Management System in compliance with the UNI EN ISO 14064-1:2019 and UNI CEI ISO/IEC 27001:2014 standards.
Abstract believes that the adoption of an Integrated Management System is a cornerstone of its strategy and promotes commitment at all levels of the organization. Moreover, recognizing its leadership role, Abstract disseminates and supports the commitment to meet the requirements of the Integrated Management System and continuously improve its effectiveness, sharing its importance with all collaborators through effective communication actions and constant preventive checks to maintain the security of all data and information, both internally and as part of the customer service.
The strategic principles underlying the Integrated Quality, Environment, and Data Security Management System are as follows:
- Continuous commitment to ensuring the security of both internal and customer data and information, as well as other stakeholders;
- Strong environmental sensitivity;
- Supporting the customer to ensure that product requirements, both specific and mandatory, are met and lead to full user satisfaction;
- Ensuring availability and prompt resolution of potential incidents that may threaten the service in terms of business continuity and information security;
- Maintaining absolute rigor in identifying potential risks related to the service through continuous monitoring for the quality and security of information via Internal Audits and Management Review;
- Systematic management of activities through continuous monitoring of work status;
- Maintaining, following the review of information security risks, full compliance with company procedures, instructions, policies, and directives to ensure the system's full conformity to standards, laws, regulatory requirements, and contractual obligations related to security;
- Providing a high-quality standard with added value.
Abstract's employees are required to adhere to the Integrated Management System and the procedures it refers to in the execution of their activities, achieving the assigned objectives. To this end, the management of Abstract plans and implements ongoing activities to involve, train, and update personnel at all levels, with particular attention to compliance with set standards.
Abstract, in carrying out its activities, commits to observing the "Quality, Environment, and Information Security Policy" (Integrated Policy). The commitments of the Integrated Policy are translated into a plan of defined, measurable, and appropriate objectives for the various levels of the organization.
These objectives are based on the following principles:
- Customer Focus: By maintaining a direct, honest, and transparent relationship aimed at building a partnership rather than just providing a service, constant attention is given to the needs of customers, even interpreting unexpressed needs;
- Leadership: Recognizing that people are our strength and the key to our success, each individual is a leader of themselves and/or the team they manage;
- Active Participation of People: Abstract's commitment is constantly directed at enhancing its collaborators who, with competence and professionalism, represent the main "critical success factor" for the company. The individual growth of Abstract's collaborators is the driving force for the overall growth of the company;
- Risk and Opportunity Assessment: Abstract plans its processes with a "risk-based thinking" approach to implement the most suitable actions to assess and treat risks associated with business processes, data and information security, and the environment. It aims to exploit and strengthen identified opportunities and promote a proactive sense of risk and activity management at all levels;
- Process Approach: Following a logical path that originates and evolves with our experience, we offer services and products that meet customer needs and are "scalable and adaptable" to changes;
- Improvement: Applying an indispensable mental approach, starting from awareness of what we do, how we do it, and what we want to do. The constant improvement of each of us is the path that leads to the improvement of the service and customer satisfaction. Abstract has identified, in the organization's process approach and the implementation of an Integrated Management System in accordance with international standards ISO 9001, ISO 27001, ISO 14064, one of the main approaches through which to pursue its values, its Integrated Policy, and the resulting objectives;
- Reduction of Environmental Impacts, Carbon Footprint Sustainable approach to the consumption of natural resources and attention to waste to safeguard the environment. Monitor, calculate, quantify, and obtain certification of GHG emissions and assess the Carbon Footprint within the organization in accordance with the UNI EN ISO 14064-1:2019 standard. To achieve improvement objectives, Abstract has decided to take actions aimed at reducing GHG emissions as much as possible, including the adoption of a sustainable consumption model.
Furthermore, Abstract foresees contributions to social and environmental activities through the training and awareness of its personnel and participation in specific initiatives. In terms of environmental attention and environmental sustainability, Abstract's top priority is to ensure that its activities have an increasingly reduced environmental impact.
This process, included in our Integrated Policy, is centered on the following main commitments:
- Selecting sources and GHG emissions: Defining data and methodologies suitable for the needs of stakeholders and including all relevant GHG emissions;
- Information: Allowing a meaningful comparison of related information, disclosing sufficient and appropriate information on GHGs to enable stakeholders to make decisions with reasonable confidence;
- Improvements: Establishing a system to raise awareness among all personnel and third parties to reduce uncertainties as much as possible, encouraging behavior by all Abstract members that is particularly environmentally conscious. This leads to a reduction in emissions;
- Data and Information Security: Information Security Management is of fundamental importance, with the primary goal of protecting data and information to safeguard the assets represented by company knowledge, that of its clients, stakeholders, and to protect the individuals whose personal data is involved. To this end, it commits to taking actions and behaviors aimed at preserving them.
Abstract's Integrated Information Security Policy defines and organizes the confidentiality of information, computer integrity, and manages all related aspects, from technical to management and business, including the confidentiality and availability of data.
The entire internal and external organization to Abstract is required to respect and apply the Integrated Policy and consequently the Data and Information Security Management System within the scope of the activities performed and services provided.
With specific reference to data and information security, Abstract considers the following principles essential:
- Integrity: To safeguard information and data from possible unauthorized modifications or deletions due to errors, intentional actions, or system malfunctions.
- Confidentiality and Privacy: To ensure that information and data are accessible only to authorized individuals and processes and are not made available to unauthorized persons or entities. Confidentiality and safeguarding of intellectual property. Ensuring the protection and control of personal data.
- Availability: Ensuring that authorized individuals have access to data, information, and reference systems when requested, thereby safeguarding the entire data and information asset by ensuring its correct access, use, and confidentiality and reducing associated risks (tampering, data theft, etc.).
- Control: Ensuring that data and information management always takes place through secure processes and tools. Commitment to selecting reliable suppliers and partners from the standpoint of information security management and the protection of personal data.
- Legislation: Compliance with current national and international laws and regulations. Information and Training: Adequately informing and training the organization and third parties, ensuring that everyone is fully aware of security issues, obligations, and responsibilities in managing information security and the consequences in case of intentional or unintentional events related to unauthorized use, modification, or destruction of critical information.
- Evidence-Based Decision Making: Our agile and lightweight corporate structure allows us to easily share and make information evident. The management also commits to making resources and means available for achieving the objectives and goals set, in terms of competence development, equipment, information, and economic resources, constantly monitoring their adequacy.
Regular audits of the Integrated Management System are conducted to verify its implementation and effectiveness in achieving objectives and to plan any corrective and improvement actions. Abstract commits to reviewing the adequacy of the Integrated Policy at least once a year and providing indications on any corrections and/or improvements to be made to its structure.
Abstract is committed to ensuring that the Integrated Policy is communicated, respected, and understood for its application by personnel and relevant stakeholders. To this end, the management has decided to periodically review and, when necessary, publish and make company information available through the company intranet, emails, weekly meetings, online through MS Teams, and on the company's website.
To promote the dissemination and understanding of the Integrated Policy, the management constantly seeks to involve functional managers to spread awareness of the individual's role in the organization.