Who handles the data?
Personal data of identified or identifiable persons are collected and may be handled following the visit to this site or for any other service provided by FourStars. The Data Controller is FourStars Impresa Sociale S.r.l., with registered offices in Via M. Buonarroti 18 - 20145 Milan (Italy).

For all questions or concerns about personal data practices or privacy rights, you may contact us at:
For further information send an email to: info@4stars.it and privacy@4stars.it

What does the Data Protection officer do?
The Data Protection Officer is a subject designated by the Data Controller (or the Data Processor) to perform support and control functions, advisory functions, training and informative functions, in relation to the application of EU Regulation 2016/679, of cooperation with the Authorities, which acts as a contact reference, also with respect to the interested parties, for issues related to the processing of personal data.

Who is the data protection officer? How to contact the DPO?
An internal Data Protection Officer has been appointed by FourStars. To communicate with the DPO, please send an e-mail to the following address: privacy@4stars.it

Who does the data processed by FourStars refer to?
FourStars processes the data:

• client Companies (or prospects) filling out our contact form;
• anyone who simply wish to browse our site or who wish to leave a comment on our blog, without us providing any specific service to them.

What data is processed?
FourStars must process information of the Client Company and personal data of the company contacts provided by filling out forms. FourStars also processes the navigation data such as IP addresses or domain names of the computers used by the users who connect to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and any other parameter relating to the operating system and of the user’s computer.
With reference to these subjects, navigation data may be processed through cookies (please refer to the appropriate section). This data is not stored if not in an aggregate form and for purely static, performance purposes, of our channels.

What is the purpose of the data of the companies processing?
The data related to the Companies are taken by the Data Controller for:

• commercial and contact purposes with the client, on the basis of the interest shown by the client himself through the filling out of the form, signing up to specific initiatives, phone contact or via email or more generally the request of information and/or informative material, based on pre-contractual measures between the client and FourStars;
• answer the client’s requests received through the voluntary sending of emails at the email addresses shown in this website or on forms of the same website or over the phone. The processing of the data collected is based on the contract, the precontractual agreements, or on the very consensus given by the client himself.

Is the provision of data mandatory? The provision of data is mandatory only when the fields in the form are marked with an asterisk.

Who can come into contact with the data? Who is the Data communicated to?
As part of the services provided by FourStars, the aforementioned personal data of Client Companies, Candidates/Trainees (and third party users, where necessary) are processed by FourStars staff specifically appointed, based on their role.
The same data may also be processed, on behalf of and on instruction of FourStars, by parties who are external to the organization, the so-called “Data Processors” (such as IT consultants, IT maintainers, shippers, service companies, etc.)

How long is the data stored for?
In case of absence of specific regulations and in the absence of a legitimate interest by FourStars to conserve the documentation, the documentation will be kept in accordance with the provisions of art. 220 of the Italian Civil Code or according to the terms established for the ordinary prescription of rights.

Who to contact and how?
Without prejudice to the right to lodge a complaint with the Guarantor Authority or to refer to the competent Judicial Authority, at any time, if the prerequisites are fulfilled, the user can exercise the rights provided by the EU Reg. 2016/679 by contacting the Data Controller or the Data Protection Officer, at the email address privacy@4stars.it
To allow the Owner to quickly take charge of the request, please indicate in the subject "EXERCISE OF GDPR FOURSTARS RIGHTS" and specify in the text:

• what right it intends to exercise;
• what is the service as object of the request;
• which are the data object of the request.

In case of unclear information, the Owner may need to contact the user again.

How soon does the owner have to respond?
The deadline for responding to the user's request is, for all rights (including the right of access), 1 month, extendable up to 3 months in cases of particular complexity (determined according to the judgment of the Owner). The holder must in any case give a reply to the interested party within 1 month of the request, even in the case of refusal.

Rights of the person concerned

• right of access (Article 15 of the EU Reg.2016/679). Right of the person concerned to obtain access to his own data and to file a complaint with the supervisory authority;
• right of amendment (Article 16 of the EU Reg. 2016/679). Right of the person concerned to obtain the amendment of wrong personal data concerning him from the Data Controller;
• right to cancellation (oblivion right) (Article 17 EU Reg. 2016/679). The person concerned has the right to obtain the cancellation of his personal data from the Data Controller without unjustified delay;
• right to limitation of processing (Article 18 of the EU Reg.2016/679). Right of the person concerned to obtain a limitation of data processing;
• right to data portability (Article 20 of the EU Reg.2016/679). The person concerned has the right to receive personal data concerning him/her provided by the Data Controller and has the right to transmit such data to another data controller without impediment by the first one;
• right of opposition (Article 21 EU Reg. 2016/679). Right of the person concerned to oppose to the processing of his personal data;
• profiling (Article 22 of the EU Reg. 2016/679). The person concerned has the right to not be subjected to a decision based only on automated processing, including profiling or other procedures which affect his/her person.