Owner and holder of the data processing
Via C. Roccatagliata Ceccardi n. 4/41
E-mail address of the owner: firstname.lastname@example.org
The processing operations connected to the web services of the site / portal take place at the headquarters of the aforementioned business company and are only handled by the authorized technical staff for processing (eg Internet Area), or by any external Processors (outsourcers) for the completion of occasional or periodic technical operations (eg Database maintenance).
“Personal Data” definition
For the purposes of this Policy, “personal data” – as better specified in Article 4 of GDPR – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The following personal data may be collected by the Data Controller of your data, through website and / or portal: name, surname, address, e-mail address, information grouped for statistical purposes only during the site and / or portal consultation process, other information voluntarily provided by the user through the online registration procedures or by filling in appropriate fields, forms, information aimed at improving and facilitating site navigation.
Users can access different sections of the website without giving any personal information. The Data Controller processes and collects personal data online through its website and / or portal or other e-mail address of the Company; these treatments are carried out, in a mainly automated way, in the following ways:
1) Data released voluntarily by users
Data Controller collects personal information and other data that are entered in the registration forms or released in the form fields of the website and / or portal, as well as forwarded to the Company by electronic mail. These data may relate to information necessary to provide the services requested by the interested party (eg Newsletter) and / or to contact the interested party (name, postal address, e-mail address, telephone number, user ID and password), or even the date of birth, professional credentials, hobbies and interests.
2) Navigation data collected through the use of electronic tools
The computer systems and software procedures used to operate the website of the Data Controller acquire, during their normal use, a series of personal information whose transmission is implicit in the use of Internet communication protocols (for example, the user’s IP address or the domain name of the computer used to access the website, the URL of the requested resources, the time of the request or the time of the session, the method used to submit the query to the server, the size of the files received in response to the request, the numeric code concerning the status of the response given by the server and other type of information regarding the operating system and the user’s computer setting). The website and / or web portal of the Data Controller uses technologies such as cookies or similar in order to collect and / or transmit users’ personal data. The Data Controller of uses these technologies exclusively for the purpose of obtaining statistical information on the use of the site and / or web portal (eg total number of visitors to the sites, number of visitors per single web page, name of the origin domain of the internet service provider of visitors). In particular, the use of session cookies (those that are removed from the user’s computer when the browser is closed) is strictly limited to the transmission of information related to the user’s session, of fundamental importance for a safe and efficient navigation of the website and / or portal. Furthermore, the use of these session cookies strictly excludes the use of other IT techniques that are potentially detrimental to the confidentiality of users’ browsing and does not allow the acquisition of personal identification data of the same.
Details on personal data processing
The User Data is collected to allow the Controller to provide its services, as well as for the following purposes: Statistics, Contacting the User, Interaction with social networks and external platforms, Registration and authentication, Social Applications, Payment management, Interaction with support and feedback platforms, Infrastructure monitoring, Traffic optimization and distribution, Interaction with live chat platforms, Remarketing and Behavioral Targeting, Address management and sending email messages, Displaying content from external platforms, Comercial affiliation and Heat mapping. Types of Personal Data used for each purpose are indicated in the specific sections of this document.
Purpose of data processing
The personal data gathered from compilation of modules on the web site of the Data Controller is treated for the following purposes:
- to grant you access to the services provided by the web site/portal reserved for registered users;
- to contact you at your request to provide specific information and assistance that you need or for which you have requested our intervention;
- with your express consent, to send you commercial information and for marketing activities in automated modality (such as email, fax, SMS, MMS, etc.) and non-automated modality (such as surface mail, telephone call with operator, etc.) regarding products and services of the web site owner and/or its commercial partners;
- with your express consent, to use electronic instruments to conduct profiling, analysis of purchasing choices and market research to improve the offering of services and commercial information, configuring these to better match your interests.
- This policy can be integrated by further conditions made known at the time of requesting specific services.
Communication and/or diffusion of personal data
The data controller mentioned above also manages the information contained on his website / web portal in collaboration with other service providers and web agencies, from which he can receive personal data relating to the users of such information. These online collaborations are governed by specific contracts that presuppose an adequate level of protection of the personal data processed. In some other cases, the data controller may also be required to release the personal data of users, in execution of contractual obligations, in accordance with current legislation or to satisfy the request for services; this information release activity can take place in the following cases:
- when online users have authorized the release of information;
- when the data controller needs to communicate information about users in order to offer services and satisfy the request of an online user;
- when the data controller needs to communicate the information to partners who perform services for online users;
- when the data controller is required, by order of the judicial authorities, to release information about users, or in accordance with a local or international law, regulation or mandate.
Furthermore, additional circumstances may arise, for example, if the aforementioned data controller decides, for commercial reasons, to carry out transactions involving the sale, merger or acquisition of capital. As part of these reorganization activities, personal data may be shared with current or potential buyers.
Protection of personal data
In conformity with the principle of necessity as sanctioned in article 5 GDPR, the Data Controller guarantees that processing with electronic instruments reduces the use of personal and identification data to the minimum, limiting recourse to the cases in which it is strictly necessary to fulfil the purposes for which they were gathered. The Data Controller also guarantees the adoption and observance of specific safety measures to prevent loss of data, illicit or improper use of data and unauthorized access. The Data Controller will archive the data of each user until a cancellation order is received from the data owner, including data for which conservation is not necessary in relation to the purpose for which it was gathered, in observance of the rights sanctioned by articles 15 – 21 GDPR, to be implemented by the means set out in the paragraph below entitled “Rights”. Each designated individual user is responsible for guaranteeing the ownership and custody of the password and codes for access to the web resources.
Consent to the processing of personal data
The controller of the aforementioned data processing, processes the data of its users / customers exclusively with the consent of the same.
However, if the user does not consent to the processing of data or requests the deletion of his / her data, it will not be possible to access the restricted areas of the Company’s website / portal.
Optional nature of data conferral
In addition to the specified navigation data, the user is free to supply or withhold the personal data listed on the module of request and/or registration of the Data Controller’s web site, as identified above. Failure to confer the data may make it impossible to obtain what is requested. For completeness, in some cases (not pertinent to the ordinary management of this web site, authorities can request notice and information pursuant to art. 58 GDPR for the purpose of controlling personal data processing. In these cases, failure to respond is penalized by an administrative sanction.
Right to access personal data and other rights
Users of the website / web portal can always contact the Data Controller to assert their rights as set out in articles from 15 to 21 of the GDPR based on which:
- The interested party has the right to obtain confirmation that a processing of personal data is being carried out and in this case to obtain access to personal data and to the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
d) when possible, the retention period of the personal data provided or, if this is not possible, the criteria used to determine this period;
e) the existence of the data subject’s right to request the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose to processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the data is not collected from the interested party, all available information on its origin;
h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
- The interested party has the right to obtain:
• updating, rectification or, when interested, integration of data
• the deletion of data concerning for the reasons specifically provided by art. 17 GDPR (right to be forgotten), the transformation into anonymous form or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were or subsequently processed;
- The Data Controller, in the event that personal data have been made public and is obliged to delete them at the request of the interested party, adopts reasonable and even technical measures to inform those who are processing personal data to cancel any link, copy or reproduction of personal data, except in the case where such fulfillment is impossible or involves the use of means manifestly disproportionate to the protected right.
- Interested party has the right to object, pursuant to art. 21 GDPR, in whole or in part:
• for reasons related to his particular situation to the processing of personal data concerning him, even though pertinent to the purpose of the collection. The Data Controller refrains from further processing personal data unless demonstrates the existence of legitimate reasons for proceeding with processing that prevail over the interests, rights and freedoms of the subject or for verification, exercise or defense of a right in court.
• to processing of personal data concerning him for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication.
In accordance with these provisions, and in addition to the other rights specified herein, the aforementioned Data Controller provides the users of website / web portal with the following possibilities:
- no collection of personal data:
user can choose not to provide personal data online to the data controller mentioned above by deciding not to enter or release personal information in the registration form or in the form fields, or not using in this case any personalized service among those available on the Company website / portal. Some of contents and / or services of the site / portal are offered exclusively to users who release personal information or use personalized services.
- limitations on use and communication of personal data for different purposes:
access to certain sections of content and / or services of the website of the aforementioned Data Controller may require the consent of the user to use and release personal data in order to implement the contact list and / or to identify and offer additional services and promotions considered interesting for the user. Users can limit the further processing of this information by checking or choosing the options to be set when entering the data.
Furthermore, the information provided after the first registration can be modified or canceled by changing the settings previously entered in the registration form on the website of Data Controller, by accessing the “Newsletter” section in home page. It is also possible for users to access their personal data, released and stored online and, where permitted, it is also possible to update and modify personal data online.