We are aware of the importance of protecting the confidentiality of personal data and, considering that the Internet is potentially a great tool for the exchange and circulation of information, they intend to make every effort to comply with rules of conduct that are in line with the regulations in force and which guarantee safe, controlled and confidential navigation on the net.
via Cechov n. 48
20151 – Milan,
Email address: email@example.com
(“Company” o “Controller”)
PROCESSED PERSONAL DATA
- Personal data processed for site operation purposes
The computer systems and software procedures used to operate the site acquire, during their normal operating process, some personal data for which the transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified involved parties but could allow, due to its nature, the identification of the Site users through processing and association with data held by the Company or by third parties.
This category of data includes IP addresses or the domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
- Data provided directly by the user or by third parties
The optional, explicit and voluntary sending of data as requested by various sections of this website is aimed at processing the user’s requests (by way of a mere indicative and not exhaustive example: when requesting information or clarifications by calling the numbers indicated on the website) and allowing the registration to the newsletter service. The data may also be collected by third parties and them communicated to the Data Controller.
Specific information is provided on the website pages created for services upon request, to draw your attention to detailed information on the processing of your personal data.
|SCOPE OF THE PROCESSING||LEGAL BASIS OF THE PROCESSING||PERSONAL DATA RETENTION PERIOD|
The data collected while browsing are used to obtain anonymous statistical information on the use of the Site and to check that it is operating correctly.
|Execution of a contract of which you are party (website use).||For the duration of your browsing session on the Website.|
The data provided directly by the user are used to process the user’s requests (e.g. contact request, newsletter request, and the downloading of material).
|Execution of a contract of which you are party (website use).||As per the information provided at the time of data collection.|
|Fulfilment of obligations under applicable national and supranational regulations and legislation.||Need to fulfil legal obligations.||Throughout the contractual period and, after termination, for 10 years.|
|If necessary, to ascertain, exercise or defend the rights of the Controller in court.||Legitimate interest||In the case of legal disputes, for the entire duration it until the deadline for appeals|
Analysis of your preferences, habits, behaviours, interests deduced, for example, from online clicks on articles / sections of the website to send you personalised commercial communications / carry out targeted promotional actions, business intelligence.
|Consent (optional and revocable at any time).||Until you revoke your consent for this purpose.|
|Once the above retention periods have expired, your personal data will be destroyed, deleted or made anonymous, compatibly with technical deletion and backup procedures.|
OBLIGATION TO PROVIDE DATA
With the exception of browsing data needed to execute IT and telematic protocols, the provision of personal data by users is mandatory. However, failure to provide this data will make it impossible to proceed with the requests the user forwarded or intends to forward.
It is understood that consent to the processing of your data for marketing purposes is optional.
Your data may be processed by external parties acting as Data Controllers like, for example, supervisory and control authorities and any public or private party entitled to request this data.
The data may also be processed, on behalf of the Company, by external parties designated as Data Processors, to whom specific operating instructions are given, like companies that provide services that are instrumental to the Company’s activities or that carry out activities relevant to this services (e.g., consultancy companies, marketing and communication companies, companies that manage the e-mails on behalf of the Company, etc.)
SUBJECTS AUTHORISED TO PROCESS DATA
The data may be processed by the employees of the company assigned to pursuing the purposes indicated above that have been expressly authorised to process the data and have received suited operating instructions.
TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES
By virtue of the provision of marketing services, data may be transferred to countries outside the European Union, and in particular to the USA. In the event that these countries have not been deemed as adequate by the European Commission, the Standard Contractual Clauses adopted by the European Commission pursuant to Art. 46, par. 2, lett. c) of GDPR.
It is possible to obtain further information on the third countries to which the data is transferred, the existence, or non-existence of an adequacy decision or the suited or proper guarantees used and how the related documents can be obtained by contacting the Company at firstname.lastname@example.org
RIGHTS OF THE DATA SUBJECT – COMPLAINT TO THE SUPERVISORY AUTHORITY
By contacting the Company by e-mail at email@example.com the interested parties may ask the Data Controller to access the data concerning them, their deletion, the rectification of inaccurate data, the integration of incomplete data, the limitation of processing in those cases provided for by Article. 18 of the GDPR, as well as opposing processing in those cases of legitimate interest of the Data Controller.
Moreover, data subjects, if their processing is based on the consent or on the contract and is carried out by automated means, have the right to receive the data they provided in a structured format – commonly used and machine-readable – and, if applicable, the right to transmit it to another Data Controller without any impediment. It is understood that “derived” data resulting from the analysis of your behaviour (including your profile created to provide you with advertising more suited to your interests as specified above) are not portable.
You also have the right to withdraw your consent at any time, as well as to object at any time to the processing of your data carried out in the event of a legitimate interest or for marketing purposes, including any related profiling.
In particular, we would like to remind you that you may object to the processing of your data at any time, in relation to communications sent by email, in an easy way and free of charge, by using the “unsubscribe” option at the bottom of each email.
Data subjects have the right to place a complaint with the competent supervisory authority in the Member State in which they usually reside or work or in the State where the possible infringement has occurred