Policy regarding the processing of data of visitors to the website pursuant to Art. 13 of Regulation (EU) 2016/679
The policy exclusively concerns this website and does not apply to any other website which a user may browse via special dedicated links.
In addition to the Data Controller indicated above, autonomous Data Controllers may also be partner websites that, on a case-by-case basis, carry out autonomous data processing activities.
DATA PROTECTION OFFICER
Purpose of processing.
1) Navigation Data
The computer systems and software procedures implemented to render this website functional will, during normal operation, acquire personal data for which transmission is implicit in the use of internet communication protocols.
This is information that is not collected to be associated to identified Data Subjects, but by their nature could enable users to be identified, by means of processing and association with data held by third parties. This category of data includes: IP addresses or the domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses for the requested resources, the time of the request, the method used to make the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computing environment.
These data are used solely to gather anonymous statistical information regarding the use of the website and in order to monitor its correct functioning.
The data regarding web contacts is not, in any case, held for more than seven days, save for possible investigations of computer crimes committed against the website.
2) Data provided voluntarily by users/visitors
In the event that, when connecting to this website, users/visitors send their own personal data to access determined services, to make requests via email or to send messages to corporate profiles/pages on social media (where this possibility is provided for), or through the filling in and sending of forms present on the website, said visitors/users are aware that this will lead to the acquisition by the Data Controller of the address of the sender and/or any other personal data, which will be processed exclusively to respond to the request, or to provide the relative service.
The personal data provided by users/visitors will be communicated to third parties exclusively in the case in which said communication is necessary in order to comply with requests from the users/visitors themselves or with legal obligations (for example in the case of invoicing).
As well as the data expressly provided to the Data Controller, other data may be recorded as a result of the user navigating on the website. When the user accesses the website, the website may send a “cookie” to the user. A “cookie” is a small text file that the website may automatically send to the user’s computer when they visit our web pages.
The aim of “cookies” is to render navigation simpler, as well as obtaining information on navigation by the individual user within the website and allowing the functioning of certain services that require identification of the user’s path through the different pages of the website.
With each access to the website, irrespective of the presence of a “cookie”, the website records the type of browser used (e.g., Internet Explorer, Chrome, Firefox), the operating system (e.g., Windows, Macintosh), the host and the URL of origin for the user/navigator, as well as data regarding the page requested.
These data can be used in aggregated and anonymous form for the statistical analysis of website use.
Method of data processing.
Processing is carried out with automated systems for the period of time strictly necessary to fulfil the purposes for which the data were collected and in any case in compliance with relative current regulations.
Specific security measures are observed in order to prevent the loss of data, the illicit or incorrect use of the same, and unauthorised access, in order to allow access exclusively to data processors or those appointed for data processing in compliance with the provisions set out by current law.
Purposes of data processing.
As well as those indicated in the individual policies preceding the filling in of forms in the various sections of the website, the purposes of data processing carried out by the Data Controller are to be understood to be the following:
- The collection , storage and processing of data in order to establish, manage and administrate the contractual relationship and to provide the services offered on the website.
- To support and contact the user in order to respond to user enquiries and to provide them with help in the event of problems.
- The processing of personal data provided and/or resulting from navigation on the website with the purpose of providing a service in line with the indications provided during the usage of the same.
- The collection, storage and processing of data to compile anonymous and/or aggregated statistical analysis .
Legal basis for processing.
The legal basis for the processing of personal data carried out by the Data Controller via the website consists, as per the indications specified in the previous point, sections a) and b), in the contract stipulated with the Data Subjects or in the relative pre-contractual phase, while in terms of sections c) and d), the legal basis is in the legitimate interests of the Data Controller in terms of free commercial initiative as specified in article 41 of the Italian Constitution.
With regards to further or future purposes than may require consent, said consent will be requested via a dedicated form and is to be considered as legal basis.
As well as the Data Controller, in some cases access may be granted to the data to categories of Data Processors and authorised persons involved in company organisation (administrative, commercial, marketing and legal personnel, accountants and system administrators).
Furthermore, the Data Controller may call on external subjects (such as third-party suppliers of technical services, transportation companies, hosting providers, cloud service providers, IT companies, communication agencies) who will be appointed as external Data Processors.
The updated list of Data Processors may be requested from the Data Controller at any time via the address indicated above.
Transfer to a third country.
The Data Controller will not transfer the data of website users/visitors to other countries outside the European Union.
The data processed by the Data Controller will never be distributed.
Place where data are processed.
The processing regarding web services offered by this website takes place within the EU and therefore on the basis of Regulation 2016/679/EU in a location considered as suitable.
Duration and place of storage of data.
The data will be stored for a period of time which does not go beyond the fulfilment of the purposes , (“principle of storage limitation”, article 5 of the EU Regulation) or according to the periods established by law.
Voluntary or compulsory provision of data.
Save for that specified for navigation data acquired automatically, users/visitors are free to provide or not provide their personal data. The non-communication of these personal data may however lead to the impossibility of fulfilling the relative request. The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, which is necessary in order to respond to requests for services, products or information, as well as any other personal data included in the communication.
Rights of Data Subjects.
Pursuant to the GDPR, data subjects have the right at any time to obtain confirmation of the existence of personal data and to know the content and origin, to either verify their accuracy or request their integration or updating, or correction.
With regards to the processing of the aforementioned data, the customer/user has the right to obtain from the Data Controller:
- confirmation of the existence or not of personal data, their communication in an intelligible form and information regarding their origin, as well as the logic on which processing is based.
- erasure, within a reasonable period of time, of their data, their transformation into an anonymous form or the blocking of any data processed in violation of the law.
- the updating of the data, their rectification or, when in their interests, the integration of the same.
- confirmation that the operations specified in points 2) and 3) above have been brought to the attention of those to whom they have been communicated as long as said communication is not impossible or requires a disproportionate use of resources.
- rectification or cancellation of the data concerning them or limitation of processing of the same.
- The data subject has the right to revoke consent to optional processing not connected to the fulfilment of the contract undersigned with the Data Controller.
- The data subject furthermore has the right to oppose processing for legitimate reasons of their personal data, even if pertinent to the reason for which the data was collected; to request their portability, to exercise their right to be forgotten, as well as to contact both the standard Legal Authorities and the relative Supervisory Authority responsible for data protection for any violation that they believe to have suffered via the methods indicated on the website of the Data Protection Agency at garanteprivacy.it.
Automated decision-making processes.
Automated decision-making processes are not carried out with the aggregate data collected except for the purpose of improved management of the website.
In accordance with the provisions of article 8 of the GDPR, no person below the age of 16 may, without prior consent from a parent or guardian, send information to this website or make purchases or complete legal deeds on this website without the aforementioned consent, unless said actions are permitted by current law.