Type of data being processed
These are information collected automatically by the Data Controller, through the Site, third party’s newsletters or applications. For example: data and time, IP addresses, URI (Uniform Resource Identifier) addresses, request time, method used to submit the request to the server, response size, numeric status code, in addition to browser and operating system, language and country.
Forms available on the site
Legal grounds and Processing scopes
- Data required to execute the contract
Upon User’s consent, data processing will take place for merely legal scopes linked to the specific service. For example, in case of information request, the data will be used only to respond to the User, providing the requested information. These data are necessary to execute the services set forth by the contract.
- Promotional, commercial and marketing scopes
Upon User’s explicit consent, data will be processed with the scope to allow the Data Controller to send, on a regular basis, commercial notices, initiatives, discounts and offers related to the Data Controller or third parties. Those data input by the “Data Controller” on the Site may be object of processing, if obtained directly by the “Data Controller” or third subjects, in compliance with applicable laws. Nonetheless, the User’s data will not be disclosed and/or transferred to third subjects.
Data Controller, subjects appointed to process data and Data Processors
The Controller of the data conferred by users is the Data Controller, as defined in the preamble, in the person of his legal representative pro tempore.
Subjects appointed to process data
The subjects appointed by the Data Controller may become aware of your data as in charge to execute specific processing tasks which are related and instrumental to the supply of the service and/or further scopes allowed by the User.
In order to technically manage the above, the Data Controller has appointed the following subjects as external Data Processors:
- Edinet S.r.l., Corso Italia, 66 Pietra Ligure SV
Personal data will be processed by means of manual or electronic tools, with methods strictly related to the above scopes and anyhow, in order to ensure security, protection and privacy of the same data. Moreover, it is further specified that personal data will be processed with methods that minimize risks of data destruction or loss, even accidental, non-authorised access or not allowed processing, in breach of collection scopes. In particular, when processing data, the Controller and Processors will resort to organisational, physical and logic measures suitable to ensure security and privacy, implementing any most suitable measure to ensure data classification, preservation and privacy. The personal data can be processed by employees, collaborators and consultants of the Data Controller, specifically appointed as persons in charge of processing, to execute specific operations that are necessary to attain the afore-cited scopes, under the direct authority and responsibility of the Data Processor and in compliance with the instructions imparted by the latter.
The data conferred by the User will NOT be transferred in any case to third subjects for scopes other than those for which they were specifically authorised. Without prejudice to the cases (e.g. security needs of the Public Safety Authority, etc.) specifically set forth by EU Regulation 679/2016).
Data preservation period
Transfer of data in extra-EU Countries
The Data Controller may resort to services offered by third companies, which will process your data as data processors, in accordance to the instructions imparted by the Data Controller. It may occur that some processing activities carried out by data processors take place outside the European Union, such as for example in USA. In these cases, the Data Controller relies on juridical measures to ensure suitable protection of your personal data (e.g. by requesting said counterparties to undersign Standard Contractual Clauses or to adapt to other specific security standards proposed or recommended by the European Union or Data Protection Authority).
In quality of data subject, you are recognised the following rights on the personal data collected and processed by the Data Controller as mentioned above:
Art 15: the User has the right to obtain confirmation from the Data Controller, of whether his personal data are being processed and in this case, obtain access to the personal data and following information: (i) processing scopes; (ii) categories of the personal data in object; (iii) recipients or categories of recipients to whom your personal data were or will be disclosed, in particular, if recipients of third parties or international organisations; (iv) if possible, the expected data preservation period or, if not possible, the criteria used to determined said period; (v) right to bring forward a claim before the control authority.
Right of rectification, objection and erasure
Art 16: The user is entitled to the right to obtain rectification of inaccurate personal data and, in view of the processing scopes, the right to obtain the integration of incomplete data, also providing integrative declarations. Moreover, you have the right to obtain erasure of your personal data, in view of one of the following reasons: (i) the personal data are no longer required in relation to the scopes for which they were collected or processed; (ii) the data are processed illegally; (iii) you revoked the consent pursuant to which the Data Controller had the right to process your data and there are no further legal grounds that allow the Data Controller to execute processing; (iv) you objected processing and there is no prevailing legitimate reasons; (v) personal data must be erased to fulfil a legal obligation. Nonetheless, the Data Controller is entitled to deny the abovementioned erasure rights if the right of freedom of expression and information prevails, or to fulfil a legal obligation or defend any of his rights in trial. You can object processing at any time, even for one of the processing scopes mentioned above.
Right of erasure (“right to be forgotten”)
Art. 17: the User has the right to obtain erasure of his personal data from the Data Controller, with no undue delay, and the Data Controller has the duty to erase the personal data with no undue delay, in case of any of the reasons set forth by art. 17 par.1 lett. a,b,c,d,e,f, par.2, par. 3 lett. a,b,c,d,e.
Right to limit processing
Art 18: the User has the right to request the Data Controller to limit processing: (i) for the time required by the Data Controller to verify the accuracy of said personal data of which you objected accuracy; (ii) in case of illicit processing of your personal data; (iii) when your data shall be processed to verify, exercise, defend a right in trial; (iv) for the time required to verify the prevalence of the legitimate reasons of the Data Controller in relation to your objection to process data.
Data portability right
Art 20: the User has the right to receive the personal data conferred to the Data Controller and processed by the latter based on consent, in a structured, common and legible format, and the right to transmit said data to another Data Controller indicated by the same, with no sort of impediment.
Art.21: the User has the right to object the processing of his personal data at any time, for reasons related to his particular situation, pursuant to ar. 6, par. 1, lett. e or f, including profiling based on said provisions. If the personal data are processed for direct marketing scopes, the User has the right to object processing of his personal data for said scopes at any time, including profiling to the extent this is related to direct marketing. If you object processing for direct marketing scopes, the personal data will no longer be processed for said scopes.
Contact information of the Data Controller
The User can exercise his rights at any time, by sending a request to the Data Controller at email address firstname.lastname@example.org