This policy is provided pursuant to Article 13 of EU Regulation 2016/679, General Data Protection Regulation (“GDPR”) and to Italian Legislative Decree no. 196/2003, Italian Data Protection Code (“Privacy Code”), to the extent it applies.
The policy applies to all individuals interacting with the pages of the Website.
Via Mortola 37-16032 Camogli (Genova) Iscrizione al Registro delle Imprese di Milano n. MI – 2512836, Tax code 10198530965 (“Company” or “Data Controller”)
PERSONAL DATA PROCESSED
- browsing information: they are data that the server collects automatically at every access to the Website, such as IP addresses or domain names of computers used by the users to connect to the Website, URI addresses (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the dimension of the files obtained as an answer, the code number which indicates the answer status supplied by the server (i.e. good result, mistake, etc.) and other parameters related to the operating system and to the users’ IT environment;
- common personal data and identifiers: name and surname, address, e-mail, other information contained in messages sent to contacts available on the Website or through the filling in of forms published on the Website.
LAWFUL BASIS AND PURPOSE OF PROCESSING
The processing of personal data is based on the existence of a contractual or legal obligation or, as the case may be and as specified in detail below, on a legitimate interest of the Company, and is exclusively carried out for the following purposes:
(i) fulfilment of contractual or pre-contractual obligations – for the purpose of granting the correct provision of services requested or in any case made available through the Website, also for the purpose of obtaining clarifications on the use and purchase of the services
(ii) fulfilment of legal obligations – for the fulfilment of obligations arising out of national and/or European laws or regulations in force, including tax obligations, as well as the fulfilment of orders of the competent entities or authorities (including for example the registration of ID’s with the competent authorities)
(iii) on the basis of a legitimate interest of the Company – for the legal defence of a right or interest before any competent authority or entity (also in case of cybercrime), including credit collection; to grant an improvement of services and of browsing experience; to carry out statistical analysis and market research on aggregated data; within the limits and for the only purpose of providing services through the Website and , to allow users to know the services, carried out by the Data Controller.
CONSEQUENCES OF THE REFUSAL TO PROVIDE DATA
The provision of data for the purposes set out in paragraphs (i) (fulfilment of contractual obligations), (ii) (fulfilment of legal obligations) and (iii) (legitimate interest of the Company) indicated above is purely optional.
However, since the processing for such purposes is necessary in order to allow the browsing experience on the Website and the use of the online services offered through the Website, the missing, partial or incorrect provision of data will prevent, according to the circumstances, the use of the services offered online and, in general, handling and execution of users’ specific requests.
- to all those parties (included the Public Authorities) having access to the personal data according to law or administrative provisions;
- to all those public and/or private parties, individuals and/or legal entities, whenever the relevant communication is necessary or requested for the correct fulfilment of the either contractual or legal obligations.
In addition to the above, in order to pursue the purposes set out above, personal data may be disclosed to third parties operating on behalf of the Company, such as, by way of example and not limited to,
- companies, consultants or professionals that may be in charge of the set-up, maintenance, updating and, in general, the management of the hardware and software of the Website;
- companies or professionals in charge of developing, drafting and/or sending of documents and/or information material;
- legal and tax professionals and consultants providing their services to the Company;
who process the personal data as Data Processors on behalf of the Company.
In any case personal data will not be transferred to extra-EU Countries or outside the EEA.
PERSONAL DATA RETENTION
MINORS UNDER 14
Minors shall not provide information or personal data without the consent of the holder of parental responsibility.
Company therefore invites any user under the age of 14 to avoid any communication of personal data without prior authorisation by a parent or by the holder of parental responsibility.
RIGHTS OF DATA SUBJECTS
Right to access The user may ask whether or not his/her personal data are processed and, if so, have access to that data and to specific information on the processing, such as information on the purposes, on the categories of personal data concerned, on the existence of other rights as set out below. The user may also request copy of his/her personal data.
Rights to rectification The user has the right to request and to have his/her data rectified in case of inaccuracy or incompleteness.
Right to erasure The user has the right to have his/her data erased without undue delay if (i) such data are no longer necessary in relation to the initial purposes for which they were collected, (ii) he/she objects to the processing of his/her personal data (as indicated below) and there is no other legitimate and prevailing reason for processing, (iii) user’s data are unlawfully processed, (iv) data shall be deleted for the fulfilment of a legal obligation (v) personal data of a minor under the age of 14 have been collected in relation to an offer of services addressed to the information society.
The right to erasure does not apply if the processing is necessary for, among other purposes, the performance of a legal obligation or for the establishment, exercise or defence of legal claims in Court.
Right to restriction of processing The user has the right to obtain the restriction of processing, meaning that the processing activity will be suspended for a period of time. The circumstances under which this right can be exercised include cases in which the accuracy of personal data was contested but a period of time is necessary to verify the accuracy of such data. The exercise of such right does not prevent from carrying out the processing of personal data.
Right to data portability
In case of processing carried out by automated means, based on consent or based on the fulfilment of contractual obligations, the user has the right to request and receive personal data in a structured, commonly used and machine-readable format and to transmit the data to another Data Controller. He/she has also the right to request the direct transmission from a Data Controller to another Data Controller, where technically feasible, without prejudice to the possibility to obtain the erasure of the data, as indicated above.
Right to object The user has the right to object at any time, for reasons related to his/her particular situation, to the processing based on a legitimate interest of the Data Controller, unless the Data Controller can demonstrate legitimate and mandatory grounds for processing that prevail on the interests, rights and fundamental freedoms of the data subject or that the data are necessary for the establishment, exercise or defence of legal claims.
Moreover, the user has the right to file a complaint before the Supervisory Authority (http://www.garanteprivacy.it/), pursuant art 77 of EU regulation 2016/679.
Amendments and updates will be communicated to the user through their publication on the home page of the Website and will be applicable and binding from the moment of the respective publication.
The Company therefore invites users to periodically visit the present page for the purpose of being informed of any change or update.