Common and special category personal data processing policy for website users.
We thank you for visiting our Website and for your interest in the company.
The privacy and protection of our users' personal data is important. Therefore, we process personal data taking into account data protection regulations, in particular the requirements under the EU General Data Protection Regulation 2016/679 (GDPR).
Personal data processing information.
On this page we describe how this "Site" is managed with regard to the processing of personal data of users who consult it and who decide to register. The information is provided only for this "Site" and not also for other websites that may be consulted by the user through our links.
As a result of consulting the site, data relating to identified or identifiable persons may be processed. The "controller" of their processing, as defined by Article 4, No. 7 of the GDPR, is the company AD5 SRL.
Processing related to the web services is handled only by technical personnel of the Office in charge of processing, or by any persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated to third parties except to the extent expressly indicated in this statement.
We remind you that the interested party may exercise its rights directly and free of charge by contacting the following email address email@example.com and indicating in the subject line "EXERCISE OF RIGHTS IN THE MATTER OF PERSONAL DATA" specifying which right it requires or by written communication to the address of the Data Controller.
The request should indicate dates, first name, last name, request, address for notification purposes. To avoid any misunderstanding as to the identity of the individual requesting the exercise of his or her rights, the Holder reserves the right to ask for a copy of the identity document to confirm the identity of the requestor in cases where this is necessary.
The Holder reserves the right to ask for a copy of the identity document to confirm the identity of the requestor in cases where this is necessary.
It is also the right of the data subject to lodge a complaint with the Data Protection Authority at www.garanteprivacy.it. For the submission of the complaint, you may use the mode you deem most appropriate, either by hand-delivering the complaint to the offices of the Guarantor (at the address below) or by forwarding:
- Registered A/R letter addressed to "Garante per la protezione dei dati personali", Piazza di Monte Citorio, 121, 00186 Rome;
- E-mail at: firstname.lastname@example.org, or email@example.com;
- Fax to the number: 06-696773785
Purposes of the processing.
- To give effect to obligations of a contractual nature arising between the Data Controller and the Data Subject;
- To respond to requests from the Data Subject, to manage the data subject's participation in the activities carried out by the Data Controller, to execute legal obligations.
With specific reference to the processing of data for legal obligations, the Data Controller, like any other company in Europe, is in fact subject to various legal obligations (e.g., fraud and money laundering prevention, tax auditing and reporting). In these cases, only data is processed to the extent that it is legally required. To fulfill these legal obligations it may also be necessary to process some personal data automatically in order to assess personal aspects.
- Use of data for promotional purposes through the sending of commercial communications strictly related to the type of product for which the data subject has expressed interest or carrying out market studies for statistical purposes only;
- Analyzing the habits and behaviors of data subjects for profiling purposes.
Promotional actions carried out by the HOLDER may take place through the following channels:
- Electronic mail
Personal data provided by users who submit requests or intend to use services or products offered through the site as well as receive further specific content are used only for the purpose of responding to requests or performing the requested service or performance and are communicated to third parties only if this is necessary for this purpose.
With the express consent of the user, the data may be used for commercial communication activities related to offers of further products or services of the owner. Legal basis for this processing is the freely expressed consent of the data subject.
Outside these hypotheses, users' browsing data are kept for the time strictly necessary for the management of processing activities within the limits provided by law.
Only in relation to processing purposes different from the provision of services offered by the site and expressly requested by the data subject, the data subject's consent to their processing may be required.
Legal bases legitimizing the processing ex art. 6 GDPR.
- Giving feedback to data subject's requests, executing legal obligations → the legal basis is to execute the data subject's request or to execute pre-contractual or legal contractual obligations;
- Using data for promotional purposes by sending commercial communications or carrying out market studies → the legal basis is the consent of the data subject;
- Analyzing the habits and behaviors of data subjects for profiling purposes → Consent of the data subject: this legal basis legitimizes the analysis of the habits and behaviors of data subjects for profiling.
Typologies of Data
Personal data is defined as any information that relates to an identified or identifiable natural person. This includes, for example, identification and contact details, contact details (including company details), IP address and other data referring to the generalities of the Data Subject or the technical means of access to the site.
es. the specific characteristics of the site, navigation data useful for the technical use of the site, are necessarily collected and failure to acquire them involves the impossibility of using the services offered by the site. Conversely, the User may provide the remaining data, including personal data, freely, where not expressly indicated.
In addition, it should be noted that failure to provide certain data (e.g., contact data, or addresses, or data on user behavior or preferences, etc.) may make it impossible to provide all the services requested.
If the User provides, by his/her choice, data referring to third parties, he/she relieves the Owner from any responsibility for their processing for purposes instrumental to the services offered by the site itself.
- Providers of services instrumental to the purposes indicated above;
- Companies, organizations and/or entities that receive the data as a result of the consent expressed by the data subject.
The data collected may also be communicated to subjects that the Data Controller has expressly authorized to process it and to data processors, i.e., subjects outside the Data Controller's organization in the event that the latter decides to entrust them with certain phases of the Processing of personal data.
It should be noted that, in compliance with the regulations, authorized and data processors will be linked to the Data Controller by special deeds of appointment and contractual agreements by which the methods and limits of the Processing will be specified, which must comply with the requirements established by the Data Controller itself.
Types of data processed.
1. Navigation data
The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
2. Dati forniti volontariamente dall’utente
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
4. Optional provision of data
Except as specified for the necessary navigation data, the user is free to provide personal data to request the services offered by the Owner. Failure to provide them may result in the impossibility of obtaining what has been requested.
Processing methods, data retention times and security measures.
We inform you that the processing of personal data, in accordance with Article 4 GDPR, may consist of the following activities: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission or any other form of making available, restriction, deletion or destruction.
The Processing of personal data may be carried out through the support of paper, computer or telematic means.
We also inform that personal data will be:
- Processed in accordance with the principles of lawfulness, fairness and transparency;
- Collected for the legitimate Purposes determined above;
- Adequate, relevant and limited to what is necessary in relation to the Purposes for which they are processed;
- Stored in a form that allows your identification for a period of time not exceeding the fulfillment of the Purposes for which they are processed;
- Processed in such a way as to ensure adequate security from the risk of destruction, loss, modification, disclosure or unauthorized access by means of technical and organizational security measures.
Data shall be retained for as long as is strictly necessary for the pursuit of the purposes set forth in this policy and will be deleted at the end of this period, unless the data must be retained for legal obligations or to enforce a right in court. More specifically:
- With reference to data collected by the owner for requests from the interested party, execution of contractual, pre-contractual or legal obligations: the Owner will keep the database for the time necessary to manage the activities related to data processing;
- With reference to advertising activities: the data of the interested parties will be kept for the time necessary for the execution of the activity, avoiding in any case the indefinite storage and facilitating the exercise of their rights by the interested party. The retention time is set at two years, unless the data subject takes actions confirming his or her willingness to allow the use of his or her data;
- With reference to data collected for profiling purposes: data subjects' data will be retained for one year.
Specific technical and operational security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. It should be noted that due to the structure of the Internet, inadvertent access to data by third parties may occur. It is therefore also the responsibility of the data subject to protect their data by encryption or any other method against misuse. Without these security measures, such as encryption, the data could also be at risk of being read by third parties.
Rights of Data Subjects
You in your capacity as a data subject shall have the right to revoke your consent at any time; you may also at any time exercise the following rights (your "Rights"):
- To access the data ex art. 15 GDPR and, specifically: to obtain confirmation of the existence or not of Personal Data concerning him/her, even if not yet registered, and their communication in an intelligible form;
- To request rectification ex art.16 GDPR: the right to request the rectification or, should he/she have an interest, the integration of Personal Data;
- To request deletion ex art. 17 GDPR or "right to be forgotten": the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
- To request the restriction of processing under Article 18 GDPR: the right to obtain from the Data Controller the restriction of processing in certain cases provided for under the Privacy Regulations;
- The right to request from the Data Controller (Art. 19 GDPR) indication of the recipients to whom the user has notified any rectification or deletion or restriction of processing (made pursuant to Articles 16, 17 and 18 GDPR, in fulfillment of the notification obligation, except where this proves impossible or involves a disproportionate effort);
- To request data portability under Article 20 GDPR: the right to receive (or to transmit directly to another data controller) personal data in a structured, commonly used, machine-readable format;
- Object to processing ex art. 21 GDPR: the right to object, in whole or in part: 1) on legitimate grounds, to the processing of personal data, even if pertinent to the purpose of collection; 2) to the processing of personal data, for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
This version of the information on the processing of personal data was updated on 16.11.2021.