PRIVACY POLICY
Thank you for visiting our website. This page outlines how we handle the personal data of users who visit our site.
This information is provided in accordance with Article 13 of Legislative Decree no. 196/2003 (Italian Data Protection Code) and Articles 13 and 14 of the European Regulation 679/2016 (General Data Protection Regulation, or “GDPR”) for those who interact with the web services provided directly by the Company. This policy applies to this website only and not to other websites that may be accessed through links.
This policy is based on Recommendation No. 2/2001, adopted on 17 May 2001 by the European data protection authorities within the Working Party established by Article 29 of Directive 95/46/EC. The purpose of this Recommendation is to establish minimum requirements for the online collection of personal data, specifically regarding the methods, timing, and nature of the information that data controllers must provide to users when they connect to a website, regardless of the purpose of the connection.
We invite you to read our Privacy Policy, which is outlined below. Our Privacy Policy and Standards are based on the following principles:
A) DATA CONTROLLER
The data controller is the Company whose contact information is provided in the footer of this website.
B) PRINCIPLE OF ACCOUNTABILITY
The processing of personal data is managed over time by data processors identified within the company organisation.
C) PRINCIPLE OF TRANSPARENCY
Personal data is collected and subsequently processed in accordance with the principles outlined in this Privacy Policy. At the time of providing personal data, the subject is provided with a concise but comprehensive information notice, as required by Article 13 of Legislative Decree No. 196/2003 and Articles 13 and 14 of the GDPR.
Personal data is processed lawfully and fairly; it is recorded for specified, explicit, and legitimate purposes; it is relevant and not excessive in relation to the purposes of the processing; it is retained for no longer than necessary for the purposes of collection.
D) PRINCIPLE OF PURPOSE OF USE
The purposes of processing personal data are communicated to the data subjects at the time of collection. Any new data processing, if unrelated to the declared purposes, will be initiated only after providing new information to the data subject and obtaining their consent, if required by Legislative Decree No. 196/03 and the GDPR. In any case, personal data will not be disclosed to third parties or distributed without the data subject’s prior consent, except in cases expressly indicated by Article 24 of Legislative Decree No. 196/03 and the GDPR.
E) PRINCIPLE OF VERIFIABILITY
Personal data is accurate and kept up to date over time. It is also organised and stored in such a way that the data subject has the opportunity to know, if they wish, which data has been collected and recorded, as well as to verify its quality and request any correction, integration, or deletion due to a legal violation or objection to processing. The data subject may exercise all other rights in accordance with and within the limits of Article 7 of Legislative Decree No. 196/03 and Articles 15 et seq. of the GDPR at the addresses indicated in the notices pursuant to Article 13 of Legislative Decree No. 196/03 and Articles 13 and 14 of the GDPR available on the Company’s website.
F) PRINCIPLE OF SECURITY
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. These measures are periodically updated based on technical advancements, the nature of the data, and the specific characteristics of the processing. They are continuously monitored and verified over time. Third parties that provide any type of support for the delivery of services requested by the Company, in relation to which they carry out processing operations on personal data, are designated as Data Processors and are contractually bound to comply with the measures for the security and confidentiality of the processing. The identity of such third parties is made known to the users.
The Company shall not be held responsible for the rules and methods of managing personal data of other websites that can be accessed from our pages through links and references the content of any email services, web spaces, or chat forums provided to users. The processing operations connected to the web services of this website take place at the Company’s premises and, where applicable, at the premises of the data processors and are carried out by staff in charge of processing who are responsible for managing the requested services, marketing activities – if requested by the user – data storage activities and occasional maintenance operations.
G) DATA SHARING
The personal data provided may be communicated to third parties to fulfil legal obligations, to comply with orders from public authorities or to assert or defend a right in court. If necessary, in relation to specific services or products requested, personal data may be communicated to third parties acting as independent data controllers who carry out functions strictly connected and instrumental to providing the services or products. Without this communication, these services and products could not be provided. Personal data will not be disseminated unless the requested service requires it.
H) DATA PROVIDED VOLUNTARILY BY THE USER
The types of personal data collected and processed on this website are those necessary to provide the various services offered. The collected data is processed through paper-based, automated, and telematic methods, using logic strictly related to the purposes of processing. We may also use your telephone number and email address to provide you with our services. It is, therefore, clear that if you do not provide such data, you will not be able to access those services that require the use of these tools. The voluntary sending of e-mails to the addresses indicated on the website entails the acquisition of the sender’s address and any other personal data contained in the message; such personal data will be used solely for the purpose of performing the requested service.
I) BROWSING DATA
Please note that our website’s software systems automatically collect certain personal data during normal operations. This data is transmitted implicitly through the use of internet communication protocols. While this information is not intended to be associated with identified users, by its nature, if combined with data held by third parties (e.g., your internet service provider), it could potentially allow for user identification. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URL (Uniform Resource Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters related to the user’s operating system and computer environment. This data is used solely for anonymous statistical purposes regarding website usage and to ensure proper functioning.
The Data Controller and, depending on the service requested, the designated Data Processors will retain, for a limited period in accordance with the law, a record (LOG) of connections/navigations made to respond to any requests from judicial authorities or other public bodies authorised to request such a record for the purpose of ascertaining any liability in the event of computer crimes.
Apart from what is specified for browsing data, the user is free to provide or not to provide the personal data requested in the service registration form. Some data on this form may be marked as mandatory; this means that such data is necessary to provide the requested service. The requested service cannot be provided if this data is not provided.
At the time of any data provision, in accordance with Article 13 of Legislative Decree No. 196/03 and Articles 13 and 14 of the GDPR, the data subject is provided with a concise but complete and transparent notice regarding the purposes and methods of processing, the mandatory or optional nature of data provision, the consequences of failing to provide such data, the subjects or categories of subjects to whom personal data may be communicated, and the scope of dissemination of such data. The notice also includes information about the rights under Article 7 of Legislative Decree No. 196/03 and Articles 15 et seq. of the GDPR (access, integration, updating, correction, deletion due to legal violation, objection to processing, etc.), as well as the identity and location of the Data Controller and Data Processors. The data subject is therefore required to give their informed, free, specific and documented consent in the form provided for by law, where required by the same. If the provision of personal data occurs in subsequent phases, supplements to the information notices already provided may be given, and new consents to processing may be requested in accordance with the Privacy Code and the GDPR.
L) SECURITY MEASURES ADOPTED FOR DATA PROTECTION
The Company employs “secure” architectures and technologies to protect personal data against unauthorised disclosure, alteration, or misuse. The safeguards activated with respect to personal data aim, in particular, to minimise the risks of destruction or loss, even accidental, of data, of unauthorised access or of processing that is not permitted or not in accordance with the purposes of the collection. Such security measures meet the minimum requirements indicated by the legislature (Technical Guidelines on minimum security measures pursuant to articles 33 to 36 of Legislative Decree no. 196/03). The data subjects have the right at any time to obtain confirmation of the existence or non-existence of such data and to know its content and origin, to verify its accuracy or request its integration or updating, or its rectification (art. 7 of Legislative Decree no. 196/03 and art. 16 of the GDPR). Pursuant to the same article, the data subject has the right to request the deletion, transformation into an anonymous form or blocking of data processed in violation of the law and to oppose, in any case, for legitimate reasons, to their processing. Requests should be addressed using the Company’s contact details indicated in the site footer.