The processing operations connected to the web services of the site / portal take place at the headquarters of the aforementioned business company and are only handled by the authorized technical staff for processing (eg Internet Area), or by any external Processors (outsourcers) for the completion of occasional or periodic technical operations (eg Database maintenance).
“Personal Data” definition
Users can access different sections of the website without giving any personal information. The Data Controller processes and collects personal data online through its website and / or portal or other e-mail address of the Company; these treatments are carried out, in a mainly automated way, in the following ways:
1) Data released voluntarily by users
Data Controller collects personal information and other data that are entered in the registration forms or released in the form fields of the website and / or portal, as well as forwarded to the Company by electronic mail. These data may relate to information necessary to provide the services requested by the interested party (eg Newsletter) and / or to contact the interested party (name, postal address, e-mail address, telephone number, user ID and password), or even the date of birth, professional credentials, hobbies and interests.
2) Navigation data collected through the use of electronic tools
The computer systems and software procedures used to operate the website of the Data Controller acquire, during their normal use, a series of personal information whose transmission is implicit in the use of Internet communication protocols (for example, the user's IP address or the domain name of the computer used to access the website, the URL of the requested resources, the time of the request or the time of the session, the method used to submit the query to the server, the size of the files received in response to the request, the numeric code concerning the status of the response given by the server and other type of information regarding the operating system and the user's computer setting). The website and / or web portal of the Data Controller uses technologies such as cookies or similar in order to collect and / or transmit users' personal data. The Data Controller of uses these technologies exclusively for the purpose of obtaining statistical information on the use of the site and / or web portal (eg total number of visitors to the sites, number of visitors per single web page, name of the origin domain of the internet service provider of visitors). In particular, the use of session cookies (those that are removed from the user's computer when the browser is closed) is strictly limited to the transmission of information related to the user's session, of fundamental importance for a safe and efficient navigation of the website and / or portal. Furthermore, the use of these session cookies strictly excludes the use of other IT techniques that are potentially detrimental to the confidentiality of users' browsing and does not allow the acquisition of personal identification data of the same.
Details on personal data processing
The User Data is collected to allow the Controller to provide its services, as well as for the following purposes: Statistics, Contacting the User, Interaction with social networks and external platforms, Registration and authentication, Social Applications, Payment management, Interaction with support and feedback platforms, Infrastructure monitoring, Traffic optimization and distribution, Interaction with live chat platforms, Remarketing and Behavioral Targeting, Address management and sending email messages, Displaying content from external platforms, Comercial affiliation and Heat mapping. Types of Personal Data used for each purpose are indicated in the specific sections of this document.
Purpose of processing of data collection
Personal Data may be collected for the following purposes and using one or more of the following services:
Contact the user, chat and feedback
Mailing List or Newsletter
By registering to the mailing list or to newsletter, the User's email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to this site and / or portal may be transmitted. The User's email address could also be added to this list as a result of registering on the site form or after making a purchase.
Personal data collected: Email.
Address management and email messages sending
These services allow you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services could also allow you to collect data relating to the date and time of display of the messages by the User, as well as to the User's interaction with them, such as information on clicks on the links inserted in the messages.
MailChimp (The Rocket Science Group, LLC.)
MailChimp is an address management and email message service provided by The Rocket Science Group, LLC.
Personal Data collected: email.
Subject adherent to the Privacy Shield.
Interaction with live chat platforms
This type of CHAT services allows you to interact with live chat platforms, managed by third parties, directly from the pages of the website. This allows the User to contact the Application support service or this Application to contact the User while he is browsing his pages. In the event that an interaction service is installed with live chat platforms, it is possible that, even if the Users do not use the service, it collects Usage Data relating to the pages in which it is installed. Furthermore, live chat conversations could be recorded.
Toc Toc chat widget (Toc Toc srl)
Interaction with support and feedback platforms
These services allow interaction with support and feedback platforms, managed by third parties, directly from the pages of the site and / or portal. In the event that an interaction service is installed with the support and feedback platforms, it is possible that, even if the Users do not use the service, it collects Usage Data related to the pages in which it is installed.
Purpose of data processing
The personal data gathered from compilation of modules on the web site of the Data Controller is treated for the following purposes:
to grant you access to the services provided by the web site/portal reserved for registered users; to contact you at your request to provide specific information and assistance that you need or for which you have requested our intervention; with your express consent, to send you commercial information and for marketing activities in automated modality (such as email, fax, SMS, MMS, etc.) and non-automated modality (such as surface mail, telephone call with operator, etc.) regarding products and services of the web site owner and/or its commercial partners; with your express consent, to use electronic instruments to conduct profiling, analysis of purchasing choices and market research to improve the offering of services and commercial information, configuring these to better match your interests. This policy can be integrated by further conditions made known at the time of requesting specific services.
Communication and/or diffusion of personal data
1. when online users have authorized the release of information;
2. when the data controller needs to communicate information about users in order to offer services and satisfy the request of an online user;
3. when the data controller needs to communicate the information to partners who perform services for online users;
4. when the data controller is required, by order of the judicial authorities, to release information about users, or in accordance with a local or international law, regulation or mandate.
Protection of personal data
In conformity with the principle of necessity as sanctioned in article 5 GDPR, the Data Controller guarantees that processing with electronic instruments reduces the use of personal and identification data to the minimum, limiting recourse to the cases in which it is strictly necessary to fulfil the purposes for which they were gathered. The Data Controller also guarantees the adoption and observance of specific safety measures to prevent loss of data, illicit or improper use of data and unauthorized access. The Data Controller will archive the data of each user until a cancellation order is received from the data owner, including data for which conservation is not necessary in relation to the purpose for which it was gathered, in observance of the rights sanctioned by articles 15 – 21 GDPR, to be implemented by the means set out in the paragraph below entitled “Rights”. Each designated individual user is responsible for guaranteeing the ownership and custody of the password and codes for access to the web resources.
Consent to the processing of personal data
The controller of the aforementioned data processing, processes the data of its users / customers exclusively with the consent of the same. However, if the user does not consent to the processing of data or requests the deletion of his / her data, it will not be possible to access the restricted areas of the Company's website / portal.
Optional nature of data conferral
In addition to the specified navigation data, the user is free to supply or withhold the personal data listed on the module of request and/or registration of the Data Controller’s web site, as identified above. Failure to confer the data may make it impossible to obtain what is requested. For completeness, in some cases (not pertinent to the ordinary management of this web site, authorities can request notice and information pursuant to art. 58 GDPR for the purpose of controlling personal data processing. In these cases, failure to respond is penalized by an administrative sanction.
Right to access personal data and other rights
Users of the website / web portal can always contact the Data Controller to assert their rights as set out in articles from 15 to 21 of the GDPR based on which: The interested party has the right to obtain confirmation that a processing of personal data is being carried out and in this case to obtain access to personal data and to the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
d) when possible, the retention period of the personal data provided or, if this is not possible, the criteria used to determine this period;
e) the existence of the data subject's right to request the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose to processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the data is not collected from the interested party, all available information on its origin;
h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
The interested party has the right to obtain:
• updating, rectification or, when interested, integration of data
• the deletion of data concerning for the reasons specifically provided by art. 17 GDPR (right to be forgotten), the transformation into anonymous form or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were or subsequently processed; The Data Controller, in the event that personal data have been made public and is obliged to delete them at the request of the interested party, adopts reasonable and even technical measures to inform those who are processing personal data to cancel any link, copy or reproduction of personal data, except in the case where such fulfillment is impossible or involves the use of means manifestly disproportionate to the protected right. Interested party has the right to object, pursuant to art. 21 GDPR, in whole or in part:
• for reasons related to his particular situation to the processing of personal data concerning him, even though pertinent to the purpose of the collection. The Data Controller refrains from further processing personal data unless demonstrates the existence of legitimate reasons for proceeding with processing that prevail over the interests, rights and freedoms of the subject or for verification, exercise or defense of a right in court.
• to processing of personal data concerning him for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication.
In accordance with these provisions, and in addition to the other rights specified herein, the aforementioned Data Controller provides the users of website / web portal with the following possibilities:
1. no collection of personal data: user can choose not to provide personal data online to the data controller mentioned above by deciding not to enter or release personal information in the registration form or in the form fields, or not using in this case any personalized service among those available on the Company website / portal. Some of contents and / or services of the site / portal are offered exclusively to users who release personal information or use personalized services.
2. limitations on use and communication of personal data for different purposes: access to certain sections of content and / or services of the website of the aforementioned Data Controller may require the consent of the user to use and release personal data in order to implement the contact list and / or to identify and offer additional services and promotions considered interesting for the user. Users can limit the further processing of this information by checking or choosing the options to be set when entering the data.
Furthermore, the information provided after the first registration can be modified or canceled by changing the settings previously entered in the registration form on the website of Data Controller, by accessing the "Newsletter" section in home page. It is also possible for users to access their personal data, released and stored online and, where permitted, it is also possible to update and modify personal data online.