The Data Controller processes data according to the principles established by the GDPR (General Data Protection Regulation EU 2016/679), of lawfulness, correctness, transparency, limitation of purpose and storage, data minimization, accuracy, integrity and confidentiality.
The Data being processed is::
Personal, identification and contact data (it is expressly forbidden to transmit particular data or data relating to criminal convictions and offences – one’s own or those of third parties – as per art. 9 and 10 GDPR), provided voluntarily by the user in any requests made via the request form, or at the addresses indicated on this site.
The purposes of the Treatment are as follows:
allow the user to browse the site; research/statistical analysis on aggregated or anonymous data, without the possibility of identifying the Visitor, aimed at measuring the operation of the site, measuring traffic and assessing usability and interest of the Site (in this case the Owner does not process data), fulfillment of legal obligations to which the Owner is subject.
responding to user requests and updating them – also by email or newsletter service – on the activities of the Owner.
The legal bases of the treatment
The legal bases of the Treatment are the following:
(a) legitimate interest of the Controller and consent of the user;
b) need to respond to user requests and user consent.
Computer and telematic systems and software used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.
The data is used only to obtain anonymous statistical information on the use of the site and to check that it is functioning correctly and is deleted immediately after processing.
It should be noted that the above data could be used to ascertain responsibility in case of computer crimes against the site or other sites connected or linked to it: except for this possibility, the data on web contacts do not persist except for a few days.
The user can however selectively disable the action of Google Analytics by installing the opt-out component provided by Google on his/her browser.
Duration – some cookies (so-called session cookies) remain active only until the browser is closed. Other cookies (so-called persistent cookies) “survive” the closure of the browser and are also available on subsequent visits by the user, and their duration is fixed by the server at the time of its creation, normally no more than 6 months.
The usability of the contents is also possible by completely disabling cookies, and disabling “third party” cookies does not affect in any way the navigability of the Site.
The setting can be defined specifically for different sites and web applications. In addition, the best browsers allow you to define different settings for different types of cookies.
Safari for Mac
Safari for iOS
We also point out the possibility of using special tools for managing privacy regarding cookies for advertising purposes such as Your Online Choices limited to advertising networks that adhere to the initiative. For more information, http://www.edaa.eu.
The user can always decide whether or not to accept cookies using the settings of your browser.
WARNING! If the user uses particular services provided by other parties (for example, by clicking on the buttons of various social networks, or clicking on links to external sites), there may be a treatment of Personal Data by third parties. In this case, it will be necessary to verify the rules and conditions of the treatment of such third parties. The user therefore grants the Controller the widest possible indemnity for this type of processing.
ATTENTION! It is expressly forbidden to upload, publish or otherwise process personal data of third parties using the site or its services: if you do so, however, against this prohibition of the Owner, the user stands as an independent owner of the processing of such data, assuming all responsibility and releasing the Owner.
Data will be
recorded in digital format at servers in the exclusive availability of the Owner;
protected from the risks of destruction, modification, deletion and unauthorized access by means of appropriate physical, logical and organizational security measures;
further processed, also in paper form, to the extent and within the time strictly necessary to fulfil the purposes indicated above;
all the subjects authorized to the treatment by the Owner are adequately instructed about the law and other treatment rules, committing themselves to confidentiality.
Communication to recipients and dissemination
The data acquired through the site will not be disseminated.
The data are communicated to the recipients to the extent strictly necessary in relation to the above purposes.
The categories of recipients are the following
Subjects necessary for the operation and delivery of services offered by the Site, acting as Data Processors, under contracts entered into pursuant to Art. 28 GDPR;
Trustees and other subjects authorized by the Owner.
As already mentioned, the Owner may also have to communicate data to fulfill legal obligations or to comply with orders from Authorities.
The Owner keeps the data for the time necessary to achieve the purposes mentioned above, or to carry out what has been requested by the user, or required by the purposes described in this document, and the user can always ask for the cancellation, rectification and portability, or oppose the treatment or obtain its limitation.
In particular, the Data Controller will retain Personal Data with the following timeframes:
Navigation Data: maximum 7 days;
Identification and contact data provided by the user through the request form: no longer than 24 months from the user’s request (while the data necessary for the update service on the activities of the Owner, until the operation of the service itself: the Owner will periodically check, at least every three years, the persistence of the consent of the interested party).
Without prejudice to the foregoing, the Data Controller will retain the Personal Data for the maximum time allowed by Italian law to protect its rights and/or interests.
navigation data: their communication is compulsory and essential to allow the Owner to let the user use the site: the user cannot refuse to communicate navigation data, insofar as they consist of Personal Data.
personal data provided by the user through the request form, or the addresses indicated on the site: their communication is optional. If the user refuses to communicate such Data, the Data Controller may not be able to process such requests, in whole or in part.
newsletter service: consent to its processing is optional. If the user does not give consent, the Data Controller will not be able to provide him with the service.
The interested party has the right to:
access their Personal Data held by the Data Controllers;
ask for their rectification and/or cancellation (“oblivion”)
request the Limitation or oppose the Treatment;
request the portability of the Data;
propose a complaint to a Control Authority.
The interested party also has the rights under Art. 7 of Legislative Decree no. 196/2003 (and subsequent amendments / additions) not expressly mentioned (i.e. to obtain confirmation of the existence of Personal Data concerning you and their communication in intelligible form, the indication of their origin, the identification of those responsible for processing, the transformation into anonymous form of Personal Data or their blocking if treated in violation of the Privacy Law).