PRIVACY POLICY

Information supplied pursuant to Art.13 of the EU Regulation 2016/679 (henceforth the GDPR) and Art.13 of the Italian Legislative Decree 196/2003 “Personal data protection Code” (henceforth the Code)  

 

  1. GENERAL INFORMATION

We inform the data subjects of the following general profiles, valid for all aspects of the data processing process:

  • all data of subjects that we deal with are processed legally, correctly and transparently, in compliance with the general principles of Art. 5 of the GDPR and Art. 11 of the Code;
  • specific security measures are observed to prevent data loss, illegal or incorrect uses and unauthorised access, pursuant to Art. 32 of the GDPR and Art. 31 of the Code.

 

References and rights of the data subject

  • The Data Controller is the organisation, in the person of the pro-tempore legal representative. In order to guarantee an adequate support to the data subject the Data Controller has appointed a Data Protection Officer (contact information: Mr Gregorio Galli – 0523.010250 – info@gallidataservice.com ) to exercise all rights set out in Articles 15-21 of the GDPR and Art.7 of the Code (right to access, correct, delete, limit, portability, object), as well as to change a previously given consent. If the data subject does not receive a response to their requests, they can complain to the Italian Data Protection Authority (GDPR - Art.13, paragraph 2, letter d).

 

 

2) PROCESSING DATA LINKED TO THE OPERATION OF THIS WEBSITE

 

Navigation data

The computer systems and software procedures in place for the operation of this website acquire, during their normal operation, certain personal data, whose transmission is implicit in the use of internet communication protocols. The information is not collected to be associated to identified individuals but, due to their nature, could be, when processed and associated with data held by third parties, allow the identification of the individuals. This category of data includes IP addresses or domain names of the computers used by the users that connect to the website, the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time of the request, the method used to present the request to the server, the size of the file obtained in response, the numerical code indicating the status of the data response from the server (successful, error, etc.) and other parameters relative to the operating system and the computer environment of the user.

 

Purpose and legal bases for the data processing

(GDPR-Art.13, paragraph 1, letter c)

The data is used solely to extract statistical data on the use of the website and to monitor its correct operation. The data may also be used to establish any responsibility in case of hypothetical crimes against the website (Data Controller's legitimate interests).

Scope of communication

(GDPR-Art.13, paragraph 1, letters e,f)

The data can be processed exclusively by internal personnel, regularly authorised and trained for the data processing (GDPR-Art.29) or by any subjects appointed to the maintenance of the web platform (in which case external data supervisors are appointed) and will not be communicated to other subjects, distributed or transferred to non-EU countries. The data can be made available to competent authorities only in case of investigations.

Data retention period

(GDPR-Art.13, paragraph 2, letter a)

The data are stored for short periods of time, except for any extensions connected to investigations.

Data supply

(GDPR-Art.13, paragraph 2, letter f)

The data are not supplied by the data subject but acquired automatically by the website's technological systems.

 

 

Cookies

What are cookies? Cookies are small text files (letters and/or numbers) that allow the web server to save on the client (the browser), information that it can reuse during the same visit to the website (session cookies) or in subsequent visits, even days later (permanent cookies). The cookies are stored, based on the user's preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as, for example, web beacons, transparent GIFs and all forms of local storage introduced with HTML5, can be used to collect information on the user's activities and on the use of the services. In this policy we will use the term cookie to refer to cookies and all similar technologies.

 

Possible types of first-party cookies and managing preferences

CATEGORY

FUNCTION

PREFERENCES

Navigation or session technical cookies

Guarantee the normal navigation and use of the website

In the main navigation browsers you can:

  • Block the default reception of all (or some) types of cookies
  • Display the analytical list of cookies used
  • Remove all or some of the cookies installed

For information on setting the individual browsers, see the specific section. Please note that blocking or deleting cookies could compromise the navigation of the website.

Analytical technical cookies

Collect information on the number of visitors and pages visited

Functional technical cookies

Allow the navigation based on a series of selected criteria

Profiling cookies

Create profiles of the user in order to send advertising messages in line with their preferences

 

The website could contain links to third party sites and third party cookies; for more information please see the privacy policy of any linked sites.

 

Managing preferences with the main navigation browsers The user can decide whether to accept or not the cookies by using their browser's settings (please note that, by default, almost all web browsers are set to automatically accept cookies). The settings can be changed and defined specifically for different websites and web applications. Moreover the best browsers let you define different settings for first-party and third-party cookies. Usually the cookies can be configured in the 'Preferences', 'Tools' or 'Options' menu.

 

See below for a list of links to guides on how to manage cookies for the main browsers:

Internet Explorer:http://support.microsoft.com/kb/278835

Internet Explorer [mobile version]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings

Chrome:http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647

Safari:http://docs.info.apple.com/article.html?path=Safari/5.0/en/9277.html

Safari [mobile version]: http://support.apple.com/kb/HT1677

Firefox:http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies

Android:http://support.google.com/mobile/bin/answer.py?hl=en&answer=169022

Opera:http://help.opera.com/opera/Windows/1781/it/controlPages.html#manageCookies

 

More information

 

 

Specific services

The website could contain data collection forms aimed at guaranteeing users certain services or functions (e.g. request information, registrations, etc.).

 

Purpose and legal bases for the data processing

(GDPR-Art.13, paragraph 1, letter.c)

Identification and contact data may be necessary to respond to the requests of the users. The request is subject to the specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a)

Scope of communication

(GDPR-Art.13, paragraph 1, letters e,f)

The data are processed exclusively by authorised and trained personnel (GDPR-Art.29), or by subjects assigned to the maintenance of the web platform or to the provision of the service (in which case external data supervisors are appointed). The data shall not be distributed or transferred to non-EU countries.

Data retention period

(GDPR-Art.13, paragraph 2, letter a)

The data are stored for the time necessary for the purposes for which it were collected.

Data supply

(GDPR-Art.13, paragraph 2, letter f)

The data supplied in the obligatory fields is necessary to obtain a response, whilst the optional data are aimed at providing staff with further elements useful to facilitate contact.

 

 

Data supplied voluntarily by the user

The optional, explicit and voluntary supply of email and/or ordinary mail addresses indicated in this website results in the acquisition of the sender's address, necessary to respond to the requests, as well as any other personal data included in the mail. If the sender sends their CV in order to be considered for a professional role, the sender remains the sole person responsible for the relevance and accuracy of the data sent. Please note that any CV not including the data processing authorisation will be immediately deleted.

 

3) PROCESSING DATA RELATED TO RELATIONSHIPS WITH CUSTOMERS AND SUPPLIERS

 

3.1 Subject of the data processing

The organisation processes personal information of customers/suppliers (e.g. name, surname, company name, personal/fiscal data, address, telephone, email, bank and payment details) and of their contact person (name, surname and contact data) acquired and used in the supply of services.

 

3.2 Purpose and legal basis for the data processing

The data are processed to:

  • finalise contractual/professional relationships;
  • comply with pre-contractual, contractual and fiscal obligations arising from the relationships, as well as to manage the necessary relevant communication;
  • comply with obligations required by law, regulations, European Community standards or orders of the Italian Data Protection Authority;
  • exercise a legitimate interest as well as right of the Data Controller (e.g.: the right to defend themselves in a court of law, the protection of credit positions and routine internal operative, management and accounting requirements).

The non-supply of the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, pursuant to Art. 6, paragraphs b, c and f, suitable legal basis for the lawfulness of the data processing. If the Data Controller should intend to process the data for different purposes, a specific consent will be requested from the data subjects.

 

3.3 Processing method

The personal data are processed with the operations indicated in Article 4 No. 2 of the GDPR: collection, recording, organisation, storage, consultation, processing, alteration, selection, extraction, comparison, use, interconnection, blockage, communication, erasure and destruction. The personal data is subject to paper and electronic and/or automated processing methods. The Data Controller will process the personal data for the time necessary to fulfil the purposes for which it were collected.

 

3.4 Scope of the processing

The data are processed by authorised and trained personnel, in compliance with Article 29 of the GDPR. It is also possible to request the scope of communication of the personal data, along with precise indications on any external subjects that operate as Data Supervisors or Data Controllers (consultants, technicians, banks, carriers, etc.).

 

4) POLICY UPDATE

This privacy policy may be subject to regular updates, also in relation to the reference standard and law. Any significant changes to the policy will be highlighted on the home page of the website for a suitable period of time. Please consult this privacy policy regularly.