1. INTRODUCTION – WHO ARE WE?
2. HOW TO CONTACT US?
The Data Controller has not identified a Data Protection Officer (DPO), since it is not subject to the obligation of designation provided in Article 37 of the Regulation.
3. WHAT DO WE DO? - PURPOSE OF PROCESSING
By browsing the Website, the User can consult the available contents and learn about the services and initiatives promoted by the Data Controller. Moreover, the User, from the “Join us”, “Jump in!”, “Are you with us?” and “Get the Shock” sections can send his/her proposal for collaboration to the Data Controller; From the “Contact us” section, the User may contact the Data Controller for various purposes such as, purely by way of example and not limited to, obtaining more information on the services offered through the Website, requesting support from the Data Controller.
In relation to the activities that may be carried out through the Website, the Data Controller collects personal data relating to the Users.
This Website and the services eventually offered through the Website are reserved to subjects over the age of 18 years old. Hereby, the Data Controller does not collect personal data pertaining to subjects under the age of 18 years old. At request of the Users, the Data Controller will promptly delete all the personal data, involuntary collected, pertaining to subjects under the age of 18 years old.
Users’ personal data will be lawfully processed by the Controller for the following purposes:
a) Allowing browsing of the Website. The User data collected by the Data Controller for the sole purpose of browsing the Website include all those personal data whose transmission is implicit in the use of Internet communication protocols, such as: IP addresses used by users who connect to the Website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the log file and other parameters relating to the User's operating system and computer environment.
d) Legal obligations. i.e. to fulfil obligations laid down by law, by an authority, by a regulation or by European legislation.
The provision of personal data for the processing above-mentioned purposes is optional but necessary, since failure to provide such data will make it impossible for the User to browse and use the services offered by the Data Controller on the Website.
4. FURTHER PROCESSING PURPOSES
4.1. Commercial newsletter
Where the related consent is requested, the User's personal data (i.e. name, surname, address, e-mail address) may also be processed by the Data Controller for marketing purposes. Therefore, the User will receive a periodic newsletter from the Data Controller to promote the purchase of products and/or services offered by the Data Controller and/or by third parties, to present offers, promotions and commercial opportunities.
If consent is not given, the possibility of using the services on the Website will not be affected in any way.
In the event of consent, the User may withdraw it at any time by making a request to the Data Controller in the manner indicated in paragraph 8 below.
The User may also easily object to further sending of promotional communications by clicking on the appropriate link for the withdrawal of consent, which is present in each e-mail containing the newsletter. Once consent has been withdrawn, the Data Controller will send the User an e-mail message confirming that consent has been withdrawn.
5. LEGAL BASIS FOR PROCESSING
Contractual obligations and fulfilment of the User's request (as described in para. 3(a), (b) and (c) above): the legal basis is Art. 6(1)(b) of the Regulation, i.e. the processing is necessary for the performance of a contract to which the User is party or for the performance of pre-contractual measures taken at the User's request.
Legal obligations (as described in para. 3, lett. d) above): the legal basis is Art. 6(1)(c) of the Regulation, as the processing is necessary to fulfil a legal obligation to which the Data Controller is subject.
Further processing purposes: for the processing relating to the activities of sending the commercial newsletter (as described in Section 4.1 above), the legal basis consists in Article 6(1)(a) of the Regulation, i.e. the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Data Controller asks the User for the provision of a specific free and optional consent, in order to pursue such processing purpose.
6. PROCESSING METHODS AND DATA RETENTION PERIODS
The Data Controller will process the Users' personal data by means of manual and computerised tools, with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data.
The personal data of the Website's Users will be retained for the time strictly necessary to carry out the primary purposes set out in paragraph 3 above, or in any case, as necessary for the protection in civil law of the interests of both the Users and the Data Controller.
In the case referred to in paragraph 4.1 above, the Users' personal data will be retained for the time strictly necessary to fulfil the purposes set out therein and, in any event, until the User withdraws his/her consent.
In any case, any retention periods provided for by law or the Regulation shall remain unaffected.
7. TRANSMISSION AND DISSEMINATION OF DATA
The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Website and the Users' requests. These subjects, who have been instructed to do so by the Data Controller pursuant to art. 29 of the Regulation, will process Users' data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as “Data Processors” pursuant to Article 28 of the Regulation, such as, by way of example, IT and logistical service providers, functional to the functioning of the Website; suppliers of outsourcing or cloud computing services; professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller in the manner indicated in paragraph 8 below.
8. RIGHTS OF THE DATA SUBJECTS
Users may exercise the rights granted by the Applicable Law by contacting the Data Controller in the following ways:
The Data Controller has not identified a Data Protection Officer (DPO), as it is not subject to the obligation of designation provided for by Article 37 of the Regulation.
Pursuant to Applicable Law, the Data Controller informs that Users have the right to obtain indication of (i) the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and data processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as data processors or agents.
Furthermore, Users have the right to obtain:
a) Access, updating, rectification, or, when interested, integration of data;
b) Cancellation, transformation into anonymous form or the restriction of data processed in breach of the law, including data that do not need to be stored in relation to the purposes for which the data was collected or subsequently processed;
c) Certification that the operations referred to in points a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed, except where this proves impossible or involves a manifestly disproportionate effort compared with the right protected.
Moreover, the Users have:
a) The right to withdraw consent at any time, if the processing is based on their consent;
b) The right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device);
c) The right to oppose to:
d) If it is deemed that the processing concerning their personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).