– INTRODUCTION AND LEGAL BASIS
– HOLDER AND RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
The data controller is Prodes Italia S.R.L. – vat number 09808810965, in person of its managing director, with registered office in via Sansovino, 6 – 20133 – Milan – Italy – firstname.lastname@example.org – tel. +039 0236580208
– INFORMATION ON GENERAL RISKS
The owner, in the user specified above, informs users that, due to the particular nature of the means used, there is a general risk of violation of network security, a risk that may arise outside the scope of the security measures adopted pursuant to current legislation. Therefore, the user is recommended to make sure that his navigation instrument has all the necessary requirements to guarantee the security of data transmission on the network.
– SUBJECT OF COLLECTION AND TREATMENT
1. Personal data provided by the user: data voluntarily and knowingly issued as name, surname and e-mail address issued through the “form” for registration and / or contact;
2. Data obtained through the user’s device: device manufacturer, device model, operating system, type of browser, ip address;
3. Data obtained from social media: the user id and / or username associated with a given social media service and the link to the user profile in the case of access or registration to the site through a social media service (eg . Facebook). Access to the service through social media services requires the communication of the data mentioned above. If the user does not intend to communicate the aforementioned information, he must use other means to access the website;
4. Geolocation: the location of the user’s device, subject to the latter’s consent, which may be revoked at any time by the user.
– PURPOSE AND METHOD OF COLLECTION AND TREATMENT
Personal data are collected to allow the main functions of the website or to allow users to perform registration operations, to manage requests for information sent by users, to comply with applicable regulations and / or to respond to requests from public and administrative authorities , to carry out the activities necessary for the transfer of business or company branches, acquisitions, mergers, demergers or other transformations and for the execution of the aforementioned operations, to allow a limited activity of profiling preferences, characteristics, habits or consumption choices users, in order to allow the carrying out of marketing activities focused on the interests and specific needs of users, with the prior consent of the user. In addition, the data are collected to allow www.prodesitalia.com, sending newsletters, subject to the consent of the user who has voluntarily entered it through the appropriate “subscribe to the newsletter” field, or by checking the appropriate box “subscribe to the newsletter” in the registration form. www.prodesitalia.com also deals with aggregated data for its own statistical purposes.
– LEGAL BASIS
At the basis of the processing of personal data there are above all the contractual purposes. In this case the treatment is mandatory, as it is necessary for the provision of the requested services. Therefore, if the user does not want his personal data to be used for such purposes, he must not use the services and the website. The processing also takes place on the basis of the legitimate interest of www.prodesitalia.com, its counterparts and its partners for the realization of economic activities, within the limits and strictly necessary for the performance of the same, in line with the interest of the user.
Finally, the legitimate interest in the processing of data is found in carrying out profiling activities, for the purpose of sending marketing communications, based on the interests and needs of the user. In all these cases, the data processing activities are not mandatory and the user may oppose at any time, according to the methods indicated below, or using the form available on the website www.prodesitalia.com. The marketing purposes are optional. However, the lack of consent, for their realization, would make it impossible for www.prodesitalia.com and its partners to send to the user generic and / or personalized marketing communications and services / products of the partners. The User may revoke his consent to the processing of personal data for marketing purposes at any time by sending an email to the following email address: email@example.com
– METHOD OF CONFERRING CONSENT. ACTIVE CONFERENCE.
www.prodesitalia.com does not use automatic or predefined boxes for the acquisition of consent by the interested party to the processing of personal data. The user, in fact, as required by the eu regulations, must express his consent in a clear, determined and informed way by clicking on the “accept” button, only after carefully reading the text of the information. In this way you will have acquired consent to the processing and storage of personal data by the system.
The user, once knowingly consensus, by executing the procedure guided by the system, assumes the responsibility of having read the information, relieving the controller from any responsibility. The user is also required to give his consent regarding the receipt of the newsletter to which he has voluntarily registered through the special “subscribe to the newsletter” field, or by checking the appropriate box “subscribe to the newsletter” to the internal registration form.
– TO WHOM DATA COMMUNICATES ARE
www.prodesitalia.com shares the personal data of the user, for the purposes already mentioned:
– with suppliers of services instrumental to the operation of the website; both appointed as external managers of the treatment;
– with the competent authorities in order to collaborate in the investigations aimed at guaranteeing protection, against the unlawful or unauthorized use of the website, and to ensure compliance with the applicable laws.
The data may also be disclosed to persons delegated to perform the activities necessary for the execution of the purposes pursued by the website and disseminated exclusively for that purpose. These are personnel within the company, responsible for the execution of the service offered by the website.
Users’ data could also be communicated to the following categories of third parties:
– public authorities in the fulfillment of specific legal obligations;
– administrative, judicial and tax authorities, in the cases and with the limitations established by law;
– other entities controlled and / or connected to the company, in the cases and with the limitations established by law;
– service providers or consultants for needs related to the management of the service.
In these cases, the data subject’s consent to the communication of personal data is not necessary.
– MODALITIES OF TREATMENT OF PERSONAL DATA
The user’s personal data are processed electronically or otherwise, for the period of time strictly necessary to achieve the purposes for which they were collected. In the management of data collected through www.prodesitalia.com, the most appropriate measures are taken to prevent the loss, illicit or incorrect use of data as well as unauthorized access. In addition, reasonable measures are taken to maintain the security of personal data collected, including by limiting the number of individuals who have access to our databases and by installing electronic security systems that protect against unauthorized access.
– DATA TRANSFER MODE
It is possible that, within the scope of its activity, the user’s personal data are transferred to third-party companies both inside and outside the european union. In this case, all appropriate measures will be taken to ensure that the transfer takes place in accordance with the provisions of articles 45 and 46 of the privacy regulation. In the event that the user wishes to receive further information regarding the existing guarantees and request a copy thereof, he can contact us at the following e-mail address firstname.lastname@example.org.
– CONSERVATION PLACE
The data released by the user will be collected and stored at the servers of Aruba Business S.P.A. For sending newsletters, Prodes Italia uses the system called Sendinblue that allows the company to profile customers based on the language or country of origin, for the creation of specific lists, to send targeted communications.
– STORAGE TIME FOR COLLECTED DATA
The collected data will be kept for the time necessary to complete the activities and the obligations for which they were collected. Subsequently they will be archived constituting internal registry of the operator, or they will be deleted. The internal registry can combine and classify the data of the users by associating them with the identification codes used for authentication.
– USER RIGHTS
The interested party enjoys the rights referred to in regulation 678/2016, including:
– request confirmation of the existence of personal data, including data collected by the company;
– know their origin, the logic and the purposes of their treatment;
– obtain updating, correction and integration;
– request cancellation and oblivion, transformation into anonymous form or blocking in case of unlawful processing;
– oppose their processing for legitimate reasons or in the case of use of data for sending advertising material, commercial information, market research, direct sales and interactive commercial communication;
– request the transfer of personal data to third parties, whenever possible and necessary.
The exercise of these rights by the user takes place through direct contact between the data controller and the data processor, to which the user, using the references included in this statement, may request to proceed to each of the above mentioned charges. Exercise of these rights, by the User, takes place through direct contact between the Data Controller and the Data Processor, to which the User, using the references included in this statement, may request to proceed to each of the above mentioned charges.
– SIGNAL PROCEDURE
In case of violation of the rules for the protection of personal data or event that results in the loss of the aforementioned data by the owner, regulation 679/2016 imposes the following procedure:
– obligation to report by the interested party
If the interested party is aware of the violation of their personal data, he / she must make an urgent communication to the data controller, using one or more of the contacts indicated in point 2) of this statement. The data controller must, within 72 hours, communicate the violation to the privacy authority, together with the measures taken to deal with the violation.
Reporting by the data controller
The holder who becomes aware of the violation from other sources of control (dpo – data processor – data processors). He will have to give notice within 72 hours to the privacy authority, also indicating the measures to deal with the violation, as well as to the interested party.
The interested party has also the right to lodge a complaint with the control authority. For more information on the procedures, users are invited to visit www.garanteprivacy.it
– COMPENSATION FOR DAMAGE
The interested party who has suffered a loss caused by the loss, unauthorized or illegal distribution of their data is entitled to proceed, before the appropriate offices, to obtain relief.
– COMPETENT AUTHORITY
For reports concerning the violation of personal data or damage suffered, as a result of the same, the authority is responsible www.garanteprivacy.it
in case of disputes related to the interpretation of this document, the competent court will be, according to the legislative decree 206/2005, the consumer court.