We take your privacy very seriously and are committed to protecting it.
Article 13 of the GDPR 679/2016 “EU General Data Protection Regulation”;
Recommendation no. 2/2001 adopted by the Working Group, established by Article 29 of the Directive number 95/46/CE.
If you are required to provide your personal data to access certain site services, you will be provided with the appropriate and detailed information on the processing pertaining to your data, pursuant to Article 13 of Legislative Decree 196/03 and of Article 13 of GDPR 679/2016. This information will specify the limits, purposes and methods of the processing itself.
DATA CONTROLLER & DPO
The Data Controller is Spindox S.p.A., which is based in Milan, Italy in via Bisceglie 76. Within the company, data belonging to visitors of the site will be processed by employees who act as Appointees under the direct authority of the respective Manager.
In addition to Spindox employees, the processing of personal data may also be performed by third parties to whom the company entrusts certain activities (or parts of them) connected with or instrumental to the performance or provision of the services offered. In such circumstances, the same subjects will operate as autonomous owners, co-owners, or will be appointed as Data Processor Managers or Data Processors.
The Data Protection Officer (DPO) of the Spindox Entrepreneurial Group, appointed by the Data Controller, can be contacted by e-mail at the following e-mail address firstname.lastname@example.org
NATURE OF DATA USED FOR PROCESSING
During normal operation and for the sole duration of the connection, the computer systems and software procedures used to operate this site acquire data that are implicitly transmitted in the use of internet communication protocols.
This information is not collected for the purpose of associating it with users. However, by their very nature, they could allow the identification of them through processing and associations with data held by third parties. These data, deleted a few hours after processing, are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its proper functioning. Furthermore, in the event of hypothetical computer crimes against the site, they could be used to ascertain any liability.
These data include the following categories:
Names related to the computer domain used by users connecting to the site;
Notation addresses URI (Uniform Resource Identifier): requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numeric code indicating the status of the response given by the server (good results, errors, etc.), and other parameters pertaining to the operating system and the user’s IT environment.
DATA PROVIDED VOLUNTARILY BY USERS / VISITORS
If users / visitors send their personal data to access certain services on this site or to make requests via e-mail, Spindox will acquire these data. These data will be processed exclusively to respond to the request or for the provision of the service in accordance with this Policy and the specific Privacy information provided during the request of the individual services. The data will be kept only for the time strictly necessary to provide the requested service and to manage any disputes.
The personal data explicitly provided by the users will be communicated to third parties only if the communication is necessary to comply with the requests of the users themselves, without prejudice to the provisions of the specific information for the individual services.
METHOD OF PROCESSING
The processing is performed through automated tools (for example, using procedures and electronic media) and / or manually (for example, on paper) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in accordance with the regulations in force on the subject.
PLACE OF DATA PROCESSING
The processing operations related to the web services of our sites take place at the aforementioned offices of the Data Controller.However, Spindox reserves the right to use cloud services. In this case, the service providers are selected from those who provide appropriate guarantees as required by Article 46 of GDPR 679/16.
RIGHT TO PROVIDE DATA
Except as specified for navigation data, users are free to provide their personal data. Failure to provide such data may result only in the failure of obtaining the requested information from the site.
RIGHTS OF THE INTERESTED PARTY
Article 7 of Legislative Decree 196/2003;
Article 15 – Right of access, 16 – Right of rectification, 17 – Right of cancellation, 18 – Right of limitation of treatment, 20 – Right of portability, 21 – Right of opposition, and 22 – Right to object to automated decision-making of GDPR 679 / 16,
you can exercise your rights by writing to the Data Controller, specifying the subject of your request, the right that you intend to exercise and attaching a photocopy of an identification document that certifies the legitimacy of the request.
REVOCATION OF CONSENT
With reference to Articles 7 and 23 of Legislative Decree 196/2003 and to Article 6 of GDPR 679/16, you can revoke any consent given at any time.
You can exercise this right by writing to the Data Controller, specifying the subject of your request and attaching a photocopy of an identification document that certifies the legitimacy of your request.
When the data processing is not based on consent, this rule is intended as an expression of the willingness of the interested party not to receive further communications from the Data Controller.
AUTOMATED DECISION PROCESSES
Under no circumstances shall the Data Controller process personal data on automated decision-making processes.
Cookies are small text files sent by the site to someone’s PC or smartphone (usually to the browser), where they are stored and then transmitted to the site when the same user visits again. A cookie cannot retrieve any other data from the user’s hard drive or transmit computer viruses. Each cookie is specific to your web browser. Some of the functions of cookies may be delegated to other technologies. In this document, the term “cookies” refers both to cookies and to all similar technologies.
Cookies have a duration defined by the deadline (or by a specific action such as the closing of the browser) set at the time of installation. Cookies can be:
• Session cookies: they are used to store temporary information, allowing you to link actions performed during a specific session. They are removed from your computer when you close your browser;
• Persistent cookies: they are used to store information, such as your login name and password, so that you don’t have to type them in again each time you visit a specific site. They remain stored on your computer even after you close your browser.
Cookies can be divided into two macro-categories:
• The strictly necessary cookies are useful for the proper functioning of the site and are needed to allow users to navigate through the site, using all the different features. This type of cookie does not require explicit consent as it is functional for the correct use of the site.
• Non necessary cookies: profiling, statistical and marketing cookies. They are intended to monitor visitor behaviour and create profiles on the user in order to send personalized advertising messages. These require explicit consent from the user.