Information on the processing of personal data of users who consult the Company's website in compliance with Article 13 of Regulation (EU) 2016/679
WHY ARE WE SUPPLYING YOU WITH THIS INFORMATION?
According to article 13 of EU Regulation 2016/679 (hereafter “Regulation”), this information describes the processing operations performed on the personal data:
- of the users visiting Company’s website accessed electronically on the address: https://www.lesinapsi.it/;
- admitted into or gathered through the social media pages of the Company.
The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the Company 's domain.
WHO PROCESSES USER DATA
The data controller is:
DATA PROTECTION OFFICER
The Company has appointed a Data Protection Officer (DPO) to verify the compliance of processing with Italian and European legislation.
The Company’s Data Protection Officer (DPO) can be contacted here:
LEGAL BASIS FOR THE PROCESSING
The processing of personal data will be based on a legal basis.
According to the article 6 of Regulation, “processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”.
So the legal basis depends on the purposes for which personal data are processed.
Sometimes (as for requests received through the contact section) the Company use personal data to respond to the visitors’ request (in this case legal base is “(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”); sometimes the Company use personal data to implement specific obligations imposed by rules and regulations (in this case legal base is “(c) processing is necessary for compliance with a legal obligation to which the controller is subject”). When the consent is mandatory, specific consent will be required by Company.
CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING
Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Visiting the website, calling to the phone number quoted on the Website, writing mail, compilating the form of contact section of the Website, using social network plug-ins on the Website, visitor can communicate personal data that can be classified as follows:
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.
This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.
These data are necessary to use web-based services and are also processed in order to:
- extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);
- check functioning of the services;
- identify anomalies and/or abuse.
Browsing data are kept for no longer than seven days (except where judicial authorities need such data for establishing the commission of criminal offences).
DATA COMMUNICATED BY USERS
Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the Company’s contact addresses, or sending private messages to the Company’s social media pages and profiles (where this option is available), and filling in and sending the forms made available on the Company’s websites entail the acquisition of the sender’s contact information – which is necessary to provide a reply – as well as of any and all the personal data communicated in that manner.
Specific information notices will be displayed on the pages of the Company's websites that are used for providing certain services.
COOKIES AND OTHER TRACKING DEVICES
No cookies are used to profile users nor are other user tracking systems implemented.
So-called session (non-persistent) cookies are used exclusively to the extent this is necessary to enable secure, efficient browsing. Storage of session cookies in terminal equipment or browsers is under the user's control, whilst cookie-related information is stored server-side after HTTP sessions in the service logs for no longer than seven days like all other browsing data.
CONSEQUENCES IN CASE OF INCOMPLETE DATA ASSIGNMENT
The Company will inform, from case to case, the user whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.
Specifically, the mandatory or optional nature of the communication of data will be highlighted by means of a notice or a special character placed next to the mandatory information required.
The recipient of the data are Company personnel acting on the basis of specific instructions provided in relation to the purposes and methods of the processing itself.
Where processing is to be carried out on behalf of Company, the Company will appoint the processor as data processors by the Company pursuant to Article 28 of the Regulation.
In any case, the personal data processed will not be disclosed.
The communication or disclosure of data requested by the Police Forces, the Judicial Authority, information or security organisations or by other public entities for defence or security purposes of the State or for prevention, detection or repression of crimes, is subject to compliance with the provisions of the law.
METHOD AND SECURITY OF DATA PROCESSING
The data will be processed:
- through manual, computer and telematic tools and in order to guarantee the availability, integrity and confidentiality of the data;
- with organizational methods and logic strictly related to the purposes indicated, in compliance with the principle of minimization;
- by subjects specifically appointed, identified and authorized, appropriately educated and made aware of the constraints imposed by all applicable legislation;
- with the use of technical and organizational security measures to prevent and / or reduce the risks of illegal access and destruction or loss of data.
PLACE OF PROCESSING
The management and storage of personal data will take place in Italy and, in any case, within the European Union.
Currently the servers used by the Company are placed within Europe
The data will not be transferred outside of the European Union
In any case it is understood that, where it deems it necessary and / or appropriate, the Company will have the right to change the location of servers in Italy and / or the European Union and / or non-EU countries. In such a case the Company assures that the transferral of data outside of the EU will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection, and / or adopting the standard contractual clauses provided by the European Commission, and / or, in any case, satisfying the conditions set by the applicable legislation.
The data gathered during the registration by the Website will be used exclusively for the indicated purposes and will be stored only for the strictly necessary time needed to carry out the activities of the Company.
The data will not be stored for a period of time longer than the necessary time to meet the purpose for which they were processed. To determine the appropriate time of storage, the Company takes the quantity, the nature and the sensibility of the personal data, the purpose for which it was processed and the possibility to fulfil those purposes by other means, into consideration.
The data gathered by the Website will thus be stored for the entire duration necessary to meet the requests and, even after the termination, to manage all the possible contractual, pre-contractual, administrative, or legal obligations, connected or deriving from them, or for the time allowed by Italian law while protecting the legitimate interests of the Company.
DATA SUBJECTS' RIGHTS
Data subjects have the right to obtain from the Company, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them or to object to the processing and to transmit data (pursuant to Articles 15 to 22 of the Regulation).
As well, data subjects have the right to revoke the consent given (see Articles 15 and following of the Regulation).
Please contact the Company or the Company's DPO at the addresses indicated above to lodge all requests to exercise these rights.
If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint with the Garante pursuant to Article 77 of the Regulation, or else to bring a judicial proceeding against the Company pursuant to Article 79 of the Regulation.
The Company has the right to modify or simply update, fully or partly, the present policy, also in consideration of possible changes in legislation and / or regulations.
The Company undertakes not to limit any previously recognized rights, without first gathering the explicit consent of the interested party.
Any modifications or updates will be made available on the home page of the Website. The most important modification will be highlighted through a more prominent notice (for example by an email notification, where the services and the gathered data allows it).