PRIVACY POLICY
Information provided pursuant to article 13 of EU Regulation no. 679/2016 (hereinafter “GDPR”) and to article 13 of Legislative Decree no. 196/2003 “Personal Data Protection Code” (hereinafter “Code”)
Privacy Policy
GENERAL INFORMATION
We inform the Data Subjects of the following general profiles, which shall apply to all the processing fields:
- the processing of all the data of the subjects with whom we interface shall be carried out lawfully, fairly and in a transparent manner, in compliance with the general principles that article 5 of GDPR and article 11 of the Code provide for;
- specific security measures shall be implemented in order to prevent the loss of data, any unlawful or incorrect use and unauthorized access, pursuant to article 32 of GDPR and article 31 of the Code.
References and rights of Data Subjects
- the Data Controller is the present Organization in the person of its pro-tempore legal representative. In order to ensure an adequate support to the Data Subjects, the Data Controller has appointed a DPO that you can contact (contact details: Dott. Gregorio Galli – 0523.010250 – info@gallidataservice.com) in order to exercise all the rights that articles 15-21 of GDPR and article 7 of the Code (rights of access, to rectification, erasure, restriction of processing, portability, object) provide for, as well as to withdraw a previously given consent; if no acknowledgment is given to their requests, the Data Subjects can lodge a claim with the supervisory Authority of personal data protection (GDPR – article 13, paragraph 2, letter d).
PROCESSING OF DATA RELATED TO THE OPERATION OF THIS WEBSITE
Surfing data
The IT systems and the software procedures used for the operation of this website collect, during their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified Data Subjects but, for their nature itself, it could allow the identification of the users by means of elaborations and associations with data held by third parties. This category of data includes the IP addresses or the domain names of the computers used by the users connecting to the website, the URI (Uniform Resource Identifier) addresses of the required resources, the time of the request, the method employed to submit the request to the server, the file size obtained as a reply, the numerical code indicating the state of the response provided by the server (successful, error, etc.) and other parameters related to the operating system and the IT environment of the user.
Purposes and legal basis for processing (GDPR - article 13, paragraph 1, letter c)
This data is used for the sole purpose of obtaining statistical information on the use of the website and to control its proper functioning. Data could also be used to ascertain the responsibility in case of hypothetical computer-related crimes of the site (legitimate interests of the Data Controller).
Scope of communication (GDPR - article 13, paragraph 1, letters e, f)
Data can be processed exclusively by internal staff, regularly authorized and trained in the processing (GDPR – article 29) or by any subjects in charge of the maintenance of the web platform (in this case appointed as external officers) and it shall not be communicated to any other subject, nor disseminated or transferred in non-EU countries). Only should an investigation be necessary, this data can be put at disposal of the competent authorities.
Storage limitation (GDPR - article 13, paragraph 2, letter a)
Data is generally stored for short periods of time, except in case of possible extensions related to the investigation activities.
Provision of data (GDPR - article 13, paragraph 2, letter f)
Data is not provided by the Data Subject but collected automatically by the technological systems of the website.
Cookies
What are cookies? Cookies are small bits of texts (letters and/or numbers) that allow the web server to store on the client (the browser) information to be reused during the same visit to the site (session cookies) or later, also after some days (persistent cookies). The cookies are stored, according to the users’ preferences, by the single browser on the specific device employed (computer, tablet, smartphone). Similar technologies such as, for example, web beacon, clear GIFs and any other form of local storage introduced by HTML5, are used to collect information concerning user’s behaviour and the use of the services. Hereinafter, cookies and any similar technology shall be referred to as “cookie”.
Possible typologies of first-party cookies and methods to manage preferences
| CATEGORY | PURPOSES | MANAGEMENT OF PREFERNCES |
| Technical or session cookies | To ensure the normal navigation of the website. | The main web browsers allow:
For any information on the setting of each browser, please see the specific paragraph below. Please note that blocking or erasing cookies might compromise the normal navigation of the website. |
| Analytical cookies | To collect information on the number of visitors and on the viewed pages. | |
| Functionality cookies | To allow navigation according to a series of selected criteria. | |
| Profiling cookies | To create profiles related to the user in order to send advertising messages in line with their preferences. |
The site may include links to third-party sites and third-party cookies; for further information please see the privacy policy of the linked websites.
Management of preferences through the main web browsers Users can decide whether to accept or not the cookies by using the settings of their browser (please note that, as a default, almost every browser is set to accept automatically cookies). Settings can be modified and defined specifically for the different sites and web applications Furthermore, the best browsers allow you to adjust different settings for “first-party” and “third-party cookies”. The configuration of cookies is usually set from the “Preferences”, “Tools” or “Options” menu.
The following are the links to the guides to manage cookies in the main browsers:
Internet Explorer: http://support.microsoft.com/kb/278835
Internet Explorer [mobile version]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
Safari: http://docs.info.apple.com/article.html?path=Safari/5.0/en/9277.html
Safari [mobile version]: http://support.apple.com/kb/HT1677
Firefox: http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
Android: http://support.google.com/mobile/bin/answer.py?hl=en&answer=169022
Opera: http://help.opera.com/opera/Windows/1781/it/controlPages.html#manageCookies
Additional information
- allaboutcookies.org (for further information on cookie technologies and their operation)
- youronlinechoices.com/it/a-proposito (allows users to reject the installation of the main profiling cookies)
- garanteprivacy.it/cookie (collection of the main regulations concerning privacy policy by the Italian Data Protection Authority)
Specific services
The website may contain form for the collection of data aimed at ensuring the user services/functionalities (such as: request for information, registration, etc.).
Purposes and legal basis for processing (GDPR - article 13, paragraph 1, letter c)
The identification and contact data necessary to satisfy the Data Subjects requests is required. The submission of the request is subject to specific, free and informed consent (GDPR – article 6, paragraph 1, letter a).
Scope of communication (GDPR - article 13, paragraph 1, letters e, f)
Data is processed exclusively by internal staff, regularly authorized and trained in the processing (GDPR – article 29) or by any subjects in charge of the maintenance of the web platform or of the supply of the service (in this case appointed as external officers). Data shall not be disseminated or transferred in non-EU countries.
Storage limitation (GDPR - article 13, paragraph 2, letter a)
Data is stored for periods of time compliant with the purposes of the collection.
Provision of data (GDPR - article 13, paragraph 2, letter f)
The provision of the data required in compulsory fields is necessary in order to obtain a response, whereas the optional fields are aimed at providing the staff with further elements useful for facilitating the contact.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic and/or ordinary mails to the addresses specified in this website implies the subsequent acquisition of the sender’s address, which is necessary to reply to the requests, as well as of any other personal data included in the message. Should the sender send his/her résumé to submit his/her professional application, he/she shall remain the sole person responsible for the relevance and accuracy of the sent data. Please note that any curriculum without the authorization to the processing of personal data shall be cancelled immediately.
PROCESSING OF DATA RELATED TO THE RELATIONSHIPS ESTABLISHED WITH CLIENTS AND SUPPLIERS
3.1 Purpose of the processing
The organization processes personal identification data of clients/suppliers (such as name, surname, corporate name, personal/fiscal data, address, phone number, email, bank and payment details) and of their operational managers (full name and contact data) collected and used within the ambit of the supply of the provided services.
3.2 Purposes and legal basis for processing
Data is processed in order to:
- reach contractual/professional agreements;
- fulfil precontractual, contractual and fiscal obligations resulting from the existing relationships, as well as to manage the necessary communications related to them;
- fulfil the obligations that law, a regulation, the Community legislation or an order from the Authority provides for;
- exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defence during judicial proceedings, the safeguard of credit positions; ordinary internal operations, management and accounting needs).
Failure to provide the above-mentioned data, it will not be possible to establish any relationship with the Data Controller. Pursuant to article 6, paragraphs b, c, f, the above-mentioned purposes represent a suitable legal basis of lawful processing. Should processing be made for different purposes, the Data Subjects shall be required to provide a specific consent.
3.3 Methods of processing
The processing of personal data is carried out by means of the operations set out in article 4, paragraph 2 of GDPR and more precisely: collection, recording, organization, storage, consultation, adaptation, alteration, selection, retrieval, alignment, use, combination, restriction, communication, erasure and destruction of data. The processing of personal data shall be carried out by means of paper and electronic and/or automated methods. The Data Controller shall process personal data for the time required to fulfil the purposes for which it was collected and the related law obligations.
3.4 Scope of processing
Data shall be processed by internal subjects properly authorized and trained pursuant to article 29 of GDPR. It is also possible to request the scope of communication of personal data, obtaining precise directions on possible external subjects working as autonomous Data Processors or Data Controllers (advisors, technicians, bank institutes, carriers, etc.).
UPDATE OF POLICY
Please note that this notice can be subject to regular review, also in relation with the reference regulations and law. In case of significant amendments, they will be posted, for a reasonable period of time, on the homepage of the website. In any case, we invite the Data Subject to occasionally read this policy.