Information provided pursuant to articles 13-14 of the GDPR 2016/679 (General Data Protection Regulation)
1. Personal Data collected by the Application
The Data Controller collects the following types of Personal Data:
A. Data and content automatically acquired while using the Application:
Technical data: the computer systems and software procedures used to operate this Application may acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified Users, but which by their very nature could, through processing and association with Data held by third parties, allow Users to be identified. This category includes the IP addresses or domain names used by Users who connect to the Application, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained, etc.
B. Personal data collected through cookies or similar technologies:
The Personal Data collected can be used for the execution of contractual and pre-contractual obligations and for legal obligations as well as for the following purposes:
Archiving, hosting and backend infrastructure management: to manage the technical infrastructure for archiving Users’ data. Personal Data is communicated to SiteGround Spain SL, https://it.siteground.com/terms.htm
Statistics with anonymous data only: to carry out statistical analyzes based on aggregated data or data that do not allow the User to be identified. Personal Data is communicated to Google LLC, https://policies.google.com/privacy ;
Monitoring, analysis and tracking of User behavior: to monitor and analyze how the User behaves on the Application. Personal Data is communicated to Google LLC https://policies.google.com/privacy ;
Targeting advertising and remarketing: to show advertisements more relevant to you based on your browsing behavior and preferences. Personal Data is communicated to Google LLC https://policies.google.com/privacy ;
3. Processing methods
The processing of Personal Data is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In some cases, subjects involved in the organization of the Data Controller may also have access to Personal Data (such as, for example, personnel management, sales area employees, system administrators, etc.) or external subjects (such as IT companies, suppliers of services, postal carriers, hosting providers, etc.). When necessary, these subjects may be appointed as Data Processors by the Data Controller, as well as access the Users’ Personal Data whenever necessary and will be contractually obliged to keep the Personal Data confidential.
4. Legal basis of the treatment
The processing of Personal Data relating to the User is based on the following legal bases:
- the consent given by the User for one or more specific purposes;
- the processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures
- the processing is necessary to fulfill a legal obligation to which the Data Controller is subject
- the treatment is necessary for the execution of a task of public interest or for the exercise of public powers vested in the Data Controller
- the processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties
- the processing is necessary for the pursuit of a vital interest of the Data Controller or of third parties.
Personal Data is processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located.
6. Security Measures
The Processing is carried out according to methods and with tools suitable for guaranteeing the security and confidentiality of Personal Data, since the Data Controller has adopted adequate technical and organizational measures which guarantee, and allow to demonstrate, that the Processing is carried out in compliance with the reference legislation.
7. Data retention period
Personal Data will be kept for the period of time necessary to fulfill the purposes for which they were collected. In particular, Personal Data will be kept for the entire duration of the contractual relationship, for the execution of the obligations inherent and consequent to the same, for compliance with the applicable legal and regulatory obligations, as well as for own or third party defensive purposes. If the processing of Personal Data is based on the User’s consent, the Data Controller may keep the Personal Data until the consent is revoked. Personal Data may be kept for a longer period if necessary to fulfill a legal obligation or by order of an authority. All Personal Data will be deleted or kept in a form that does not allow identification of the User within 30 days after the end of the retention period. Upon expiry of this term, the right of access, cancellation, rectification and the right to the portability of Personal Data can no longer be exercised.
8. Automated decision making
All Personal Data collected will not be subject to any automated decision-making process, including profiling, which may produce legal effects for the person or which may significantly affect him.
9. Your Rights
Users can exercise certain rights with reference to the Personal Data processed by the Owner. In particular, the User has the right to:
- withdraw consent at any time;
- object to the processing of your Personal Data;
- access your Personal Data;
- verify and request rectification;
- obtain the limitation of the treatment;
- obtain the cancellation of their Personal Data;
- receive their Personal Data or have them transferred to another holder;
- lodge a complaint with the Personal Data Protection Supervisory Authority and/or take legal action.
To exercise their rights, Users can direct a request to the contact details of the Owner indicated in this document. Requests are made free of charge and processed by the Data Controller as soon as possible, in any case within 30 days.