In compliance with the obligations deriving from national legislation (Legislative Decree 30 June 2003 no. 196, Code on the protection of personal data, as updated by Legislative Decree 101/2018) and EU legislation (European Regulation 2016/679, GDPR) and subsequent amendments, this website respects and protects the privacy of visitors and users, ensuring every effort possible and proportionate to not infringe the rights of users.
This site collects and processes Personal Data, as defined by the GDPR, independently or through third parties, or provided voluntarily by the user, including:
The above information is processed in an automated manner and collected in an exclusively aggregated form and pseudonymised in order to verify the correct functioning of the website and for security reasons; said information will be processed according to the legitimate interests of the data controller.
For security purposes (spam filters, firewalls, virus detection), the data automatically recorded may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the website or to cause damage to other users, or in any case harmful activities or constituting a crime. Said data is never used for the identification or profiling of the user, but only for the purposes of protection of the website and its users; said information will be processed according to the legitimate interests of the data controller.
The User undertakes the responsibility of third-party Personal Data obtained, published or shared via this Application and guarantees it has the right to disclose and disseminate it, releasing the Data Controller from any liability against third parties.
The Data Controller shall adopt the necessary security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. Processing shall be by means of computer and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other internal subjects involved, or external subjects (such as third-party technical service providers, hosting providers, IT companies, communication agencies) appointed as Data Processors by the Data Controller may have access to the Data.
PLACE OF PROCESSING
The data collected by the site is processed by the Data Controller and handled only by technical personnel authorised for processing or appointed as external Data Processor in accordance with article 28 Reg. EU 2016/679. The server hosting the site is located in Italy.
This site may share some of the data collected with services located outside the European Union area, always in compliance with the rights and guarantees provided by current legislation, pursuant to articles 44 et seq. of Reg. EU 2016/679.
The Data is processed and stored for the time required by the purposes for which it was collected.
Personal Data collected for purposes related to the execution of the service requested by the User will be retained until the execution of this service is completed. As regards any Personal Data collected for purposes based on the User’s consent, the Data Controller may retain the Personal Data for longer until said consent is revoked.
Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal
obligation or by order of an authority. At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this term, the right of access, cancellation, rectification and the right to data portability may no longer be exercised.
PURPOSES OF THE PROCESSING OF DATA COLLECTED
User data is collected for the following purposes:
This website processes the data of users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Processing shall be by means of computer and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessed by categories of personnel involved in the organisation of the website or external parties (such as third-party technical service providers, hosting providers, IT companies, communications agencies).
With regard to the personal data, the data subject may exercise the rights provided for in articles 15 et seq. GDPR and precisely:
Right of access (article 15) – consists in obtaining confirmation from the Data Controller that related personal data is being processed and, in this case, obtaining access to the same data and certain information (explained in the cited article) regarding the data in question. Right of rectification (article 16) – consists in giving the data subject the possibility to modify related data if it is inaccurate. Right of cancellation (article 17) – possibility for the data subject to cancel related data held by the data controller when, for example, the consent to the processing is revoked or the pursued purpose is achieved or when it is illegal. Obviously, it will not always be possible to fulfill the cancellation request. This occurs for example when the data is used to fulfill a legal obligation or is necessary for the defence of a right in court. Right to object (article 21) – the possibility of objecting to the processing must be guaranteed when the legal basis is the legitimate interest or the execution of a task of public interest. This right also has its limits as there may be cases in which the legitimate interest of the data controller prevails over that of the data subject, it will be essential to ensure the right balance, or the processing is necessary for a task in the public interest or the establishment, defence or exercise of a right before a judge. Right to portability (article 20) – provides that, if processing is based on the contract or on consent, in the event of a request, personal data will be provided to the data subject in a structured format that can be read by an automatic device (json, xml, csv); this right only applies to data provided voluntarily and not to inferred or derived data.
Right of revocation (article 7) – in the event of signing any form of consent to the processing requested by the Data Controller, it is noted that the data subject may revoke it at any time, without prejudice to the mandatory obligations established by current legislation at the time of the revocation request, by contacting the Data Controller at the addresses indicated, at the above address, or by e-mail, specifying the subject of your request, the right you intend to exercise and including a photocopy of an identity document certifying the legitimacy of the request.
Parties concerned shall have the right to file a complaint with the competent Supervisory Authority in the Member State where they normally reside or work or in the State where the alleged violation has occurred.
All the aforementioned rights may be exercised by sending a specific request to the Data Controller by means of the contact channels indicated in this policy.
The Data Controller is DTI S.R.L. with registered office in Via Palladio, 11 – 33010 Tavagnacco (UD), which you can contact by writing to the following e-mail address: firstname.lastname@example.org, or by calling 0432.855071.