Types of data collected
How and where collected data are processed
Data Processing Methods
The Data Controller takes appropriate security measures to prevent unauthorised access, disclosure, alteration or destruction of the Personal Data. Processing is carried out using IT and/or electronic communication tools, with organisational procedures and logics strictly linked to the stated purposes. As well as the Data Controller, in some cases other subjects involved in management of this Application may have access to the Data (administrative, sales, marketing and legal personnel, system administrators etc.), as well as certain external parties (such as third-party providers of technical services, delivery couriers, hosting providers, IT companies, communications agencies), who are nominated as Data Processors by the Data Controller. An up-to-date list of Data Processors can be requested from the Data Controller at any time.
Legal basis of processing
The Data Controller processes Personal Data relating to the User in the following circumstances:
the User has given his or her consent to one or more specific purposes; N.B.: under certain legal systems, the Data Controller may be authorised to process Personal Data without obtaining the User’s consent (“legitimate interest of Data Controller”) or another of the legal bases described below, until the User objects (“opt-out”) to the processing. This does not however apply when the processing of the Personal Data is regulated by European data protection legislation;
processing is necessary for the performance of a contract with the User and/or to take steps prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
The Data Controller can always be requested to provide clarification regarding the actual legal basis of each processing operation and, in particular, to specify whether the processing is based on the law, envisaged in a contract or necessary in order to enter into a contract.
Data are processed at the Data Controller's operating premises and any other place where the parties involved in the processing are located. For further information, contact the Data Controller. The User’s Personal Data may be transferred to a state other than that in which the User is located. For further information regarding where data are processed, the User can consult the section providing details of the processing of Personal Data. The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organisation operating under international public law or made up of two or more countries, such as the UN, and regarding the security measures taken by the Data Controller to safeguard the Data. The User may verify whether one of the transfers described above has actually taken place, by examining the section of this document giving details of the processing of Personal Data or asking for information from the Data Controller, using the contact details given above.
Data storage period
Data are processed and stored for the period of time necessary to achieve the purposes for which they were collected. Therefore:
Personal Data collected for purposes connected with the performance of an agreement between the Data Controller and the User will be processed until the agreement in question has been fully performed.
Personal Data collected for purposes connected with the legitimate interest of the Data Controller will be retained until the interest in question is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
If the processing of data is based on the User’s consent, the Data Controller may retain the Personal Data for a longer period until consent is withdrawn. Furthermore, the Data Controller may also be obliged to store Personal Data for a longer period of time in order to perform a legal obligation or comply with an order made by an authority. The Personal Data will be erased at the end of the storage period. Therefore, once this period has expired, the right of access, to erasure, rectification and the right to data portability may no longer be exercised.
The user's right
Users may exercise specific rights connected with Data processed by the Data Controller. More specifically, Users have the right to:
Withdraw consent at any time. The User may withdraw consent to the processing of his or her Personal Data previously given.
Object to the processing of his or her Data. The User may object to the processing of his or her Data whenever the legal basis for such processing is not his or her consent. Further details of the right to object are set out in the relevant section below.
Have access to his or her Data. The User is entitled to obtain information on the Data being processed by the Data Controller, on specific aspects of the processing and to receive a copy of the Data being processed.
Verify and request rectification. The User may verify whether his or her Data are accurate and request that they be brought up-to-date or corrected.
Obtain the restriction of processing. Under specific conditions, the User may request that the processing of his or her Data be restricted. In these circumstances, the Data Controller will not process the Data for any other purpose apart from storing them.
Obtain the erasure or removal of his or her Personal Data. Under specific conditions, the User may request that his or her Data be erased by the Data Controller.
Obtain his or her data or have them transferred to another data controller. The User is entitled to obtain his or her Data in a commonly used, machine-readable format, and, when technically feasible, to have them transferred, without any restriction, to another data controller. This provision applies when Data are processed with the aid of automated tools and the processing is based on the User’s consent, is necessary for the performance of a contract to which the User is party or in order to take steps connected with it.
Right to lodge a complaint. The User may lodge a complaint with the competent data protection supervisory authority or bring an action before the courts.
Details of the right to object
When Personal Data are processed in the public interest, in the exercise of official authority vested in the Data controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing on grounds connected with their particular circumstances. It is pointed out that Users whose data were processed for direct marketing purposes may object to processing without justification. To ascertain whether the Data Controller is processing data for direct marketing purposes, Users can consult the relevant sections in this document.
How to exercise rights
To exercise their rights, Users may make a request for contact with the Data Controller, namely Carmine Di Domenico, at the following email address firstname.lastname@example.org. Requests are made free of charge and will be dealt with by the Data Controller as soon as possible, in any event within no more than a month.
Further information on processing
The User's Personal Data may be used by the Data Controller in legal proceedings or during the preliminary stages of an action to be brought to defend its rights against the improper use of this Application or of the Services connected to it by the User.
System and Maintenance Logs
For operational and maintenance requirements, this Application, and any third-party services used by it, may collect system Logs, in other words, files which record any interactions which may also include Personal data, such as the User's IP address.
Information not contained in this Policy
Further information on the processing of Personal Data may be requested at any time from the Data Controller using the contact information provided.
Reply to queries regarding “Do Not Track”
This Application does not support “Do Not Track” requests. To find out if they are supported by any third-party services used, the User should consult the corresponding privacy policies.