Types of data collected

In compliance with current regulations, the Data Controller keeps a list of the information collected. Full details of each type of data collected are provided in the appropriate sections in this privacy policy or in specific informative notices displayed before data are collected. Personal Data may be freely supplied by the User or, in the case of Usage Data, collected automatically while this Application is being used. Unless otherwise specified, the supply of all the Data requested by this Application is mandatory. If the User refuses to furnish the data, it may be impossible for this Application to provide the Service. Whenever the supply of Data is indicated in this Application as optional, Users are free to choose not to provide such Data, without affecting the availability of the Service or its operation in any way whatsoever. Any Users having doubts as to which data are mandatory, are advised to contact the Data Controller. Unless otherwise explicitly specified, Cookies – or other tracking tools – may be utilised by this Application or the owners of third-party services used by the Application, in order to supply the Service requested by the User, and for other purposes described in this document and in the Cookie Policy, if available. The User will be held responsible for the Personal Data of third parties obtained, published or shared via this Application and declares that he or she has the right to disclose or disseminate them, thereby relieving the Data Controller of any liability towards third parties.

How and where collected data are processed

Data Processing Methods

The Data Controller takes appropriate security measures to prevent unauthorised access, disclosure, alteration or destruction of the Personal Data. Processing is carried out using IT and/or electronic communication tools, with organisational procedures and logics strictly linked to the stated purposes. As well as the Data Controller, in some cases other subjects involved in management of this Application may have access to the Data (administrative, sales, marketing and legal personnel, system administrators etc.), as well as certain external parties (such as third-party providers of technical services, delivery couriers, hosting providers, IT companies, communications agencies), who are nominated as Data Processors by the Data Controller. An up-to-date list of Data Processors can be requested from the Data Controller at any time.

Legal basis of processing

The Data Controller processes Personal Data relating to the User in the following circumstances:

  • the User has given his or her consent to one or more specific purposes; N.B.: under certain legal systems, the Data Controller may be authorised to process Personal Data without obtaining the User’s consent (“legitimate interest of Data Controller”) or another of the legal bases described below, until the User objects (“opt-out”) to the processing. This does not however apply when the processing of the Personal Data is regulated by European data protection legislation;
  • processing is necessary for the performance of a contract with the User and/or to take steps prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

The Data Controller can always be requested to provide clarification regarding the actual legal basis of each processing operation and, in particular, to specify whether the processing is based on the law, envisaged in a contract or necessary in order to enter into a contract.

Place

Data are processed at the Data Controller's operating premises and any other place where the parties involved in the processing are located. For further information, contact the Data Controller.
The User’s Personal Data may be transferred to a state other than that in which the User is located. For further information regarding where data are processed, the User can consult the section providing details of the processing of Personal Data. The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organisation operating under international public law or made up of two or more countries, such as the UN, and regarding the security measures taken by the Data Controller to safeguard the Data. The User may verify whether one of the transfers described above has actually taken place, by examining the section of this document giving details of the processing of Personal Data or asking for information from the Data Controller, using the contact details given above. 

Data storage period

Data are processed and stored for the period of time necessary to achieve the purposes for which they were collected. Therefore:

  • Personal Data collected for purposes connected with the performance of an agreement between the Data Controller and the User will be processed until the agreement in question has been fully performed.
  • Personal Data collected for purposes connected with the legitimate interest of the Data Controller will be retained until the interest in question is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

If the processing of data is based on the User’s consent, the Data Controller may retain the Personal Data for a longer period until consent is withdrawn. Furthermore, the Data Controller may also be obliged to store Personal Data for a longer period of time in order to perform a legal obligation or comply with an order made by an authority.
The Personal Data will be erased at the end of the storage period. Therefore, once this period has expired, the right of access, to erasure, rectification and the right to data portability may no longer be exercised. 

The user's right

Users may exercise specific rights connected with Data processed by the Data Controller.
More specifically, Users have the right to: 

  • Withdraw consent at any time. The User may withdraw consent to the processing of his or her Personal Data previously given.
  • Object to the processing of his or her Data. The User may object to the processing of his or her Data whenever the legal basis for such processing is not his or her consent. Further details of the right to object are set out in the relevant section below.
  • Have access to his or her Data. The User is entitled to obtain information on the Data being processed by the Data Controller, on specific aspects of the processing and to receive a copy of the Data being processed.
  • Verify and request rectification. The User may verify whether his or her Data are accurate and request that they be brought up-to-date or corrected.
  • Obtain the restriction of processing. Under specific conditions, the User may request that the processing of his or her Data be restricted. In these circumstances, the Data Controller will not process the Data for any other purpose apart from storing them.
  • Obtain the erasure or removal of his or her Personal Data. Under specific conditions, the User may request that his or her Data be erased by the Data Controller.
  • Obtain his or her data or have them transferred to another data controller. The User is entitled to obtain his or her Data in a commonly used, machine-readable format, and, when technically feasible, to have them transferred, without any restriction, to another data controller. This provision applies when Data are processed with the aid of automated tools and the processing is based on the User’s consent, is necessary for the performance of a contract to which the User is party or in order to take steps connected with it.
  • Right to lodge a complaint. The User may lodge a complaint with the competent data protection supervisory authority or bring an action before the courts.

Details of the right to object

When Personal Data are processed in the public interest, in the exercise of official authority vested in the Data controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing on grounds connected with their particular circumstances.
It is pointed out that Users whose data were processed for direct marketing purposes may object to processing without justification. To ascertain whether the Data Controller is processing data for direct marketing purposes, Users can consult the relevant sections in this document. 

How to exercise rights

To exercise their rights, Users may make a request for contact with the Data Controller, namely Carmine Di Domenico, at the following email address dataprivacy@groupcopernicus.com. Requests are made free of charge and will be dealt with by the Data Controller as soon as possible, in any event within no more than a month.

Further information on processing

Legal Defence

The User's Personal Data may be used by the Data Controller in legal proceedings or during the preliminary stages of an action to be brought to defend its rights against the improper use of this Application or of the Services connected to it by the User.

Specific Notifications

At the User’s request, in addition to the information contained in this Privacy Policy, this Application may provide the User with additional, context-based information on specific Services, or the collection and processing of Personal Data.

System and Maintenance Logs

 For operational and maintenance requirements, this Application, and any third-party services used by it, may collect system Logs, in other words, files which record any interactions which may also include Personal data, such as the User's IP address.

Information not contained in this Policy

Further information on the processing of Personal Data may be requested at any time from the Data Controller using the contact information provided.

Reply to queries regarding “Do Not Track”

This Application does not support “Do Not Track” requests. To find out if they are supported by any third-party services used, the User should consult the corresponding privacy policies.

Changes to this Privacy Policy

The Data Controller reserves the right to make modifications to this Privacy Policy at any time, notifying Users of such changes on this web page and, if possible, on this Application, and also whenever technically and legally feasible, to send Users notification using one of the contact details in the Data Controller’s possession. Therefore, you are advised to check this page regularly, and to take the last revision date shown at the bottom of the page as reference.
If the changes relate to processing for which the legal basis is consent, the Data Controller will ask for the User’s consent again, if necessary.