- Location of data processing
- Methods of data processing
- Categories of personal data processed
- Use of the Website and purposes of the processing
- Legal basis for data processing
- Categories of Recipients of personal data
- Transfer of personal data
- Retention period
- Data subject rights
This is an information notice provided to all visitors to the website (“Website”) in accordance with art. 13 of the EU Data Protection Regulation No. 679/2016 (GDPR) and all other applicable laws.
1. Controller and contact details
Following access to and consultation of the Website, data relating to identified or identifiable persons may be processed.
The Controller for the data in question is Inventia S.r.l. (“Inventia”), with registered office at Via Valtorta, 48 20127 Milano, Italy.
Users can contact the Controller at the above postal address or via the following telephone number or e-mail address: • email@example.com
2. Location of data processing
The processing of data collected with reference to those who access the Website is mainly carried out at the Inventia S.r.l. head office, and in any case in accordance with the provisions of the GDPR and all other applicable laws.
Personal data is processed only by specially trained employees or contractors with appropriate technical skills, and who are appointed and authorized to perform the processing, or by subjects appointed as processors.
3. Methods of data processing
The data will be processed lawfully and correctly, guaranteeing security and confidentiality, according to the provisions of the GDPR and all other applicable laws. Personal data will be processed using electronic and in any case automated equipment.
4. Categories of personal data processedWith reference to browsing data, the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected in association with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the server request, and other parameters related to the user’s operating system and computing environment.
The optional and voluntary sending of e-mails to the addresses indicated on the Website or by filling out the appropriate contact form involves the acquisition of the user’s personal data, as indicated therein, which is necessary to respond to user requests.
In addition, specific social media buttons/widgets are present on the Website in the form of social network icons (e.g. LinkedIn, etc.) and icons for other web services (e.g. YouTube, etc.). These buttons allow users browsing the Website to access the specific social media sites in one click. In such cases, the social networks and web services acquire data regarding the user, while the Controller will not share any browsing information or user data acquired through its website with the social networks and web services that can be accessed through the social media buttons/widgets. These services create “third-party cookies”. Below are links to the privacy policies of the most commonly used social networks and of the websites that the buttons link to:
- LinkedIn Button (LinkedIn Corporation)
The LinkedIn social media buttons and widgets provide interaction with the LinkedIn social network, provided by LinkedIn Corporation.
Personal data collected: Cookies and Usage Data.
- YouTube Cookies
YouTube is a service managed by Google Inc. for displaying video content, enabling this Application to supplement the content on its pages https://policies.google.com/privacy https://policies.google.com/privacy
5. Use of the Website and purposes of the processing
User data may be processed for:
- the performance of the operations strictly necessary to provide the services or to respond to any requests made by the user through the appropriate contact form on the home page of the Website;
- statistical processing of aggregated data in relation to the Website services.
6. Legal basis for data processing
Your personal data will be processed on the basis of one or more of the following legitimacy conditions. In particular, processing carried out for the purposes referred to in:
letters a. and b. above, have as their legal basis the need to fulfill the requests for the provision of a service or to respond to a user request. This processing is strictly necessary and connected to a pre-contractual stage at the request of the data subject and/or a contractual phase or designed to respond to a specific request according to art. 6 (1) (b) of the GDPR. In this regard, the personal information collected from time to time through the Website is necessary. If the user decides not to provide the information, it will not be possible to provide the service or proceed with the requests;
7. Categories of Recipients of personal data
- Hosting and back-end infrastructure
This type of service has the function of hosting data and files that enable the Website to function and perform data processing in order to enable the Website to be used by users.
- Site Administration (administration, sales and legal personnel, and system administrators).
The services contained in this section allow the Controller to monitor and analyze the traffic data for the Website. The Controller uses this service in order to perform aggregated analysis of its users in anonymous form and, thus, improve Website performance. All statistical services are used by the Controller through an integration that anonymizes the IP address of the user, including:
Google Analytics with IP anonymization, which is a free statistical service provided by Google Inc.
Personal data collected: Cookies and Usage Data.
The user can ask the Controller for an up-to-date list of Processors at any time.
8. Transfer of personal data
Generally, the data of Website users will not be transferred outside the European Union. However, it is possible that such a transfer may occur based on the individual service provided by Inventia or following the implementation of functionalities on the site (e.g. social media buttons, link to third-party sites). For each service requested by the Inventia customer, a special information notice will be provided with the details of the countries (if any) to which the data will be transferred, and the user is also given the opportunity to check the information notices of third-party controllers. In any case, in relation to services provided by Inventia, should personal data be transferred outside the European Union, the transfer will be carried out in accordance with the provisions of the GDPR and all other applicable laws, with suitable guarantees concerning personal data protection.
9. Retention period
For each service or initiative requested by the Inventia customer, a special information notice will be provided (where applicable) with details of the data retention period or the criteria used to determine this period.
Inventia shall process and retain the browsing data for the time required by the purposes for which the data was collected. Therefore:
- any data collected for purposes essential to the execution of a contract between the Controller and the user will be retained until the execution of the contract/request is complete and for the duration of the processing.
- in addition, the Controller may be obliged to retain the personal information for a longer period in compliance with a legal obligation or to retain it based on its legitimate interests for the management of any ongoing litigation or pre-litigation.
As for browsing data, the Controller will delete this information 12 months after the last online interaction that occurred in relation to the Controller’s communications or the content published on the Website for which the Controller has direct evidence of this interaction (e.g. clicks, opening, response).
11. Data subject rights
We hereby inform you that, pursuant to articles 15-22 of the GDPR, the user can exercise the following rights: the right to access his or her personal data in accordance with art. 15 of the GDPR, ask for the amendment or deletion of the data, or restriction of its processing. The data subject also has the right to oppose the processing as well as the right to portability in the cases set out in articles 20 and 21 of the GDPR. In addition, the user can withdraw his or her consent at any time, it being understood that the withdrawal of consent does not affect the lawfulness of the processing carried out up to the point of withdrawal.
In such cases, you can exercise your rights by contacting the Controller using the following contact details: • firstname.lastname@example.org
The data subject can also submit a complaint to the Italian Data Protection Authority, following the instructions through the link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
Data Protection OfficerFor any questions regarding the processing of your personal data, you can contact the Data Protection Officer by writing to:
e-mail: email@example.com; certified e-mail: firstname.lastname@example.org
English Translation: 27 Nov 2020
Original Italian Version: 14 September 2020