Privacy Policy

  

General conditions of use of the site

Premises

  • These general conditions govern the use of the cdvaluenet.com hereafter referred to as the “website”)
  • The website is owned by Carpe Diem Valuenet Srl – registered office in Via Grazzano 7, 33100, Udine, VAT number 02295610303, – CAP.SOC. € 10,000.00, reg. Imprese di Udine, REA No. 249969. Pec: carpediemvaluenet@pec.it (hereafter also referred to as “CDV” or “Company”)
  • Users browsing the website must comply with these conditions
  • Accessing to the website and/or any request for information sent through the addresses indicated does not constitute, by the user, any obligation to subsequently use the services and goods offered and, likewise, it is no obligation for the Company.
  • For any clarification, you can send an email to the email address info@cdvaluenet.com or call the number +39 0432 283656

User obligations

  • Internet access, necessary to use the site, and all related charges and costs, including connection costs, are the responsibility of the user, who is required to independently procure any necessary hardware or software support
  • The user is solely responsible for the operation and maintenance of his equipment and for the adoption of all necessary measures to ensure his online safety
  • The User must use the website in compliance with these General Conditions
  • It is the User’s responsibility to read these conditions and check the changes in case they are made
  • The User assumes the obligation not to use the website and related services for illegal purposes. or contrary to these conditions. or in ways that could damage its functionality, make it unusable, cause overload, deterioration and / or interference with the use of the website by other Users
  • If the user uses forms on the site (for example for any requests for information) he has the obligation and responsibility to provide truthful, correct, verifiable and updated personal data. The personal data provided by the user through the forms will be processed in compliance with the privacy legislation, for the purposes and in the manner described in the information specifically prepared for the individual modules and published on the site so that it is easily accessible
  • The User declares and warrants that he has acquired all the necessary authorizations regarding any third party data provided through the forms on the site or through any other channel
  • Any behavior which, even for mere attempts, may result in unauthorized access to the site is prohibited

Responsability

  • The user uses the site “as is”, that is, as it is offered and as it is available when connecting and viewing its content
  • CDV is not responsible, neither towards the User, nor towards subjects directly or indirectly connected to the User himself, for damages, claims or losses deriving from inefficiencies or suspensions of the site that depend on the User himself, by third parties or caused by force majeure or fortuitous event
  • The Company reserves the right at any time, without any form of notice, without any obligation to indemnify and at its sole discretion, to close the site and / or make any changes and / or additions to its content that it deems appropriate
  • The User uses the website and the services that are permitted to him, substantially and procedurally holding the Company harmless against any party for legal / civil or administrative disputes, costs, expenses and damages of any kind caused by the use or inability to use the site
  • The existence of a hyperlink (link) pointing to the website from another third party website, or pointing from the website to another third party website, does not imply the approval or acceptance of responsibility by the Company regarding the content or use of the sites thus linked

Intellectual and industrial property

  • The website and its contents are the property of the Company and / or its successors or assignors and / or third parties where indicated, and are protected by current legislation on the protection of intellectual and industrial property rights
  • Unless otherwise and specifically provided, all the materials available on the site (such as by way of example and not limited to: logos, trademarks and other distinctive signs, photographs …) can be used for informational and / or personal purposes only; any other different use must take place with the express authorization of the Company or, if different from this, of the owner of the rights exercisable for any reason on them; it is expressly forbidden to carry out any commercial use or distribution unless expressly authorized
  • The reproduction of the graphics and structure of the website is prohibited. The constituent elements of the site cannot be copied or imitated
  • No rights are granted to the User on the software related to the site, including updates, and on the related source codes. It is expressly forbidden for the User to carry out the activities referred to in art. 64-bis L. 633/41, such as, by way of example but not limited to: the extraction, reproduction, translation, adaptation, distribution to the public in any form implemented or the transfer of the Software to third parties for any reason carried out, whether onerous or free. Without express authorization, the User is prohibited from carrying out interventions on the Software, even for the correction of any flaws and / or defects, as well as duplication, decompilation, disassembly, transformation, modification of the software
  • It is permitted to use direct links to the home page and internal pages of this site without specific prior written authorization from CDV, as long as the site of the user in which the link is created is not offensive, pornographic, or is not related to sexuality or to the commodification of sex, to incitement to racial hatred, to discrimination of any kind, to the reference to totalitarian ideologies, to the commission of any type of crime and to any other activity contrary to our system
  • All rights not expressly granted are reserved

Privacy

All the User’s personal data are processed in compliance with current legislation on privacy. For all the necessary information, please refer to the Information for the processing of Personal Data and the Cookies Information – accessible via links in the footer of the page – and to the information relating to specific services that involve the collection of personal data – published in the relevant sections of the site.

Applicable law and jurisdiction

  • These General Conditions have been prepared and are governed by Italian law
  • Any disputes connected to the use of the Site are reserved to the Italian jurisdiction and are the exclusive territorial jurisdiction of the Court of Udine, without prejudice to the consumer’s forum in the case applicable by law.

Final amendments and clauses

  • The Company reserves the right to make changes to the website and to these General Conditions of Use at any time. The user must always refer, as the current version, to the text of the Conditions published on the website at the time of consultation
  • If one of the clauses of these conditions should be declared null or ineffective by the competent authority, the conditions will continue to have full effect for the part not affected by said clause, unless it constituted an essential and decisive reason for the conclusion of the relationships
  • The circumstance that one of the parties does not at any time assert the rights recognized by one or more clauses of these conditions cannot be understood as a waiver of these rights nor will it prevent them from subsequently claiming compliance with any and all contractual clauses

This document is updated as of March 31, 2021

  

User' privacy policy

Users’ privacy policy

In compliance with the current Regulation (Article 13 of the General Regulation concerning the protection of personal data, hereinafter “GDPR”), Carpe Diem Valuenet S.r.l., in the person of its legal pro tempore representative, (hereinafter also referred to as “Owner” or “Company”) provides users browsing the website web www.cdvaluenet.com (hereinafter “website”) the information as to processing of their data.

Data-processing controller and contacts

The data-processing controller is Carpe Diem Valuenet S.r.l., registered office in Via Grazzano n. 7 – 33100 Udine P. IVA 02295610303. The company can be contacted via the email address: privacy@cdvaluenet.com

What are the processed data?

The processed data are browsing data and data provided spontaneously by the user.

Data provided spontaneously by the user

This category encompasses all the personal data given spontaneously by the user (e.g. when asking for information by writing to the email address on the website). If the user decides to contact the controller via the Form available on the website, he/she can obtain full information on the data processing via the specific Privacy Policy pages.

Browsing data and information acquired via cookies and similar tools

IT systems and software procedures adopted to ensure the running of this website acquire, during their normal exercise, certain personal data, the transmission of which is implicit in the use of Internet communication protocols.

This information is not gathered so as to be associated with identified subjects. Nevertheless, by their nature they might, through elaboration and association with data by third parties, allow the identification of users.

In this data category we may mention: IP addresses or the domain names of the computers adopted by users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the file dimension obtained as a response, the numeric code indicating the server data response status (success, error, etc.) and other parameters related to the operative system and IT environment of the user.

The site uses cookies and similar systems (pixel) with which to acquire information on the user’s browsing. The specifications are included on the cookie information page which can be consulted at any moment from the footer to the site.

Purposes and legal basis of the processing

Data provided spontaneously by the user: purposes and legal basis

Personal data given by the user spontaneously by contacting the controller are used only to answer their requests.

The legal basis for processing such data is therefore the execution of precontractual measures.

If necessary, the data may also be used where the Data Controller has a legitimate defensive interest or to assert or defend a right in court.

Browsing data and information acquired via cookies and similar tools: purposes and legal basis

The browsing data are acquired, in part through the use of cookies and similar tools, to enable correct browsing, to obtain statistical information on use of the website, for purposes of security and to check the correct functioning of the site. They may be used to investigate liability in the case of cybercrimes to the detriment of the website.

The legal basis of the processing of these data is legitimate interest and, where requested by the Authorities, legal obligations.

For the specifications of the cookies used by the site, see the cookie information page that may be consulted from the footer to the site.

Data management

Gathered data are processed with IT tools and, only on a residual basis, on paper. Adequate security measures have been adopted in order to prevent the loss of data, illegal or incorrect use and non-authorized access.

International transfer

The hosting used for the site does not involve transfer of data to countries outside the EU.

With regard to the use of services involving the introduction of cookies, see the cookie information page.

Conservation period

The browsing data are conserved for the time required for the purposes intended.

Data directly provided by the data subjects are stored for the strictly limited period of time necessary to respond to the data subjects’ requests and then are subsequently cancelled, without prejudice to defensive needs (which may require further conservation).

Regarding data acquired via Google Analytics and other services using cookies and similar tools, please visit the Cookie policy.

Nature of data provision

With the exception of the browsing data necessary to set in motion the IT and telematics protocols, the provision of data by users, via the various means made available, is free and optional. Nevertheless, failure to provide the said data will make it impossible to proceed with the requests sent or which the user intends to send.

Who is entitled to know the data?

The data will be processed by staff authorized for the purpose by the Data Controller.

Data shall be made known to the empowered Authorities in case of specific requests which the controller has the legal obligation to answer. Data shall be also made known to companies and advisors consulted by the controller to receive the hosting service and the assistance and maintenance services of the adopted services, as well as to advisors handling legal disputes and legal assistance on occasion of disputes requiring their involvement.

It is specified that some of the indicated subjects are responsible for the processing and that communications to those acting as independent controllers are performed in compliance with legal obligations or as necessary to fulfil the obligations deriving from the contract or in the controller’s legitimate interest to maintain the security of the IT systems and perform defence activities via legal advisors.

The data subject may request from the controller the list of external subjects who perform activities as data processing controllers.

Such communication is however limited to data categories for which the transmission is necessary to perform the activities and purposes pursued.

The rights of data subjects

The Law acknowledges the right to ask the data controller for access to personal data, their rectification or cancellation, or the limitation to their processing or to oppose to their processing, in addition to the right to data portability.

The data subject may, at any time, assert his/her rights, with no formalities, by writing to the controller

at the addresses indicated in this information page. The Data Controller will respond within 30 days of receiving the request, as envisaged under current laws.

Here follow the rights acknowledged by current legislation regarding the protection of personal data.

  • Right of access: i.e. the right to obtain confirmation from the data controller whether or his/her personal data are being processed. If yes, he/she shall have access to those personal data as well as the following information: a) processing purposes; b) categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; (d) the retention period of personal data or, if this is not possible, the criteria used to determine such period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data or to be against their treatment; f) the right to file a complaint with a supervisory authority; g) all information regarding the origin of the data, if these are not collected from the interested party, h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the used logic as well as the importance and expected consequences for the interested party for the processing. Whenever personal data are transferred to a third country or an international organization, the interested party has the right to be informed of the existence of adequate guarantees relating to the transfer.
  • Right of rectification: i.e. the right to ask the data controller to rectify incomplete or incorrect personal data without unnecessary delay. Considering the purposes of the processing, the interested party has the right ask his/her personal data to be integrated, also by providing an additional declaration.
  • Right to cancellation: the right to ask the data controller to delete one’s personal data without unnecessary delay, if: a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the processing of his/her data is based on, and if there is no other legal basis for the processing; c) the interested party is against the processing because it is needed for the execution of a task of public interest or connected to the exercise of public authority for which the holder is appointed, or for the pursuit of legitimate interest and there is no legitimate reason to proceed the processing, or he/she is against processing for direct marketing purposes; d) personal data have been processed unlawfully; e) personal data must be deleted to fulfil a legal obligation under the EU or Member State law to which the data controller is subject to; f) personal data have been collected in relation to an offer by information society services of minors. However, the request for cancellation cannot be accepted if the processing is necessary: a) for the exercise of the right to freedom of expression and information; b) for the fulfilment of a legal obligation requiring processing under the EU or a Member State law to which the data controller is subject to or for the performance of a task carried out in the public interest or in the exercise of official authority; c) for reasons of public interest in the public health sector; d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, insofar as the cancellation risks make it impossible or seriously prejudice the achievement of the objectives of such treatment; or e) for the assessment, exercise or defence of a right in court.
  • Right of limitation, e. the right to be guaranteed that data are processed, except for retention, only with the consent of the interested party or for the assessment, exercise or defence of a right in court or to protect the rights of another personal or legal person, or for reasons of significant public interest of the EU or a Member State, if: a) the interested party questions the accuracy of personal data for the period needed by the data controller to verify the accuracy of such personal data; b) the processing is illegal and the interested party is against the cancellation of his/her personal data and asks that they are used in a limited way instead; c) although the data controller no longer needs the data for processing purposes, the interested party needs them, in order to verify, exercise or defend a right in court; d) the interested party has opposed the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public authority the owner was appointed with, or for the pursuit of the legitimate interests of the data controller or third parties, waiting for verification of a possible prevalence of legitimate reasons of the data controller as opposed to those of the interested party.
  • Right to portability, i.e. the right to receive personal data (given to the holder) in a structured, commonly used and readable way from automatic devices, and the right to transfer such data to another holder without impediments by the holder they were given, as well as the right to obtain direct transfer of his/her personal data from one holder to another, if technically feasible, should the processing be based on consent or on a contract and the processing is done by automated means. This right does not affect the right to cancellation.
  • Right of opposition, i.e. the right of the interested party to oppose at any time, for reasons connected to his/her particular situation, the processing of personal data, since it is necessary for the performance of a task of public interest or related to the exercise of public authority for which the holder was appointed with, or for the pursuit of the legitimate interest of the data controller or third parties. If personal data are processed for direct marketing purposes, the interested party has the right to oppose the processing of personal data at any time, including profiling in so far as it is related to such direct marketing.

The data subject is informed that, in case in case he/she believes that the processing of his/her personal data is violating what stated on the GDPR, he/she has the right to lodge a complaint to the Privacy Authority as per Art. 77 of the Regulation, or to bring the issue before the appropriate judicial offices (Art. 79 of the Regulation).

Further information

Information regarding cookies and similar tools used by the site can be found on the cookie information page.

This privacy information page was updated on 31/03/2021

  

Cookies policy

Cookie policy

Browsing on the website www.cdvaluenet.com (“website” hereinafter) entails sending cookies and other similar tools to the user’s terminal.

Hence, with this document, in compliance with the current Regulation (Article 13 of the General Regulation concerning the protection of personal data, hereinafter “GDPR”, and Art.122 of the Privacy Code), Carpe Diem Valuenet S.r.l., in the person of its legal pro tempore representative, (hereinafter also referred to as “Owner” or “Company”) provides users browsing this website the information as to the adopted cookies or the cookies for which the installation is allowed.

Data-processing controller and contacts

The data-processing controller is Carpe Diem Valuenet S.r.l., registered office in Via Grazzano n. 7 – 33100 Udine P. IVA 02295610303. The company can be contacted via the email address: privacy@cdvaluenet.com

What are the so-called “cookies”?

A “cookie” is a small text file created by the user’s computer when he/she accesses a specific website, with the purpose of storing and conveying information. Cookies are sent by a web server (i.e. the computer on which the visited website is executed) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the computer of the latter. On occasion of later visits, the cookies are re-sent to the website.

During browsing, the user might receive on his/her terminal cookies from different websites as well (so called “third-party cookies”), sent directly from these websites’ managers and used for the purposes and according to the modality defined by those.

What cookies are used in this website?

The website uses technical cookies for which, according to Art. 122 of Legislative Decree 196/2003, as modified by Legislative Decree 101/2018, no consent is required on behalf of the data subjects.

More precisely, the website is using:

  • technical cookies allowing the normal browsing and fruition of the website on behalf of the user, indicated in detail below
COOKIE NAME
 swpm_sessionAt the end of the navigation session

In the absence of such cookies, the website could not work correctly.

  • Analytical cookies that enable acquisition of aggregate data on navigation. We give details of the specifications relating to the service used for this purpose.

The website also uses Google Analytics simply for statistical purposes.

This is a web analysis service provided by Google LCC (hereafter nominated “Google”), an American company that provides suitable guarantees on the transfer of data abroad, making reference to standard contractual clauses.

Google uses cookies which are stored on the user’s computer to allow statistical analyses on the use of the browsed websites. Moreover, it is underlined that besides cookies, Google also uses a pixel tag (www.google.it/intl/it/policies/privacy/key-terms/).
Data generated by Google Analytics are stored by Google, which acts, for this service, as Data Supervisor, as indicated in the Google information page viewable at the following address:  developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Storage time is set at 2 years.

As expressly indicated by the Privacy Authority in the “Clarifications regarding the implementations of norms regarding cookies” dated 5 June 2015, websites using, for mere statistical purposes, analytic cookies realized and made available by third parties, are not subject to the obligations and requirements set forth by the legislation if appropriate tools to reduce the identification power of analytic cookies are adopted (e.g. via masking considerable portions of the IP address) and provided that the use of such cookies is subordinate to contractual bonds between websites and third parties which expressly remind the third party to use them exclusively to supply a service, to store them separately and not to “enrich” them or to “cross” them with other information available to them.

The controller of this website has decided to use the anonymization feature of users’ IP provided by Google (described here: https://support.google.com/analytics/answer/2763052?hl=it) and has accepted the Amendment on data elaboration with which Google undertakes to process data according to the requests of the Customer – controller of the website – and not to share them with other additional services unless the said Customers themselves require it via the service settings. The user is informed that the controller of this website has not connected Google Analytics to any other additional service, and no advertising or data sharing option with Google has been activated.

In the light of the adopted measures, the service provided by Google Analytics and used by this website simply for statistical purposes is activated at landing, and therefore no consent from the user is required in order to release the relative cookies.

At this link https://tools.google.com/dlpage/gaoptout?hl=it  you can browse the additional browser components to disable Google Analytics.

What happens if the user denies the installation of cookies?

With the exception of technical cookies which are necessary to navigate the website, if the user disables the installation of further cookies, website browsing will still be available.

How to disable cookies

It is possible to deny consent to the use of technical cookies that are strictly necessary for browsing, choosing the modality included in this policy for some specific cookies or directly via appropriate settings on the browser.

Each browser has specific and different procedures to manage settings. The user can obtain specific instructions via the links below.

For those users who navigate via mobile devices, the system configurations to exclude cookie storage or to cancel them varies according to the brand and/or model of the device used. Hence, for this purpose please consult the instructions given by the manufacturer.

For further information on the cookies stored on your terminal and on how to disable them singularly, please visit the following link: http://www.youronlinechoices.com/it/le-tue-scelte.

The rights of data subjects

The Law acknowledges the right to ask the data controller for access to personal data, their rectification or cancellation, or the limitation to their processing or to oppose to their processing, in addition to the right to data portability.

The data subject may, at any time, assert his/her rights, with no formalities, by applying to the Data Controller at the addresses indicated in this information page. The Data Controller will respond within 30 days of receiving the request, as envisaged under current laws.

Here follow the rights acknowledged by current legislation regarding the protection of personal data.

  • Right of access: i.e. the right to obtain confirmation from the data controller whether or his/her personal data are being processed. If yes, he/she shall have access to those personal data as well as the following information: a) processing purposes; b) categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; (d) the retention period of personal data or, if this is not possible, the criteria used to determine such period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data or to be against their treatment; f) the right to file a complaint with a supervisory authority; g) all information regarding the origin of the data, if these are not collected from the interested party, h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the used logic as well as the importance and expected consequences for the interested party for the processing. Whenever personal data are transferred to a third country or an international organization, the interested party has the right to be informed of the existence of adequate guarantees relating to the transfer.
  • Right of rectification: i.e. the right to ask the data controller to rectify incomplete or incorrect personal data without unnecessary delay. Considering the purposes of the processing, the interested party has the right ask his/her personal data to be integrated, also by providing an additional declaration.
  • Right to cancellation: the right to ask the data controller to delete one’s personal data without unnecessary delay, if: a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the processing of his/her data is based on, and if there is no other legal basis for the processing; c) the interested party is against the processing because it is needed for the execution of a task of public interest or connected to the exercise of public authority for which the holder is appointed, or for the pursuit of legitimate interest and there is no legitimate reason to proceed the processing, or he/she is against processing for direct marketing purposes; d) personal data have been processed unlawfully; e) personal data must be deleted to fulfil a legal obligation under the EU or Member State law to which the data controller is subject to; f) personal data have been collected in relation to an offer by information society services of minors. However, the request for cancellation cannot be accepted if the processing is necessary: a) for the exercise of the right to freedom of expression and information; b) for the fulfilment of a legal obligation requiring processing under the EU or a Member State law to which the data controller is subject to or for the performance of a task carried out in the public interest or in the exercise of official authority; c) for reasons of public interest in the public health sector; d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, insofar as the cancellation risks make it impossible or seriously prejudice the achievement of the objectives of such treatment; or e) for the assessment, exercise or defence of a right in court.
  • Right of limitation, e. the right to be guaranteed that data are processed, except for retention, only with the consent of the interested party or for the assessment, exercise or defence of a right in court or to protect the rights of another personal or legal person, or for reasons of significant public interest of the EU or a Member State, if: a) the interested party questions the accuracy of personal data for the period needed by the data controller to verify the accuracy of such personal data; b) the processing is illegal and the interested party is against the cancellation of his/her personal data and asks that they are used in a limited way instead; c) although the data controller no longer needs the data for processing purposes, the interested party needs them, in order to verify, exercise or defend a right in court; d) the interested party has opposed the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public authority the owner was appointed with, or for the pursuit of the legitimate interests of the data controller or third parties, waiting for verification of a possible prevalence of legitimate reasons of the data controller as opposed to those of the interested party.
  • Right to portability, i.e. the right to receive personal data (given to the holder) in a structured, commonly used and readable way from automatic devices, and the right to transfer such data to another holder without impediments by the holder they were given, as well as the right to obtain direct transfer of his/her personal data from one holder to another, if technically feasible, should the processing be based on consent or on a contract and the processing is done by automated means. This right does not affect the right to cancellation.
  • Right of opposition, i.e. the right of the interested party to oppose at any time, for reasons connected to his/her particular situation, the processing of personal data, since it is necessary for the performance of a task of public interest or related to the exercise of public authority for which the holder was appointed with, or for the pursuit of the legitimate interest of the data controller or third parties. If personal data are processed for direct marketing purposes, the interested party has the right to oppose the processing of personal data at any time, including profiling in so far as it is related to such direct marketing.

The data subject is informed that, in case in case he/she believes that the processing of his/her personal data is violating what stated on the GDPR, he/she has the right to lodge a complaint to the Privacy Authority as per Art. 77 of the Regulation, or to bring the issue before the appropriate judicial offices (Art. 79 of the Regulation).

Further information on data-processing

Further information on the processing of personal data is available in the User Privacy Policy which can be found on the footer of the website.

This privacy information page was updated on 31/03/2021

  

Privacy on applicants (request form)

Information page on privacy form request

In compliance with the current Regulation (Article 13 of the General Regulation concerning the protection of personal data, hereinafter “GDPR”), Carpe Diem Valuenet S.r.l., in the person of its legal pro tempore representative, (hereinafter also referred to as “Owner” or “Company”) provides users wishing to forward their request by completing the form on the website www.cdvaluenet.com with information concerning the processing of their data.

Data-processing controller and contacts

The data-processing controller is Carpe Diem Valuenet S.r.l.., registered office in Via Grazzano n. 7 – 33100 Udine P. IVA 02295610303. The company can be contacted via the email address: privacy@cdvaluenet.com

What are the processed data?

The processed data are the identifying and contact data provided by the user via the form.

Purposes and legal basis of the processing

The personal data provided by the user via the dedicated form are used to respond to and handle the data subject’s request.

The legal basis for the processing of the said data is the execution of precontractual measures adopted at the data subject’s request and those linked to execution of the contractual relationship.

If expressly permitted, the identifying and contact data may be processed for the forwarding of advertising material and commercial communications via traditional means, such as telephone contact with an operator, or automated means such as e-mail and SMS.

The legal basis for processing identifying data for marketing purposes is the data subject’s consent. It is declared that any consent provided for the forwarding of commercial and promotional communications, as of art. 130, paras 1 and 2, of Law Decree 196/2003 (Privacy Law), implies the reception of these communications, not only via automated means of contact (SMS, e-mail and other forms of message), but also by traditional means (such as letter post or calls from an operator). Consent may be revoked at any moment.

If necessary, the data may also be used to meet the Data Controller’s legitimate interest in checking the security and correct functioning of the IT systems used and for the performance of defensive activities.

Data management

Gathered data are processed with IT tools and, only on a residual basis, on paper. Adequate security measures have been adopted in order to prevent the loss of data, illegal or incorrect use and non-authorized access.

International data transfer

Requests forwarded via this form are handled through the servers used by the Data Controller for the website (located within European territory) and by means of third-party services which require transfer of the data abroad, in compliance with the necessary guarantees (standard contractual clauses).

Conservation period

Data directly provided by the data subjects are stored for the strictly limited period of time necessary to respond to the data subjects’ requests. If consent is given, data processed for marketing purposes will be conserved for two years, without prejudice to the Data Subject’s right to object, which may be exercised at any moment, without any encumbrance, even separately, for the forwarding of promotional communications via automated or traditional means.

The above does not prejudice any defensive needs, for which the data may be conserved even beyond the terms indicated.

What happens if data are not provided? 

Provision of data is voluntary but, if they are not provided, the Data Controller will be unable to respond to the Data Subject’s requests.

Who is entitled to know the data

The data will be processed by staff authorized for the purpose by the Data Controller.

The data may come to the knowledge of the IT company which provides services of assistance and maintenance of the systems used, of the company that provides the CRM and of consultants appointed to handle any dispute or to give legal assistance where such disputes require their presence.

It is specified that some of the indicated subjects are responsible for the processing and that communications to those acting as independent controllers are performed in compliance with legal obligations or as necessary to fulfil the obligations deriving from the contract or in the controller’s legitimate interest to maintain the security of the IT systems and perform defence activities via legal advisors.

The data subject may request from the controller the list of external subjects who perform activities as data processing controllers.

Such communication is however limited to data categories for which the transmission is necessary to perform the activities and purposes pursued.

The rights of data subjects

The Law acknowledges the right to ask the data controller for access to personal data, their rectification or cancellation, or the limitation to their processing or to oppose to their processing, in addition to the right to data portability.

Data Subjects are reminded, in particular, that they may object to the processing of their data for purposes of marketing.

The data subject may, at any time, assert his/her rights, with no formalities, by applying to the Data Controller at the addresses indicated in this information page. The Data Controller will respond within 30 days of receiving the request, as envisaged under current laws.

Here follow the rights acknowledged by current legislation regarding the protection of personal data.

  • Right of access: i.e. the right to obtain confirmation from the data controller whether or his/her personal data are being processed. If yes, he/she shall have access to those personal data as well as the following information: a) processing purposes; b) categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; (d) the retention period of personal data or, if this is not possible, the criteria used to determine such period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data or to be against their treatment; f) the right to file a complaint with a supervisory authority; g) all information regarding the origin of the data, if these are not collected from the interested party, h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the used logic as well as the importance and expected consequences for the interested party for the processing. Whenever personal data are transferred to a third country or an international organization, the interested party has the right to be informed of the existence of adequate guarantees relating to the transfer.
  • Right of rectification: i.e. the right to ask the data controller to rectify incomplete or incorrect personal data without unnecessary delay. Considering the purposes of the processing, the interested party has the right ask his/her personal data to be integrated, also by providing an additional declaration.
  • Right to cancellation: the right to ask the data controller to delete one’s personal data without unnecessary delay, if: a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the processing of his/her data is based on, and if there is no other legal basis for the processing; c) the interested party is against the processing because it is needed for the execution of a task of public interest or connected to the exercise of public authority for which the holder is appointed, or for the pursuit of legitimate interest and there is no legitimate reason to proceed the processing, or he/she is against processing for direct marketing purposes; d) personal data have been processed unlawfully; e) personal data must be deleted to fulfil a legal obligation under the EU or Member State law to which the data controller is subject to; f) personal data have been collected in relation to an offer by information society services of minors. However, the request for cancellation cannot be accepted if the processing is necessary: a) for the exercise of the right to freedom of expression and information; b) for the fulfilment of a legal obligation requiring processing under the EU or a Member State law to which the data controller is subject to or for the performance of a task carried out in the public interest or in the exercise of official authority; c) for reasons of public interest in the public health sector; d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, insofar as the cancellation risks make it impossible or seriously prejudice the achievement of the objectives of such treatment; or e) for the assessment, exercise or defence of a right in court.
  • Right of limitation, e. the right to be guaranteed that data are processed, except for retention, only with the consent of the interested party or for the assessment, exercise or defence of a right in court or to protect the rights of another personal or legal person, or for reasons of significant public interest of the EU or a Member State, if: a) the interested party questions the accuracy of personal data for the period needed by the data controller to verify the accuracy of such personal data; b) the processing is illegal and the interested party is against the cancellation of his/her personal data and asks that they are used in a limited way instead; c) although the data controller no longer needs the data for processing purposes, the interested party needs them, in order to verify, exercise or defend a right in court; d) the interested party has opposed the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public authority the owner was appointed with, or for the pursuit of the legitimate interests of the data controller or third parties, waiting for verification of a possible prevalence of legitimate reasons of the data controller as opposed to those of the interested party.
  • Right to portability, i.e. the right to receive personal data (given to the holder) in a structured, commonly used and readable way from automatic devices, and the right to transfer such data to another holder without impediments by the holder they were given, as well as the right to obtain direct transfer of his/her personal data from one holder to another, if technically feasible, should the processing be based on consent or on a contract and the processing is done by automated means. This right does not affect the right to cancellation.
  • Right of opposition, i.e. the right of the interested party to oppose at any time, for reasons connected to his/her particular situation, the processing of personal data, since it is necessary for the performance of a task of public interest or related to the exercise of public authority for which the holder was appointed with, or for the pursuit of the legitimate interest of the data controller or third parties. If personal data are processed for direct marketing purposes, the interested party has the right to oppose the processing of personal data at any time, including profiling in so far as it is related to such direct marketing.

The data subject is informed that, in case in case he/she believes that the processing of his/her personal data is violating what stated on the GDPR, he/she has the right to lodge a complaint to the Privacy Authority as per Art. 77 of the Regulation, or to bring the issue before the appropriate judicial offices (Art. 79 of the Regulation).

This privacy information page was updated on 31/03/2021