We take your privacy very seriously and are committed to protecting it. The text below is intended to clarify the purposes and methods of processing the personal data that we collect when you access our website.
- Article 13 of Legislative Decree 196/2003;
- Article 13 of the GDPR 679/2016 “EU General Data Protection Regulation”;
- Recommendation number 2/2001 adopted by the Working Group, established by Article 29 of the Directive number 95/46 / EC.
If you are required to provide your personal data to access certain site services, you will be provided with the appropriate and detailed information on the processing pertaining to your data, pursuant to Article 13 of Legislative Decree 196/03 and of Article 13 of GDPR 679/2016. This information will specify the limits, purposes and methods of the processing itself.
Data Controller. The Data Controller is Spindox S.p.A., which is based in Milan, Italy on via Bisceglie 76. Within the Company, data belonging to visitors of the site will be processed by employees who act as Appointees under the direct authority of the respective Manager. In addition to Spindox employees, the processing of personal data may also be performed by third parties to whom the company entrusts certain activities (or parts of them) connected with or instrumental to the performance or provision of the services offered. In such circumstances, the same subjects will operate as autonomous owners, co-owners, or will be appointed as Data Processor Managers or Data Processors.
DPO & PLACE OF DATA PROCESSING. The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address: firstname.lastname@example.org. The processing operations related to the web services of our sites take place at the aforementioned offices of the Data Controller. However, Spindox reserves the right to use cloud services. In this case, the service providers are selected from those who provide appropriate guarantees as required by Article 46 of GDPR 679/16.
NATURE OF DATA USED FOR PROCESSING
NAVIGATION DATA. During normal operation and for the sole duration of the connection, the computer systems and software procedures used to operate this site acquire data that are implicitly transmitted in the use of internet communication protocols. This information is not collected for the purpose of associating it with users. However, by their very nature, they could allow the identification of them through processing and associations with data held by third parties. These data, deleted a few hours after processing, are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its proper functioning. Furthermore, in the event of hypothetical computer crimes against the site, they could be used to ascertain any liability.
These data include the following categories:
- IP addresses;
- Names related to the computer domain used by users connecting to the site;
- Notation addresses URI (Uniform Resource Identifier): requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numeric code indicating the status of the response given by the server (good results, errors, etc.), and other parameters pertaining to the operating system and the user’s IT environment.
DATA PROVIDED VOLUNTARILY BY USERS / VISITORS. If users / visitors send their personal data to access certain services on this site or to make requests via e-mail, Spindox will acquire these data. These data will be processed exclusively to respond to the request or for the provision of the service in accordance with this Policy and the specific Privacy information provided during the request of the individual services. The data will be kept only for the time strictly necessary to provide the requested service and to manage any disputes. The personal data explicitly provided by the users will be communicated to third parties only if the communication is necessary to comply with the requests of the users themselves, without prejudice to the provisions of the specific information for the individual services.
GOOGLE ANALYTICS. The Italian Guarantor considers cookie analytics to be instrumental in the functioning of a website and therefore includes them in the category of technical cookie. Google Analytics is the analysis tool we use to understand how visitors interact with the contents of our sites. The service uses a set of cookies to collect information and generate statistics on the use of websites without providing personal information about individual visitors to Google. For more information, please consult the Google Analytics disclosure.
DURATION OF COOKIES. Cookies have a duration dictated by an expiration time (or by a specific action such as closing the browser) set at the time of installation.
- temporary or per session (session cookies): used to store temporary information to link the actions performed during a specific session. These cookies are removed from the computer when the browser is closed;
- permanent (persistent cookies): used to store information, for example the login name and password, so as to avoid the user having to enter this information again each time he visits a specific site. These remain stored in the computer even after closing the browser.
METHOD OF PROCESSING. The processing is performed through automated tools (for example, using procedures and electronic media) and / or manually (for example, on paper) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in accordance with the regulations in force on the subject.
RIGHT TO PROVIDE DATA. Except as specified for navigation data, users are free to provide their personal data. Failure to provide such data may result only in the failure of obtaining the requested information from the site.
RIGHTS OF THE INTERESTED PARTY. According to:
- Article 7 of Legislative Decree 196/2003;
- Article 15 – Right of access, 16 – Right of rectification, 17 – Right of cancellation, 18 – Right of limitation of treatment, 20 – Right of portability, 21 – Right of opposition, and 22 – Right to object to automated decision-making of GDPR 679 / 16,
REVOCATION OF CONSENT. You can exercise your rights by writing to the Data Controller, specifying the subject of your request, the right that you intend to exercise and attaching a photocopy of an identification document that certifies the legitimacy of the request. With reference to Articles 7 and 23 of Legislative Decree 196/2003 and to Article 6 of GDPR 679/16, you can revoke any consent given at any time. You can exercise this right by writing to the Data Controller, specifying the subject of your request and attaching a photocopy of an identification document that certifies the legitimacy of your request. When the data processing is not based on consent, this rule is intended as an expression of the willingness of the interested party not to receive further communications from the Data Controller.
AUTOMATED DECISION PROCESSES. Under no circumstances shall the Data Controller process personal data on automated decision-making processes.