terms and conditions
Information on the processing of personal data
This information is provided pursuant to art. 13 of EU Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016 concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data (the so- called "General Regulation on the processing of personal data" or "GDPR") and of Legislative Decree 30.06.2003, n. 196, as amended and supplemented by Legislative Decree 10.08.2018, n. 101 ("Code regarding personal data" or "Privacy Code") from:
IVE s.r.l., based in 43123 - Parma (PR), via Emilia Est, 115, tax identification number and VAT number 02878320346, in the person of its legal representative pro tempore;
as Data Controller (hereinafter "Data Controller").
The Data Controller, aware of the importance of ensuring the security of private information, in compliance with the applicable European and Italian legislation, in compliance with the principle of transparency pursuant to art. 12, GDPR, below provides the following information in order to make the User aware of the characteristics and methods of processing personal data.
1. Subject of the processing
The Owner processes the User's personal data that are provided or, in any case, collected during the use of the website and / or during the use of the services connected through the messaging platforms "Facebook Messanger" and / or "Telegram" (hereinafter "Services"), as well as following registration to the aforementioned Services. In particular, the Owner processes: i. personal identification data (for example, name, surname, gender, e-mail, account profiles); ii. public and / or post personal data consisting of comments or contents that the User publishes on the Services; iii. personal data whose transmission is connected to the use of Internet communication protocols (by way of example, access to the page, amount of data transferred, status message to accesses, session ID numbers, IP addresses, URL addresses, data of localization, coordinated universal time, etc.). The Data Controller does not process particular and sensitive personal data, ie those that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sex life or sexual orientation of the person. The Owner, therefore, asks the User not to send, or disclose, through the use of the Services, any particular and sensitive personal data.
2. Purpose and legal basis of the processing
Your personal data is processed without your express consent, for the following purposes:
(i) provide the Services and the functionalities of the same to the User. In this case, the execution of a contract of which you are part or the execution of pre-contractual measures taken at your request, constitutes the legal basis of the processing;
(ii) guarantee the technical functioning of the Services. In this case, the legitimate interest of the Owner to ensure the correct technical functioning of the Services, constitutes the legal basis of the processing;
(iii) respond to User questions and requests. In this case, the legitimate interest of the Owner to manage, adequately and in a timely manner, your questions and / or requests constitutes the legal basis of the processing;
(iv) comply with legal obligations, judicial proceedings or orders of the Authorities. In this case, the fulfillment of the obligations provided for by the law, by a regulation, by EU legislation or by an order of the Authority, constitutes the legal basis of the processing;
(v) to enforce the contractual terms and conditions of the Data Controller, to legitimately protect the operations, privacy, security and / or properties of the Data Controller, as well as to allow the Data Controller to exercise its rights. In this case, the legitimate interest of the Owner to legally protect himself and to exercise his rights, constitutes the legal basis of the processing;
(vi) to perform any corporate transaction (reorganization, merger, sale, joint venture, assignment, transfer or other transaction related to all or part of our business, assets or shares). In this case, the legitimate interest of the Data Controller to pursue a business strategy constitutes the legal basis of the processing.
3. Nature of the provision of personal data
The provision of data for the purposes referred to in art. 2, is necessary, since your refusal to provide the requested personal data makes it impossible for the owner to provide the requested services.
4. Processing methods
The processing of personal data is carried out by means of the operations indicated by art. 4, paragraph 1, no. 2), GDPR, or any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, preservation , adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction. The processing of data will be based on principles of correctness, lawfulness and transparency and may also be carried out through automated methods designed to memorize, manage and transmit them and will be carried out by means of suitable instruments, as far as reason and state of the art, to guarantee security and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and disclosure. Personal data may be stored both on computer media and on paper, as well as on any other type of support deemed most suitable for processing.
5. Data retention period
The Owner, in compliance with the principles set forth in art. 5, GDPR, will process personal data for the time necessary to pursue the aforementioned purposes, as well as to fulfill the legal obligations imposed for the same purposes. Once the aforementioned storage terms have expired, the data will be destroyed or made anonymous. More and more detailed information regarding storage times can be requested by contacting the owner at the addresses indicated in this statement.
6. Data communication
The personal data processed by the Data Controller will not be disclosed, or will not be disclosed to undetermined subjects, in any possible form, including that of making them available or simple consultation. Instead, they can be made accessible to workers and / or employees who work for employees and for the owner and / or to some external subjects who have sufficient guarantees to have adopted adequate legal, organizational and technical measures so that the treatment satisfies the requirements of the GDPR and guarantee the protection of the rights of the interested party. In particular, the data may be made accessible to: i. employees and / or collaborators of the Data Controller, in their capacity as internal managers, delegates, appointed and / or authorized to process personal data and / or System Administrators; ii. third party companies or other subjects that carry out activities in outsourcing on behalf of the Owner (for example, cloud service providers, IT services or other services instrumental or supporting the activities of the Owner), in their capacity as external data processing managers personal. Furthermore, the Data Controller may communicate personal data to subjects entitled to access it under the provisions of the law, regulations, Community legislation, the judicial authority, as well as to all other subjects to whom communication is obligatory by law.
7. Data transfer
The management and storage of personal data will take place on the Data Controller server and / or third-party companies duly appointed and appointed as Data Processors, located within the European Union and the European Economic Area (EEA) or, in any case, in countries third parties, ie extra European Union and European Economic Area (EEA), recognized by the European Commission as countries that guarantee an adequate level of protection (by way of example, the so-called Privacy Shield, governing the transfer of data between the EU and the USA).
8. Navigation data
The computer systems and software procedures used to operate the site may acquire, during their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, the URI / URL notation addresses ("Uniform Resource Identifier" and "Uniform Resource Locator") of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (by way of example, success, error, etc.) and other parameters relating to the system operational and the user's computer environment. These data, necessary for the use of web services, are also processed for the purpose of: i. obtain statistical information on the use of the services (for example, most visited pages, number of visitors by time or day, geographical areas of origin, etc.); ii. check the correct functioning of the services offered. These data are deleted immediately after processing (except for any need to investigate crimes by the Judicial Authority).
10. Rights of the interested party
Pursuant to the articles from 15 to 21, GDPR, is entitled to: i. obtaining confirmation from the Data Controller that your personal data is being processed and, in this case, access to personal data and other related information, including receiving a copy (c.d. access right); ii. obtain from the Data Controller the rectification of inaccurate personal data and / or the integration of incomplete personal data concerning you (c.d. right of rectification); iii. obtain from the Data Controller the cancellation of personal data if one of the reasons provided for by the GDPR (c.d. the right to cancel) exists; iv. obtain from the Data Controller the limitation of the processing only to some personal data if there is one of the reasons provided by the GDPR (c.d. right to limit the treatment); v. request and receive from the Data Controller, in a structured format, commonly used and readable by an automatic device, the personal data concerning you, or request and obtain transmission to another Data Controller without impediment (c.d. portability right); vii. revoke, at any time, the consent given in relation to the processing of personal data (c.d. the right to revoke the consent); vii. object, in whole or in part, to the processing of personal data (c.d. opposition right); viii. not be subjected to a decision based solely on automated processing in the cases provided for by the GDPR; ix. to make a complaint to the Guarantor Authority for the protection of personal data, as well as to exercise the other rights recognized to them by the applicable European and Italian legislation.
11. Mode of exercise of rights
You may at any time exercise your rights by contacting the Owner:
- by registered letter with return receipt: IVE s.r.l., based in 43123 - Parma (PR), via Emilia Est, 115;
- by e-mail: firstname.lastname@example.org
12. Data controller and data processor
The Data Controller is:
IVE s.r.l., con sede in 43123 – Parma (PR), via Emilia Est, 115, codice fiscale e partita iva 02878320346, in persona del legale rappresentate pro tempore. Maggiori informazioni in merito ai responsabili, delegati, designati e autorizzati al trattamento dei dati personali possono essere richieste contattando il Titolare ai recapiti indicati nella presente informativa.
13.Responsible for the protection of personal data (c.d. Data Protection Officer - DPO)
The person responsible for the protection of personal data - c.d. Data Protection Officer or "DPO" - pursuant to art. 37, GDPR, Avv. Mattia Barbieri, who can be contacted for any information and / or request at the following e-mail address: email@example.com
This information may be subject to change. We therefore recommend that you regularly check this information and refer to the most up-to-date version.
Information updated on 14/09/2019
The Data Controller