INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE GDPR 679-2016 (PRIVACY CODE)
1. Data Controller
The data controller is IN ACTION S.R.L. (VAT No. 03174880231), in the person of its pro tempore legal representative, with registered office in Colognola Ai Colli (VR), Via Cubetta No. 37, phone 045.6151061. The data protection officer is Ecoconsult S.r.l., in the person of Mirko Preti, with registered office in Milan (MI), Via Carlo Goldoni n. 1, which can be contacted at the e-mail address firstname.lastname@example.org or at the telephone number 02/541014582.
2. Data Subjects
The users of the www.inactiongroup.it website.
3. Location of Data Processing
The data processing related to the web services offered via this website occurs at the Data Controller’s registered office, as mentioned above. It is handled only by technical personnel in charge of the data processing or by persons in charge of occasional maintenance operations.
4. Methods of Processing
The personal data of users are processed by automated tools and stored on computer media, in compliance with the minimum-security measures established by the General Regulations for Data Protection (EU Regulations No. 679 dated 2016) and, in any case, in compliance with the security and confidentiality of the data.
5. Types of data automatically processed - Navigation data
IT systems and the software procedures used to operate this website acquire, over the course of their normal operation, some personal data whose dissemination is implicit in the use of Internet communication protocols. This information is not collected to be associated with specific users. This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI addresses (Uniform Resource Identifier) related to requested resources, the time of the request, the method used to submit the request to the server, size of the file obtained in reply, numerical code specifying the status of the answer from the server (successful, error, etc.) and other parameters related to the operating system and the users. These data are used solely to obtain anonymous statistical information from the use of the website and to check its proper operation. The data could be used to ascertain responsibility in the event of potential IT offenses against the website, only at the request of the supervisory bodies in charge.
6. Type of Data Voluntarily Provided by Users - Purpose of the Processing
- answering questions and requests;
- subscribing to In Action’s newsletter service.
No personal data of the users are acquired by the website on purpose. No cookies are used to transfer personal information, and no persistent cookies of any kind or user tracking systems are used. The use of the so-called session cookies (which are not recorded permanently on the user’s computer and are deleted when the browser is closed) is strictly limited to the transmission of the session’s identification data (represented by random numbers generated by the server) needed to allow the safe and efficient browsing of the website. The so-called session cookies used on this website avoid the use of other IT techniques potentially damaging to the privacy of the users and do not allow the acquisition of their personal identification data. For more information, visit the Cookies page.
8. Legal Basis of the Processing
- for the purpose referred to “answering questions and requests”, the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (paragraph b);
- for the purpose referred to “subscribing to In Action’s newsletter service”, the data subject has provided consent to the processing of the personal data for one or more specific purposes (paragraph a).
9. Nature of the Provision
Consent to the processing of users’ data for the purposes referred to in art. 6 is optional and may be granted by ticking the appropriate boxes. Failure to provide consent to the processing of any of the optional purposes will only have the consequences described below: the impossibility for the data controller to answer users’ questions, subscribe users to the newsletter, send notifications concerning promotional and marketing initiatives promoted by the Data Controller and transfer the users’ personal data to third parties for marketing and profiling purposes.
10. Purpose of Disclosure of Data
- third party companies appointed by the Data Controller to provide specific services and, in any case, within limits strictly necessary to execute the contractual services to be provided by the Data Controller;
- all parties (including Public Administration agencies) that have access to the data by virtue of regulatory or administrative provisions.
11. Period of Data Storage
Personal data of users that provided their consent to the data processing for the purpose referred to in Article 6 shall be stored up to a maximum of 48 months from the express consent.
12. Right to access personal data
b) obtain, from the Data Controller:
- information on the origin of the personal data, on the purposes and methods of processing, on the logic applied in case of processing by electronic means, and the categories of personal data in question;
- information about the identification details of the Data Controller;
- information about the parties or categories of parties to which the data may be disclosed or that may become aware of said data as appointed representative in the territory of the State, as Data Protection Officers or Persons in Charge;
- the updating, rectification, or integration of their data without undue delay;
- the erasure, transformation into anonymous form, or blocking of the data unlawfully processed, including data stored but not necessary for the purposes for which the data was collected or subsequently processed;
- the certification that the operations referred to in previous points have been brought to the attention, also in terms of their contents, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment proves to be impossible or involves the use of means manifestly disproportionate respect to the right being protected.
13. Right to oppose the processing
- on the basis of legitimate grounds, the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
14. Revocation of Consent
At any time, users have the right to withdraw their previously provided consent to the processing of their personal data. To do so, it is sufficient to send a direct request to the Data Controller by writing to email@example.com with the subject line “Exercising Privacy Rights”. This revocation does not affect the lawfulness of the data processing based on the consent provided prior to the revocation.
Any claims concerning the processing of personal data supplied to the Data Controller may be filed before the Privacy Protection Authority (www.garanteprivacy.it).
16. Right of Access
Users have the right to obtain from the Data Controller confirmation on whether or not the processing of their personal data is in progress, and if so, users shall have the right to access their personal data.
This version of the information on the processing of personal data was updated on 10 March 2022.