INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE GDPR 679-2016 (PRIVACY CODE)
1. Data Controller
The data controller is IN ACTION S.R.L. (VAT No. 03174880231), in the person of its pro tempore legal representative, with registered office in Colognola Ai Colli (VR), Via Cubetta No. 37, phone 045.6151061. The pro tempore Data Protection Officer can be contacted at firstname.lastname@example.org
2. Data Subjects
The users of the www.inactiongroup.it website
3. Location of Data Processing
The data processing related to the web services offered via this website occurs at the Data Controller’s registered office, as mentioned above. It is handled only by technical personnel in charge of the data processing or by persons in charge of occasional maintenance operations.
4. Methods of Processing
The personal data of users are processed by automated tools and stored on computer media, in compliance with the minimum-security measures established by the General Regulations for Data Protection (EU Regulations No. 679 dated 2016) and, in any case, in compliance with the security and confidentiality of the data.
5. Types of data automatically processed - Navigation data
IT systems and the software procedures used to operate this website acquire, over the course of their normal operation, some personal data whose dissemination is implicit in the use of Internet communication protocols. This information is not collected to be associated with specific users. This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI addresses (Uniform Resource Identifier) related to requested resources, the time of the request, the method used to submit the request to the server, size of the file obtained in reply, numerical code specifying the status of the answer from the server (successful, error, etc.) and other parameters related to the operating system and the users. These data are used solely to obtain anonymous statistical information from the use of the website and to check its proper operation. The data could be used to ascertain responsibility in the event of potential IT offenses against the website, only at the request of the supervisory bodies in charge.
6. Type of Data Voluntarily Provided by Users - Purpose of the Processing
Except for what has been specified for the navigation data (article 5), users may provide, optionally, explicitly, and voluntarily their personal data via the registration forms available on the website. The users’ personal data are processed for the following purposes: answering questions and requests; subscribing to In Action’s newsletter service; profiling and communication of promotional and marketing initiatives promoted by the Data Controller; transfer to third parties for marketing and profiling purposes.
No personal data of the users are acquired by the website on purpose. No cookies are used to transfer personal information, and no persistent cookies of any kind or user tracking systems are used. The use of the so-called session cookies (which are not recorded permanently on the user’s computer and are deleted when the browser is closed) is strictly limited to the transmission of the session’s identification data (represented by random numbers generated by the server) needed to allow the safe and efficient browsing of the website. The so-called session cookies used on this website avoid the use of other IT techniques potentially damaging to the privacy of the users and do not allow the acquisition of their personal identification data. For more information, visit the Cookies page.
8. Legal Basis of the Processing
Pursuant to Article 6 of EU Regulations 2016/679, the processing of user data is performed on the following legal bases: for the individual purposes referred to in Article 6, the data subject has provided consent to the processing of the personal data for one or more specific purposes.
9. Notification of Legitimate Interests pursued by the Data Controller or by Third Parties
In the case of consent provided for communications to third parties and the legitimate interests pursued by third parties and the Data Controller are the collection for marketing purposes of users’ purchase preferences; the above-mentioned activities do not involve violations, damages, pressure and/or limitations of any kind with respect to the interests, rights and fundamental responsibilities of the data subject who shall always have the right to request the erasure, removal and/or modification of the data processed, as well as the termination of any activity related to the transfer to third parties and/or profiling for which he/she previously provided his/her consent. In case of consent provided by the data subject for the transfer to third parties, the assignees of the personal data will be the commercial partners of the Data Controller, promoters of commercial and/or promotional initiatives and/or commercial and advertising agencies. The data will be transferred or disclosed to third parties provided that the latter made available all the appropriate guarantees in accordance with GDPR 679-2016; the data disclosed and/or transferred may be requested directly from the Data Controller. Moreover, any request for modification and/or erasure and/or removal of the aforementioned data may be forwarded to the Data Controller.
10. Nature of the Provision
Consent to the processing of users’ data for the purposes referred to in art. 6 is optional and may be granted by ticking the appropriate boxes. Failure to provide consent to the processing of any of the optional purposes will only have the consequences described below: the impossibility for the data controller to answer users’ questions, subscribe users to the newsletter, send notifications concerning promotional and marketing initiatives promoted by the Data Controller and transfer the users’ personal data to third parties for marketing and profiling purposes.
11. Purpose of Disclosure of Data
Users’ personal data, provided for the purposes described above, may be disclosed to employees and/or contractors of the Data Controller and to the following parties: third party companies appointed by the Data Controller to provide specific products and/or services and, in any case, within limits strictly necessary to execute the contractual services to be provided by the Data Controller; third parties, for the marketing and profiling purposes described above; all parties (including Public Administration agencies) that have access to the data by virtue of regulatory or administrative provisions. Users’ personal data, provided and subsequently processed to manage the service, are not disclosed.
12. Period of Data Storage
Personal data of users that provided their consent to the data processing for the purpose referred to in Article 6 shall be stored until consent is revoked.
13. Automated decision-making process
The personal data of users, if consent is provided for the purposes referred to in points c) and d) of Article 6 shall undergo an automated decision-making process, including profiling pursuant to article 22, paragraphs 1 and 4 of EU Regulations 2016/679. The logic used consists in the anonymous aggregation of data according to homogeneous categories, such as sex, age, and purchase preferences. This processing will lead to greater customization of any commercial services offered to the data subject without prejudice to the right of the data subject to request the Data Controller to delete and/or remove their personal data in accordance with the following articles.
14. Right to access personal data
- information on the origin of the personal data, on the purposes and methods of processing, on the logic applied in case of processing by electronic means, and the categories of personal data in question;
- information about the identification details of the Data Controller;
- information about the parties or categories of parties to which the data may be disclosed or that may become aware of said data as appointed representative in the territory of the State, as Data Protection Officers or Persons in Charge;
- the updating, rectification, or integration of their data without undue delay;
- the erasure, transformation into anonymous form, or blocking of the data unlawfully processed, including data stored but not necessary for the purposes for which the data was collected or subsequently processed;
- the certification that the operations referred to in previous points have been brought to the attention, also in terms of their contents, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment proves to be impossible or involves the use of means manifestly disproportionate respect to the right being protected
15. Right to oppose the processing
- on the basis of legitimate grounds, the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
16. Revocation of Consent
At any time, users have the right to withdraw their previously provided consent to the processing of their personal data. To do so, it is sufficient to send a direct request to the Data Controller by writing to email@example.com with the subject line “Exercising Privacy Rights”. This revocation does not affect the lawfulness of the data processing based on the consent provided prior to the revocation.
Any claims concerning the processing of personal data supplied to the Data Controller may be filed before the Privacy Protection Authority (www.garanteprivacy.it).
18. Right of Access
Users have the right to obtain from the Data Controller confirmation on whether or not the processing of their personal data is in progress, and if so, users shall have the right to access their personal data.