Why this Policy?
This policy, provided pursuant to artt. 13 and 14 GDPR, informs you about how we collect, use, share and store the personal data provided and/or collected through the Site as described below.
This policy is provided by S.M.D. S.R.L. as Data Controller.
What information do we collect, for what purposes, what are the legal bases, and how long do we keep your data?
Purpose of browsing the site
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtain statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
- check the correct functioning of the services offered.
Types of data processed
- IP addresses or domain names of the computers and terminals used by users;
- the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources;
- the time of the request, the method used to submit the request to the server;
- the size of the file obtained in response;
- the numerical code indicating the status of the response given by the server (successful, error, etc.);
- other parameters related to the user's operating system and computing environment.
Legal bases for processing
- the processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
- The processing is necessary for the pursuit of the legitimate interest of the Data Controller to ensure the security and usability of the Website.
Navigation data do not persist for more than seven days (except for any need to ascertain crimes by the judicial authorities).
Purpose of managing and responding to your requests
We will process the personal data you provide by sending e-mails and/or filling in forms on the site, for the sole purpose of providing feedback to the requests sent.
Types of data processed
- Personal data provided spontaneously;
- name, surname;
- contact details;
- phone number;
Legal bases for processing
The Data Subject has given consent to the processing of his/her personal data for one or more specific purposes.
In particular, the fact that the Data Subject decides to contact us with a request, will be considered an unequivocal affirmative action equivalent to a written consent pursuant to art. 4, no. 11) GDPR.
The data processed in accordance with the provisions of this paragraph will be kept for the period strictly necessary to provide feedback to the requests of the interested parties. This is without prejudice to the possibility of extending the aforementioned period in the event that this is necessary to comply with legal obligations to which it is subject or to protect a right before a competent authority.
There are social buttons on our website.
Social buttons are digital buttons, i.e. direct links with the Social Network platforms configured in each individual "button".
By clicking on these links you will have the opportunity to interact directly with our accounts (social pages).
The managers of the Social Networks to which the buttons refer are independent data controllers. More information on the individual privacy policies of Social Network platforms and on how to manage and deactivate the related cookies can be found on the Social Network platforms.
The processing of the personal data of the data subjects will be mainly carried out with the aid of electronic or automated means, according to the methods and with the appropriate tools to guarantee the security and confidentiality of the data in accordance with the GDPR. In particular, all the technical, IT, organizational, logistical and procedural security measures necessary to ensure the adequate level of data protection provided for by the relevant privacy legislation will be guaranteed, allowing access only to persons authorized to process the data.
The information acquired and the methods of processing will be relevant and not excessive with respect to the type of services rendered. Data will also be managed and protected in environments whose access is under constant control.
Who do we share personal data with?
Without prejudice to all communications made in compliance with legal or contractual obligations, the personal data collected and processed may be shared exclusively for the purposes specified in this Policy, by way of example with:
- legal or natural persons acting as data processors, carrying out outsourced activities (e.g. management and maintenance of the website), formally designated by us pursuant to art. 28 GDPR;
- employees and/or collaborators (including system administrators) who, operating under our direct authority, are authorised to process personal data;
- employees and/or collaborators of data processors (including system administrators) who, operating under the direct authority of external data processors, will be authorized to process personal data;
- all those public and/or private subjects, natural and/or legal persons, if the sharing is necessary or functional to the proper functioning of the website, as well as the obligations deriving from the law.
The data relating to the interested parties will not be disseminated, except in anonymous and aggregated form, for statistical or research purposes.
Identity and contact details of the Data Processors
The full list of data controllers can be accessed by contacting us at firstname.lastname@example.org.
Transfer of data to third countries
We will not transfer your personal data to countries outside the European Economic Area ("EEA"), which includes in addition to the member states of the European Union, Norway, Lichtenstein and Iceland.
If this is necessary to pursue the purposes of the processing described in this Policy, our Organisation guarantees that any transfer of data outside the EEA will take place in such a way as to ensure full protection of the rights and freedoms of the same. Where, about the recipient third country, no adequacy decisions have been issued by the European Commission, data transfers will be carried out by adopting the safeguards provided for in Articles 46 et seq. of the GDPR, including the standard contractual clauses approved by the European Commission, and a thoughtful assessment of the legislation of any third country of destination.
Your rights and how to contact us
As a data subject, you may exercise the rights referred to in Articles 15 et seq. of the GDPR and, specifically, the rights of:
- obtain, at any time, confirmation of the existence or otherwise of the processing of the same data and obtain access to personal data and information regarding the processing;
- request the rectification of inaccurate personal data and the completion of incomplete personal data;
- request, in the cases indicated by the GDPR, without prejudice to the special regulations provided for certain processing, the deletion or limitation of data, after the expiry of the established retention periods;
- request the portability of your data in accordance with the provisions of the GDPR and national legislation.
Requests must be submitted for email@example.com.
Right to lodge a complaint
If you believe that the processing of your personal data is in violation of the provisions of the Regulation, you have the right to lodge a complaint with the Data Protection Authority, as provided for by art. 77 of the Regulation, or to take legal action (Article 79 of the Regulation).
S.M.D. S.R.L. reserves the right to make changes to this policy at any time, giving appropriate publicity to the Data Subjects and guaranteeing in any case adequate and similar protection of personal data. In order to view any changes, you are invited to consult this policy regularly or to contact us at the following e-mail: firstname.lastname@example.org.
Last update: 22/12/2023