POLICY PRIVACY required by the Article 13 of D.LGS 196/2003 and by the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
This document serves the purpose of informing the users of this website about the personal data processing activities and aims carried out by MARIO DI MAIO, in case of conferral of such data.
Users will have to read this report carefully before submitting any kind of personal information or electronic form on this website.
In reference to:
Article 2 of the Regulation EU 2016/679 – Material scope applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
Article 3 of the Regulation EU 2016/679 – Territorial scope applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
Article 6 of the Regulation EU 2016/679 - Lawfulness of processing provides for processing shall be lawful only if and to the extent that at least one of the following applies: the data subject has given consent to the processing of his or her personal data for one or more specific purposes; processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; processing is necessary for compliance with a legal obligation to which the controller is subject; processing is necessary in order to protect the vital interests of the data subject or of another natural person; processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Article 7 of the Regulation EU 2016/679 – Condition for consent provides for, where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent. When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
D.LGS 196/2003 and the Regulation EU 2016/679 generally require the subject’s consent to the personal data processing. They also require that the data subject is provided with some information, included in this report.
TYPE OF DATA PROCESSED
Preface this by saying that none user’s personal data is acquired by the website in this context.
Website is user accessible without needing to consent to the data processing.
During their normal operation in this website, computer systems and proceeding software acquire some personal data implicitly transmitted in using communication protocols of the World Wide Web. Such data is related to telematic traffic, which by its nature is not collected to be immediately associated to a concerned and identified person. But also, by is nature, data could leading to identify website users, through processing and associations with data held by third parties.
This data group includes: IP address or domain name of the computer used to broswing this website; rotating URL address of the required resources; requesting time; method used to submit request; file size obtained; numerical code of the response obtained by the server (success, error), and other parameter of the OS and the IT environment of the user.
This kind of data is only used to derive anonymous statistical information about the website traffic and his proper functioning. Such data are immediately deleted after processing; it is kept by the website Holder for the period strictly necessary and in any case in accordance with the regulatory provision in force.
Voluntary provided data
If user want to be registered in the website database to be able to access the service provided by the database, he or she shall submit a “form”, in which give his or her consent to data processing activities.
User can give no consent to personal data processing, but this case could involve the impossibility to obtain the service required.
Optional, explicit and voluntary submission of e-mails to addresses referred in this website involves the subsequent acquisition of the user’s e-mail address and of the information given by himself or herself. The user gives express consent to processing such data, needed to reply the request. He or she gives also consent to processing the other personal data in the e-mail.
In case user writes, or uses in any other way, in the e-mail third parties data, he or she ensures and undertakes responsibility about inform third parties on the processing of their personal data, as required by the Article 13 D.LGS 196/2003, and they gave their consent.
Personal data provided by the user who want to receive informative material (through newsletter, mailing list, and so on) are used for the only purpose of carry out the requested service. Such data are no transmitted to third parties.
Personal data provision by the user is optional, although it is useful for carrying out some services. Missing data provision could compromise or make impossible carry out the service.
Personal data can also be used to identify responsibility in case of cybercrime against this website.
Minors: we don’t use consciously this website to request personal data from people who are not 18 years old (as required by the D.LGS 193/2003). Article 8 of the Regulation EU 2016/679 provides that minor personal data processing is lawful when the minor is at least 16 years old. When minor is younger than 16, data processing is lawful only if a parent, or the person who has the parental responsibility, gives consent.
A – Purpose of data processing
Precondition: Article 28 (Data Controller) of D.LGS 196/2003 reports: “Whenever processing operations are carried out by a legal person, a public administrative agency or any other body, association or organisation, the data controller shall be either the entity as a whole or the department or peripheral unit having fully autonomous decision-making powers in respect of purposes and mechanisms of said processing operations as also related to security matters”.
After that, MARIO DI MAIO, as Data Controller of this website, informs that personal data in its possession collected directly from the subject are and will be treated only as provides in this Document, in the Policy Privacy and in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. Such data can be collected verbally in the past, from third parties, or they can be voluntarily communicated by the involved subject via e-mail or third parties. Such data can be treated also by other Society appointed Commissioner for:
Accounting, administrative, fiscal and related purposes, in respect of legal obligation, guidelines, EU Regulation and other dispositions promulgated by Competent Authorities and Supervision Body.
Personal data provision is obligatory for this purpose and its treatment need no consent by the involved subject. Refusal to give data implies impossibility to establish any rapport between user and data controller. Such purposes are closely linked to contractual relations with costumers, both in ongoing and under negotiation (acquisition of information prior to the conclusion of a contract, execution of operations on the bases of obliges deriving from the contract signed with the client, check and assessment on rapport outlooks and findings and on its risks).
Whenever data is not collected from the involved subject, Data Controller provides him or her following informations: Data Protection Officer ID and contact details, when relevant; purposes of data processing and treatment legal basis; groups of personal data concerned; possible recipients or groups of recipients who will receive such data.
B – Modes of data processing
Tools and reasons
Related to aforementioned purposes, personal data is treated in a lawful, correct and transparent way in relation to the interested party (“lawfulness, correctness and transparency”); collected for specific, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with these purposes; further processing of personal data for archiving purposes in the public interest, scientific or historical research or for statistical purposes is not, in accordance with Article 89, paragraph 1 of the EU Regulation, considered incompatible with the initial purposes (“purpose limitation”); adequate, relevant and limited to what is necessary with respect to the purposes for which they are processed (“data minimization”); exact and, if necessary, updated; all reasonable measures must be taken to promptly cancel or correct inaccurate data with respect to the purposes for which they are processed (“accuracy”); kept in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed; processed in a manner that ensures adequate security of personal data, including protection, through appropriate technical and organizational measures, from unauthorized or unlawful processing and accidental loss, destruction or damage (“integrity and confidentiality”).
In relation to the aforementioned purposes, the processing is carried out using manual, IT and telematic tools with logic strictly related to the aforementioned purposes and, in any case, in order to guarantee the security and confidentiality of the data and with your commitment to inform us promptly make corrections, changes and updates.
This processing may be carried out on behalf of the Data Controller for the purposes and in the manner described above and in compliance with suitable criteria for guaranteeing security and confidentiality, by companies, studies, bodies and external collaborators appointed as Managers and only for what concerns the processing they carry out.
Length of Personal Data treatment
Personal Data will be processed through the whole contractual – or non-contractual – relationship. Later, such Data will be treated only to exercise legal obligation and potential marketing purpose.
Sensitive, judicial, genetic, biometric data and data concerning health
Article 9 of the Regulation EU 2016/679 - Processing of special categories of personal data
Paragraph 1 – Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
Paragraph 1 shall not apply if the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
No one of your personal data requested or stored in our website can be considered “sensitive data” and “legal data”, as provided in Article 4 of D.LGS 196/2003, nor “genetic data”, “biometric data”, “data concerning health” of the Regulation EU 20016/79 of 27 April 2016, included informations provided by the Article 9 above-mentioned.
Whenever this kind of Data will be found among personal data you provide us, without your explicit and written consent, such Data will be immediately deleted.
Precondition: personal Data is widespread in no form at all, included consultation.
C - Categories of subjects to which data can be communicated acting as Manager or Officer and data circulation limits.
Data Controller has the necessity to transmit personal data – without needing subject consent – to external categories whose such informations need to be transmitted, as provided by legal obligation, by a Regulation or EU law.
Moreover, Data Controller can transmit personal data to societies, offices, or other third parties only with the subject consent. Such third parties will use personal data to carry out activities on behalf of Data Controller, as provided at the paragraphs 2 and 3, section A.
Data Subject has the right to be aware of such subject and he or she can just ask for this information to Data Controller identified at Paragraph E.
Personal Data can be transmitted to subjects acting as Controller, natural and legal person as at Paragraphs B 1 and C 2, and acting as Responsible for Data necessary in order to carry out his or her duties natural persons falling within this group:
Employees in MARIO DI MAIO, fixed-term workers, temporary workers, interns, consultants, external workers, employees of external companies appointed managers.
D- Rights of the Data Subject
Article 12 of Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 – Transparent information, communication and modalities for the exercise of the rights of the data subject provides:
The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
The controller shall facilitate the exercise of data subject rights under Articles 15 to 22. In the cases referred to in Article 11(2), the controller shall not refuse to act on the request of the data subject for exercising his or her rights under Articles 15 to 22, unless the controller demonstrates that it is not in a position to identify the data subject.
The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Moreover, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
(c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(d) the right to lodge a complaint with a supervisory authority;
(e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
(f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Following Articles provide:
Art. 15 - The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information.
Art. 16 - The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Art. 17 - The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her.
Art. 18 - The data subject shall have the right to obtain from the controller restriction of processing.
Art. 19 - The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out.
Art. 20 - The data subject shall have the right to Data Portability.
Art. 21 -The data subject shall have the right to object at any time to processing of personal data concerning him or her.
Art. 22 - The data subject shall have the right not to be subject to a decision based solely on automated processing.
Article 7 of D.LGS. 196/203 confers to Data Subject some specific rights related with personal data processing:
A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
A data subject shall have the right to be informed:
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
A data subject shall have the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
A data subject shall have the right to object, in whole or in part,
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
Place of data treatment
Personal data processing take place at MARIO DI MAIO, headquartered in Via A. Manzoni, 40 - 21040 Gerenzano (Va).
E – Data controller and treatment Responsible
Data Controller is MARIO DI MAIO, headquartered in Via A. Manzoni, 40 - 21040 Gerenzano (Va).
We consider privacy and protection of our visitors’ personal data very seriously. This information therefore has the purpose of explaining what cookies are, how they are used on the Website and how the visitor can consciously make his decisions for their management.
1. What cookies are and what kind of cookies this website uses
Cookies are small text strings that the sites visited by the user send to their terminal (usually the browser), where they are stored before being re-transmitted to the same sites at the next visit by the same user. During the navigation on a site, the user can also receive on his terminal cookies sent from different websites or web servers (so-called “third parties”), on which certain elements may reside (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the site that he or she is visiting.
Cookies, usually found in users’ browsers in very large numbers and sometimes with features of long temporal persistence, are used for different purposes: computer authentication, session monitoring, storing information on specific configurations regarding users accessing the server, etc.
In order to arrive at a correct regulation of such devices, it is necessary to distinguish them since there are no technical characteristics that differentiate them from each other precisely on the basis of the aims pursued by those who use them. In this direction, however, legislator has moved, which, in implementation of the provisions contained in Directive 2009/136 / EC, has brought the obligation to acquire the prior and informed consent of users to the installation of cookies used for purposes. Different from those merely technical (see art. 1, paragraph 5, letter a), of the D.LGS. 28 May 2012, n. 69, which amended art. 122 of the Code).
In this regard, and for the purposes of this provision, two macro-categories are therefore identified: “technical” cookies and “profiling” cookies.
a. Technical cookies
The site uses first-party technical cookies (session, functional and in some cases analytics in aggregate form) and possibly third-party technical cookies.
Technical cookies are those used for the sole purpose of “transmitting a communication over an electronic communication network, or as strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service “(see Article 122, paragraph 1 of the Code).
They are not used for other purposes and are normally installed directly by the website owner or manager. They can be divided into browsing or session cookies, which guarantee the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); analytics cookies, similar to technical cookies when used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site; functionality cookies, which allow the user to browse based on a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered to the same.
For the installation of these cookies, the prior consent of the users is not required, while the obligation to provide the information pursuant to art. 13 of the Code, which the site manager, if he uses only such devices, may provide in the manner he deems most suitable.
However, it is possible to block the installation of technical cookies with the methods indicated in paragraph 3 below.
N.B.: We invite you to consider that, by blocking the installation of technical cookies, or subsequently eliminating them, the ability to access the Site, to use all or part of it, to enable or disable certain functions or to receive certain services could be all or partly compromised.
b. Profiling cookies
The site does not use first-party profiling cookies but may use third-party cookies.
Profiling cookies are designed to create user profiles and are used in order to send advertising messages in line with the preferences shown by the user while browsing the web. Due to the particular invasiveness that such devices can have in the private sphere of users, European and Italian legislation provides that the user must be adequately informed about their use and thus express their valid consent.
The art. Refers to them 122 of the Code where it provides that “the storage of information in the terminal equipment of a contractor or a user or access to information already stored is permitted only on condition that the contractor or user has expressed his consent after being been informed using the simplified procedures referred to in Article 13, paragraph 3 “(Article 122, paragraph 1 of the Code).
It is possible to block the installation of third-party profiling cookies in the manner indicated in paragraph 3 below.
Actors involved: publishers and “third parties”
A further element to be considered, for the purposes of the correct definition of the subject in question, is the subjective one. That is, it is necessary to take into account the different subject that installs cookies on the user’s terminal, depending on whether it is the same site manager that the user is visiting (which can be briefly referred to as “publisher”) or a site different that installs cookies through the first (so-called “third party”).
On the basis of what emerged from the public consultation, it is considered necessary that this distinction between the two subjects indicated above is also taken into account in order to correctly identify the respective roles and the respective responsibilities, with reference to the release of the information and to the acquisition of online user consent.
There are many reasons why it is not possible for the publisher to provide the information and to consent to the installation of cookies on its site even for those installed by “third parties”. The publisher therefore declines any and all liability with regard to any request and / or release of personal data to third-party sites.
2. WHO BE REQUIRED TO PROVIDE THE INFORMATION AND TO REQUEST COOKIE CONSENT
The website owner who installs profiling cookies. We remind you that this site - as mentioned above - does not use first-party profiling cookies. For third-party cookies installed through the site, the disclosure and consent obligations are borne by third parties, but the site owner, as a technical intermediary between these and users, is required to include updated links in the “extended” policy to the information and to the consent forms of the third parties themselves.
3. HOW TO DISABLE COOKIES
The user can decide whether to accept cookies. For this purpose, he or she can use Internet browser settings. Most browsers allow you to manage (view, enable, disable and delete) cookies through settings.
Consult the user’s manual of the navigation browser used to find out how to manage cookies. The following is a non-exhaustive example of how to find instructions provided by the service provider of the most popular browsers:
Chrome: for more information visit the dedicated page.
Mozilla Firefox: for more information visit the dedicated page.
Internet Explorer: for more information visit the dedicated page.
Safari: for more information visit the dedicated page.
Opera: for more information visit the dedicated page.
The links above may be subject to changes during time. The same information is easily available using a search engine.
If your browser is not present, refer to the cookie information provided by the browser itself. If you use a mobile phone, consult the relevant manual for more information.
Following the disabling of cookies through the browser settings, we remind the need to always provide for the elimination of those already present before disabling them.
N.B.: indiscriminately blocking the receipt of all cookies, including technical ones, without providing a specific exception for the Site, you may no longer be able to browse the Site or use all or part of its functionality. Furthermore, by deleting all cookies from the browser, even technical cookies could be removed and, therefore, the preferences set using the Site could be removed or the products or services included in the shopping cart could no longer be found.
Online dispute resolution for customers
The consumer residing in Europe must be aware of the fact that the European Commission has established an online platform that provides an alternative dispute resolution tool. This tool can be used by the European consumer to resolve non-judicially any dispute relating to and / or arising from contracts for the sale of goods and services entered into on the net. Consequently, if you are a European consumer, you can use this platform to resolve any dispute arising from the online contract entered into with the Owner. The platform is available at the following link (http://ec.europa.eu/consumers/odr/). The Owner is available to answer any questions sent by e-mail to the e-mail address published in this document.