PRIVACY POLICY – OUR COMMITMENT TO DATA PROTECTION
Information pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council
Istituto Carlo Secoli wishes to inform you that, pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of natural persons with regard to the processing of personal data (hereinafter “European Regulation”), it is necessary to process your personal data collected automatically or provided by you through browsing or using the website www.secoli.com (hereinafter “Website”).
1. DATA CONTROLLER
The Data Controller is Istituto Carlo Secoli S.r.l., represented by its legal representative, domiciled at the registered office at Viale Vittorio Veneto, 18/a 20124 Milan (hereinafter “Data Controller”).
2. DEFINITION AND TYPE OF PERSONAL DATA PROCESSED
To enable you to use the Website and its services, the Data Controller needs to know and process some of your personal data.
By personal data we mean information relating to an identified or identifiable natural person, such as, for example, name, contact details, IP addresses.
To respond to any requests for information through the contact form, we will need to process the following personal data: name, surname, telephone number, email address.
To subscribe to the newsletter and be constantly informed about Istituto Carlo Secoli’s initiatives and receive discounts and promotions, you will need to provide us with your email.
For simple browsing of the Website, the types of data processed and the specific information regarding “cookies” are specified below.
Browsing data
The computer systems and software procedures responsible for the operation of the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and associations with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the Website, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data is used by the Data Controller solely for the purpose of obtaining anonymous statistical information on the use of the Website and to monitor its correct functioning. The data could also be used to ascertain responsibility in case of hypothetical computer crimes against the Data Controller. Except for this possibility, at present the data on contacts to the Website is not kept for more than seven days.
Data voluntarily provided by the user
The optional, explicit and voluntary sending of reports to the addresses indicated on the Website involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data, such as for example the email address and the address where the decoder is located.
Cookie Policy
The types of cookies used by this Website are specified below, to understand how personal data will be processed through this type of technology.
Technical cookies
This Website uses so-called “technical cookies”, i.e. small text files containing a certain amount of information exchanged between the Website and your terminal (or rather the browser of your terminal), which allow the correct functioning and use of the same. The site uses technical cookies for purposes that allow its correct functioning. No use is made, however, of cookies for the transmission of personal information, nor are so-called persistent cookies of any kind used.
Analytical cookies
This Website uses so-called “analytical cookies” created and made available by third parties, namely Google Analytics. This is done for mere internal statistical analysis of access, to improve the Website and simplify its use, as well as to monitor its correct functioning. The Data Controller has however adopted the most suitable tools to minimize the identifying power of this type of cookie. Google Analytics publishes its cookie policy here.
Profiling cookies
This site does not use so-called “profiling cookies”, as the Data Controller does not intend to create profiles relating to the user in order to send advertising messages in line with the preferences expressed by the user during browsing on the Internet.
Third-party cookies
Third parties may also install cookies on your device. We do not control the use of third-party cookies and, therefore, are not responsible for their use. Third parties have their own privacy policies and data collection methods. The policies can be consulted at the following links:
- hotjar – https://www.hotjar.com/legal/policies/terms-of-service
- facebook – https://www.facebook.com/legal/FB_Work_Privacy
- google analytics – https://www.google.com/analytics/terms/us.html
Options regarding the use of cookies by the site through browser settings
The delivery of all cookies can however be disabled by intervening on your browser settings. It is appropriate to highlight, however, how intervening on these settings could make the Website unusable in case you block cookies that are essential for the delivery of our services. In any case, each browser has different settings for disabling cookies. The links to instructions for the most common browsers are here Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
3. PURPOSE OF PROCESSING AND LEGAL BASIS
The personal data that the Data Controller comes into possession of are exclusively those provided during browsing and/or when sending any requests for information. Therefore, personal data will be processed to:
A) Allow you to use the Website;
B) Satisfy requests that may be received through the contact form, also allowing us to contact you at the email address that has been communicated to us;
C) Send useful information, news, discounts and promotions through the newsletter.
In consideration of the choice to use the services provided by the Website, the legal basis on which the processing of personal data is based may be:
– express consent, by accepting the Cookie Policy and continuing browsing on the Website;
– express consent, by subscribing to the Newsletter and accepting this Privacy Policy;
– the need to comply with a legal obligation, should this become necessary, as well as communicate your personal data where this is requested by the competent authorities;
– the legitimate interest in processing personal data to offer the best service; allow us to respond where a request should be forwarded; prevent fraud; keep the Website, our services and the IT system secure; ensure that our processes, procedures and systems are always kept efficient.
Personal data may be processed both through computer tools and paper supports.
To unsubscribe from the newsletter, you just need to click on the unsubscribe link that you find within each communication received.
4. RETENTION PERIOD OF PERSONAL DATA
The Data Controller intends to retain personal data for a period of time not exceeding that necessary to achieve the purposes for which they were collected and processed.
Data on contacts to the Website will not be kept for more than seven days, unless they are necessary to ascertain responsibility in case of hypothetical computer crimes against the Data Controller. Data relating to requests sent containing personal data are deleted after 6 months from receipt.
Regarding any additional personal data, not being able to determine precisely the retention period, the Data Controller undertakes from now to inspire the processing of personal data to the principles of adequacy, relevance and data minimization, as required by the European Regulation, constantly verifying the need for their retention. Therefore, once the purposes for which they were collected and processed have been achieved, they will be removed from the systems or made completely anonymous.
5. CATEGORIES OF DATA RECIPIENTS
The processed data will not be disclosed to third parties. However, the following may become aware of the data, in relation to the processing purposes previously outlined:
• subjects who can access data by virtue of legal provisions provided by European Union law or by that of the Member State to which the Data Controller is subject;
• our employee personnel, provided they are designated as System Administrator or as a subject acting under the authority of the Data Controller or the Data Processor pursuant to the European Regulation;
• subjects who carry out, within the borders of the European Union, in complete autonomy, as distinct Data Controllers, or as Data Processors specifically appointed by the Controller, auxiliary purposes to the activities and services referred to in paragraph 3., such as companies that offer advertising, marketing and communication services, computer and information technology services, design and creation of Internet sites, companies that offer services useful for analyzing and developing data and processing and conducting market research.
Any communication of personal data will take place in full compliance with the legal provisions provided by the European Regulation and the technical and organizational measures prepared by the Data Controller to ensure an adequate level of security.
6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The Data Controller may transfer data to Third Countries. Any transfer will always be subject to adequate guarantees, as the destination country has obtained an adequacy decision from the Commission pursuant to Article 45 of the European Regulation, or the standard contractual clauses provided for in Article 46, paragraph 2, letter c) of the European Regulation have been adopted.
7. AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not use automated decision-making processes, including profiling referred to in Article 22, paragraphs 1 and 4, of the European Regulation. Therefore, the Data Controller believes it is not required to provide information on the logic used, as well as on the importance and consequences for the data subject relating to this type of processing.
8. DATA SUBJECT RIGHTS
In relation to the processing of your personal data, pursuant to the European Regulation, the data subject has the right to:
• withdraw consent to processing at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal, as provided for in Article 7, paragraph 3, of the European Regulation;
• request access to personal data from the Data Controller, as provided for in Article 15 of the European Regulation;
• obtain from the Data Controller the rectification and integration of personal data deemed inaccurate, also by providing a simple supplementary declaration, as provided for in Article 16 of the European Regulation;
• obtain from the Data Controller the erasure of personal data when at least one of the reasons provided for in Article 17 of the European Regulation exists;
• obtain from the Data Controller the restriction of processing of personal data when one of the cases provided for in Article 18 of the European Regulation occurs;
• receive from the Data Controller the personal data concerning you in a structured, commonly used and machine-readable format, and has the right to transmit such data to another data controller without hindrance, as provided for in Article 20 of the European Regulation;
• object at any time, for reasons connected to your particular situation, to the processing of personal data carried out pursuant to Article 6, paragraph 1, letters e) or f), including profiling based on such provisions, as provided for in Article 21 of the European Regulation;
• not be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you, unless you have previously and explicitly consented, as provided for in Article 22 of the European Regulation. By way of example and not exhaustively, any form of automated processing of personal data aimed at analyzing or predicting aspects concerning consumption and purchasing choices, economic situation, interests, reliability, behavior falls into this category;
• lodge a complaint with a supervisory authority, if you believe that the processing concerning you violates the European Regulation. The complaint can be lodged in the Member State where you habitually reside, work or in the place where the alleged violation occurred, as provided for in Article 77 of the European Regulation.
To exercise each of your rights, you can contact the Data Controller, in the person of the legal representative, by addressing a communication to the registered office at Viale Vittorio Veneto, 18/a 20124 Milan, or by sending an email to info@secoli.com, providing the following data:
– Name, surname and postal address
– Details of the request
– Photocopy of a valid identity document.
9. CONSENT OF MINORS IN RELATION TO INFORMATION SOCIETY SERVICES
To be able to use the services provided through the Website it is necessary to be over sixteen years old: consent to the processing of personal data of a minor under sixteen years of age is lawful provided that it is exercised by those who exercise parental responsibility.