This information is provided in accordance with Article 13 of Regulation 2016/679 (GDPR), pursuant to Article 13 of Legislative Decree no. 196/2003 (Personal Data Protection Code) and pertains to all personal data processed as indicated below.
The data controller for the collected personal data is Ilaria Perversi, contactable at firstname.lastname@example.org
Personal data may be communicated to duly appointed recipients who will process the data as data processors and/or as persons in charge to fulfill contracts or related purposes.
The complete list of data processors and persons in charge of personal data processing can be requested by sending a specific request to the email address email@example.com
In the event that personal data is transferred outside the European Union for technical operational purposes and to ensure high service continuity, the Controller ensures that the transfer is based on an adequacy decision of the Commission, in order to ensure that the level of protection of individuals guaranteed by current legislation, in particular by Regulation EU 2016/679, is not prejudiced.
The personal data processed is collected either directly from the data subject or collected automatically.
Data provided directly by the data subject includes all personal data provided to the Data Controller in any way, directly by the data subject.
Data collected automatically includes browsing data. Although not collected for the purpose of being associated with the user’s identity, these data could indirectly, through processing and associations with data collected by the Controller, allow for the user’s identification.
After sending newsletters, the platform used allows the detection of the opening of a message and the clicks made within the newsletter, along with details regarding the IP and the browser/device used. The collection of this data is essential for the operation of the implicit renewal systems of the processing (see the section on Processing Methods) and is an integral part of the platform’s operation.
PURPOSES OF PROCESSING
The provision of personal data is based on contractual or pre-contractual requirements or compliance with legal obligations to which the data controller is subject. For this reason, any refusal to process or the incomplete or inaccurate provision of data may result in the impossibility of correctly providing the service or the impossibility, for the Data Controller, to respond to requests for information sent by the data subject.
The provision of data for the purposes of sending newsletters for promotional, commercial, informative, or research purposes is optional, and a refusal to grant the related consent to processing will result in the inability to be updated about commercial initiatives and/or promotional campaigns, receive offers, or other promotional materials.
The data subject may withdraw their consent to receive promotional and commercial communications immediately by sending a request to the email address firstname.lastname@example.org or by clicking on the appropriate unsubscribe link that can be found in the footer of every promotional and commercial email received.
Personal data may be communicated to duly appointed recipients who will process the data as data processors and/or as persons in charge.
The Data Controller does not disclose any of the data subject’s information to third parties without their consent unless required by law. The disclosure of processed personal data is in any case excluded. The complete list of data processors, joint controllers, and persons in charge of personal data processing can be requested by sending a specific request to the email address email@example.com.
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected, with annual verification of the stored data to delete those deemed obsolete, unless the law provides for storage obligations.
Data processing typically takes place at the Data Controller’s headquarters, by personnel or external collaborators duly appointed as data processors. The complete list of data processors and persons in charge of personal data processing can be requested by sending a specific request to the email address firstname.lastname@example.org.
Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.
Registration and related processing are considered valid until the user unsubscribes, which is available in every email, or after 12 months from the last communication for which there is evidence of direct interaction (click, opening, response).
DATA SUBJECT RIGHTS
Pursuant to Articles 15-21 of Regulation EU 2016/679, each data subject is granted a series of rights.
– Right of Access: The data subject, under Article 15, has the right to obtain confirmation that personal data concerning them is being processed and, where applicable, to obtain a copy of it. They also have the right to access personal data concerning them and further information such as the purposes of processing, categories of recipients, data retention period, and exercisable rights.
– Right to Rectification: The data subject, under Article 16, has the right to obtain the rectification of inaccurate personal data concerning them or the integration of such data.
– Right to Erasure: The data subject has the right to obtain the erasure of personal data concerning them without undue delay, where one of the reasons provided for in Article 17 applies. 17.
– Right to Restriction of Processing: The data subject has the right, in cases provided for by Article 18 of Regulation 2016/679, to obtain the restriction of processing.
– Right to Data Portability: The data subject has the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format and has the right to transmit such data to another controller without hindrance, as provided in Article 20 of Regulation 2016/679.
– Right to Object to Processing: The data subject has the right to object to the processing of personal data concerning them, as provided in Article 21 of Regulation 2016/679.
– The data subject also has the right to lodge a complaint with the competent supervisory authority, the Data Protection Authority.
Requests under the above points must be made in writing to the Data Controller. The Data Controller will provide a timely response to requests to exercise data subject rights within the time limits set by current regulations.
Any clarification or request for clarification can be made in writing to the Data Controller.
UPDATES AND CHANGES
The Data Controller reserves the right to modify, supplement, or periodically update this Information in compliance with applicable regulations or measures adopted by the Data Protection Authority.