Data Controller e-mail address:
Data Protection Officer (DPO) personal data:
Types of collected data
Personal Data collected by this Website, either independently or through third parties, include first name, last name, email, cookies, username, county/province/region, zip code, city, address, phone number, country, state, usage data, geographic location, and unique identifiers of advertising devices.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Website.
Unless otherwise specified, all Data required by this Website is mandatory. If the User refuses to provide it, it may be impossible for this Website to provide the Service. In cases where this website mentions certain Data as optional, Users are free to refrain from communicating such Data, without this having any effect on the availability of the Service or its operation. In any case, it is optional to provide data for requests for information, tracking cookies and browsing preferences of the user, subscription to mailing lists and newsletters. Failure to provide this information will result in the impossibility of carrying out the activities specified.
Users who have any doubts about which Data is mandatory, are encouraged to contact the Data Controller.
The User assumes the responsibility for the Personal Data of third parties obtained, published or shared through this Website and guarantees that he/she has the right to communicate or disseminate them, releasing the Controller from any responsibility towards third parties.
Methods and place of processing of the Data collected
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out by means of computerized tools, with organizational methods and logics strictly related to the specified purposes. In addition to the Data Controller, in some cases, other subjects involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, and may be also appointed as Data Processors by the Data Controller, if necessary. The updated list of Data Processors can always be requested from the Data Controller.
Legal basis of the processing
The Data Controller processes Personal Data relating to the User if one of the following conditions is met:
- the User has given consent for one or more specific purposes specified on the site (e.g. consent to receive marketing communications, consent relating to profiling cookies);
- the processing is necessary for the execution of a contract with the User and/or the execution of pre-contractual measures (e.g. User’s request for information);
- processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties (e.g., collection of technical data).
However, it is always possible to ask the Data Controller to clarify the actual legal basis of each processing and, in particular, to specify whether the processing is based on law, provided for in a contract or necessary to conclude a contract.
The Data is processed at the headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.
The User’s Personal Data may be transferred to a country other than that in which the User is located in accordance with the provisions of Articles 44 et seq. of EU Regulation 679/2016 (GDPR). To obtain further information on the place of processing, the User may refer to the section on details of the processing of Personal Data.
The User has the right to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or constituted by two or more countries, such as the UN, and about the security measures taken by the Data Controller to protect the Data.
In the event that one of the transfers just described takes place, the User may refer to the respective sections of this document or request information from the Controller by contacting it at the contact details given at the beginning of this document.
Data retention period
The Data is processed and stored for the time required for the purposes for which it was collected.
- Personal Data collected for purposes related to the execution of a contract between the Controller and the User or to a user’s request will be retained until the execution of such contract is completed.
- Personal Data collected for purposes related to the legitimate interest of the Data Controller (e.g., browsing data) will be retained until such interest is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
- When the processing is based on the User’s consent, the Data Controller may retain the Personal Data for a longer period, until such consent is revoked. In addition, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, at the end of this period, the right of access, erasure, rectification and portability of the Data may no longer be exercised.
Purposes of Processing of the Data collected
User’ s data is collected to enable the Controller to provide its Services, as well as for the following purposes:
- Carry out a user’s request (e.g. information request)
- Enable browsing on the site (e.g. technical browsing data)
- With the user’s consent: Comments on content, Contacting the User, Tag management, Interaction with social networks and external platforms, Location-based interactions, SPAM protection, Advertising, Statistics, Remarketing and behavioral targeting, Platform and hosting services, Performance testing of content and functionality (A/B testing) and viewing content from external platforms.
To obtain detailed information on the purposes of the processing and the Personal Data processed for each purpose, the User may refer to the relevant sections of this document.
Details on the processing of Personal Data
Personal data is collected for the following purposes and using the following services:
- Comment on content
The comment services allow Users to formulate and publish their own comments regarding the content of this Website.
The Users, depending on the settings decided by the Controller, may also make the comment anonymously. If the Personal Data provided by the User includes email, this may be used to send notifications of comments on the same content. Users are responsible for the content of their comments.
If a comment service provided by a third party is installed, it is possible that, even if Users do not use the comment service, the latter collects traffic data relating to the pages where the comment service is installed.
Further information on Personal Data
- Analysis of User Data and forecasts (“profiling”)
The Data Controller may process usage data collected through this Website to create or update user profiles. This type of processing allows the Data Controller to evaluate user’s choices, preferences and behavior for the purposes specified in the respective sections of this document.
User profiles may also be created using automated tools, such as algorithms, which may also be offered by third parties. To obtain further information on profiling activity, the user may refer to the respective sections of this document.
Such activity may only be carried out with the User’s consent. The User has the right to object to such profiling activity at any time. To find out more about the User’s rights and how to exercise them, the User may refer to the section of this document on Users’ rights.
- Automated decision-making processes
When a decision that may produce legal effects for the User or may affect the User’s person significantly is made exclusively with technological tools and without human action, an automated decision-making takes place.
Within the scope of the purposes described in this document, this Website may use the User’s Personal Data to make decisions based entirely or partially on automated processes. This Website uses automated decision-making processes to the extent necessary to conclude or perform a contract between the User and the Data Controller or, if required by law, with the prior consent of the User.
Automated decisions depend on technological tools provided by the Data Controller or third parties and are generally based on algorithms that respond to predefined criteria. The logic behind automated decision-making processes aims at:
- enabling or improving the decision-making process;
- ensuring fair and impartial treatment of Users;
- reducing potential damage resulting from human error, personal bias, or other similar circumstances that could result in discrimination or imbalance in the treatment of individuals; and
- reducing the risk of User’s failure to meet its obligations under a contract.
To obtain further information on the purposes, any third-party services and the specific logic of the automated decision-making processes adopted by this Website, the User may refer to the relevant sections of this document.
Effects of automated decision-making processes and rights of Users subject to them
Users subject to this type of processing may exercise specific rights aimed at preventing or limiting the potential effects of automated decision-making processes. In particular, Users have the right to:
- receive an explanation of any decision made as a result of an automated decision-making process and express an opinion thereon;
- challenge the decision by asking the Data Controller to reconsider it or adopt a new decision on a different basis;
- request and obtain human action in the processing from the Controller. For further information about the User’s rights and how to exercise them, the User may refer to the section of this document on Users’ rights.
Users may exercise certain rights with reference to the Data processed by the Data Controller.
In particular, the User has the right to:
- revoke consent at any time.The User may revoke the previously expressed consent to the processing of his/her Personal Data.
- oppose the processing of his/her Data.The User may object to the processing of his/her Data when this is done on a legal basis other than consent. Further details on the right to object are given in the section below.
- access his/her data.The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.
- verify and request correction.The User may verify the correctness of his/her Data and request its updating or correction.
- obtain the limitation of the processing.When certain conditions are met, the User may request the limitation of the processing of his/her Data. In this case, the Data Controller will not process the Data for any other purpose than their retention.
- obtain the erasure or removal of his/her Personal Data.When certain conditions are met, the User may request the erasure of his/her Data by the Data Controller.
- receive his/her Data or have it transferred to another Data Controller.The User has the right to receive his/her Data in a structured, commonly used and readable format and, where technically feasible, to obtain its transfer without hindrance to another Data Controller. This provision is applicable when the Data is processed by automated tools and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures connected to it.
- lodge a complaint.The User may lodge a complaint with the competent data protection supervisory authority or take legal action.
Details of the right to object
When Personal Data are processed in the public interest, in the exercise of public powers vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.
Users are reminded that, should their Data be processed for direct marketing purposes, they may object to the processing without giving any reasons. To find out whether the Data Controller processes data for direct marketing purposes, Users may refer to the respective sections of this document.
How to exercise his/her rights
To exercise the User’s rights, Users may address a request to the contact details of the Data Controller specified in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.
More information about the processing
Defence before the court
The User’s Personal Data may be used by the Data Controller in court or in the preparatory stages to its possible establishment for the defence against abuse in the use of this Website or related Services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of the public authorities.
System Log and Maintenance
For operational and maintenance needs, this Website and any third party services used by it may collect system logs, i.e. files that record interactions and may also contain Personal Data, such as the User IP address.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Response to “Do Not Track” requests
This Website does not support “Do Not Track” requests.
If the changes involve processing whose legal basis is consent, the Data Controller will again collect the User’s consent, if necessary.
Definitions and legal references
Personal Data (or Data)
Personal data is any information which, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.
This data is information automatically collected through this Website (including from third party applications embedded in this Website), including: IP addresses or domain names of computers used by the User connecting to this Website, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code showing the status of the response from the server (successful, error, etc.. ) the country of origin, the characteristics of the browser and operating system used by the visitor, the various time details of the visit (e.g. the time spent on each page) and details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the User’s operating system and computer environment.
The individual using this Website who, unless otherwise specified, coincides with the data subject.
The natural person to whom the Personal Data refers.
Data processor (or Processor)
Data Controller (or Controller)
The natural person or legal entity, public authority, service or other body that, individually or jointly with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website.
This Website (or this Application)
The hardware or software tool through which Users’ Personal Data is collected and processed.
The Service provided by this Website as defined in the relevant terms (if any) on this website/application.
European Union (or EU)
Unless otherwise specified, any reference to the European Union in this document shall be deemed applicable to all current member states of the European Union and the European Economic Area (EEA).
Small portion of data stored inside the User’s device.
Last change: 01 February 2021