Policy privacy

Set out and described below are the methods for managing the site with regard to the processing of the personal data belonging to users browsing the site. This privacy policy statement is also provided pursuant to article 13 of Legislative Decree n° 196/03.


This privacy policy statement is also provided pursuant to article 13 of Legislative Decree n° 196/03 (Code governing the Protection of Personal Data) to all those interacting with the web services provided directly by this site and which are made available online, specifying that this site is registered in the name of the Company which is the independent Data Controller (with contact details provided in the “Contact” section on the site). The policy statement is provided for the site in question and is not additionally provided for any other sites viewed by the user via links. The policy statement is informed by recommendation n° 2/2001 which the European data protection authorities, grouped in the Working Party established by article 29 of Directive n° 95/46/EC, adopted on 17 May 2001 in order to identify certain minimum requirements for collecting personal data online, and, specifically, the methodology, timeframe and type of information which the data controllers must provide to users when they browse web pages, irrespective of the reason for doing so. You are therefore asked to view the Privacy Policy set out below. The Policy and the Privacy Standards used by the Company for protecting personal data are informed by the following principles:


The Data Controller is the Company, whose contact details are present in the “Contact” section of the site.


The processing of personal data is managed by personnel within the corporate organization.


Personal data is collected and later processed in accordance with the principles set forth in the Privacy Policy adopted by the Company and indicated in this Privacy Policy. Whenever data is provided, the data subject is provided with a privacy policy statement which is concise but complete, in accordance with the provisions of article 13 of Legislative Decree n° 196/03.


The personal data is processed lawfully and correctly; it is registered for specific, explicit, lawful purposes; it must be relevant and must not go beyond the purpose of data processing; it is stored for as long as is necessary in order to fulfill the purposes of data collection.


The purposes of processing personal data are communicated to the data subjects when the data is collected. Any new data processing operations, if they are unconnected to the declared purpose, are carried out subject to providing a new privacy policy statement to the data subject and, if appropriate, a new request for consent, when required by Legislative Decree n° 196/03. In no cases are personal data provided to third parties or disclosed without the prior consent of the data subject, except for those cases expressly contemplated by article 24 of Legislative Decree n° 196/03.


Personal data is accurate and updated periodically. It is also organized and stored in such a manner that the data subject is able to discover, if he or she so wishes, which personal data has been collected and registered, to check the quality of same and request correction, completion or deletion on the grounds of breach of law or opposition to data processing, and to exercise all their other rights pursuant to and subject to the limitations of article 7 of Legislative Decree n° 196/03, at the addresses indicated in the Privacy Policy Statements pursuant to article 13 of Legislative Decree n° 196/03 on this site.


Personal data is protected by technical, IT, organizational, logistical and procedural security measures, against the risk of deletion or loss, including accidental deletion or loss, and unauthorized access or disallowed data-processing. These measures are updated on a regular basis according to technical progress, the type of data and the specific data processing features; these measures are constantly checked on an ongoing basis. Any third parties performing support activities of any type for the provision of services by the Company, regarding which they perform personal data processing operations, are designated Data Processors by the Company and are contractually bound to comply with the data-processing security and confidentiality measures. The identity of these third parties is brought to the attention of users. In certain cases, employees of the third party companies working with the Company may be given responsibility for processing. With the user’s consent, if required by law, and in all cases subject to providing a suitable privacy policy statement to specify the various purposes, personal data may be communicated to third parties, whether public or private, which are unrelated to the Company and which process them in their independent capacity as data controllers, in accordance with the definition set out in Legislative Decree n° 196/03. With regard to the processing of personal data performed by third parties which are data controllers, the Company also assumes no responsibility for: rules and methods for managing the personal data of any other websites accessed from the site pages through links and references. Data processing operations related to the web services offered by this site take place at the Company and possibly at the offices of the external Data Processors and are handled by data-processing agents tasked with managing the requested services, marketing activities - when requested by the user - and data storage activities and occasional maintenance operations.


Personal data provided may be communicated to third parties in order to comply with legal obligations, pursuant to orders given by public authorities entitled to do so or otherwise to assert or defend any right during legal proceedings. If necessary, with regard to particular services or products requested, the personal data may be communicated to third parties which, in their capacity as independent data controllers, perform functions which are strictly related to and serve to provide services or products. In the event of failure to provide such communication of data, it is possible that these services and products may not be provided. Personal data shall not be disclosed, unless required by the service requested.


When a user browses the site, their professional and personal interests may be detected: however, this information is collected solely and exclusively for purposes of providing the services requested and possibly for monitoring the quality of services offered.


The types of personal data collected and processed in this site are necessary for providing the various services. The data collected is processed in hardcopy, automated and electronic form, adopting criteria which are strictly related to the purposes of data processing. In order to offer the services, fax and fixed line telephone numbers, mobile phone numbers and email addresses belonging to the user may also be used. It is evident that should this data not be provided, it will not be possible to provide those services requiring use of these instruments. Should the user fail to provide their consent to the use of email, fixed line telephone and mobile telephone for purposes of providing advertisements or direct sales or interactive commercial communications, these instruments shall not be used for this purpose. Specific privacy policy statements shall be set out in the pages of the site dedicated to the possible provision of personal data. Any decision to voluntarily send electronic mail to the addresses indicated in the site entails the acquisition of the sender’s address and any other information contained in the message; this personal data shall be used solely for purposes of providing the service requested.


During standard use, the site’s software procedures acquire certain personal data, transmission of which is implicit in the use of Internet communication protocols. Though this information is not intended to be associated with identified users, by its nature, if associated to other data held by third parties (for example their internet service provider), this data could allow for identification of users. This category of data includes the following: IP addresses or computer domain names used by users connecting to the site, URL (Uniform Resource Locator) notation addresses for resources requested, the time of a request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the reply provided by the server (successful, error, etc.) and other parameters relating to the operating system and to the user’s IT environment. This data is only used for anonymous statistical purposes relating to site use and in order to check correct functioning. The data controller and, according to the service requested, the designated data processors, for a limited period according to law, retain the log for connections/browsing carried out in order to meet any requests made by law courts or other public bodies entitled to request this log in order to ascertain possible liability in the event of cybercrime. Apart from specifications relating to browsing data, the user is free to decide whether or not to provide the personal data requested in the service registration form. This form however may mark certain data as mandatory; it must be understood that this data is necessary for providing the service requested. Should this data not be given, the requested service cannot be provided and it will not be possible to benefit from the related opportunities. When providing the data, in accordance with the provisions of article 13 of Legislative Decree n° 196/03, the data subject is provided with a privacy policy statement which is concise but complete, on the purposes and methods of data-processing, on the mandatory or optional nature of data provision, on the consequences of failure to provide data, on the parties or categories of parties to which the data may be communicated, the scope within which such data may be disclosed, on rights as per article 7 of Legislative Decree n° 196/03 (access, completion, updating, correction, deletion on the grounds of breach of law, opposition to data processing, etc.), on the identity and on the offices of the data controller and the data processor/s. The data subject is therefore asked to provide their free, express online consent, specifically and in a documented manner in the form contemplated by law, where requested by law. Should the provision of personal data be made later, the privacy policy statement which has already been provided may be added to and new consent may be requested to data processing as required by the Code.


The Company uses “secure” architecture and technologies protecting personal data against unwarranted disclosure, alteration or improper use. The protection implemented with regard to personal data aims chiefly to reduce, as far as possible, the risk of destruction or loss, including accidentally, of data, and aims to reduce unauthorized access or prohibited data-processing or data-processing which fails to comply with its purposes. These security measures obviously meet the minimum requirements contemplated by the Legislator (Technical Regulations governing minimum security measures as per articles 33 to 36 of Legislative Decree n° 196/03). Data subjects are entitled at any time to obtain confirmation of whether or not their data is held and to gain knowledge of contents and origin of same, checking the accuracy or asking it to be completed or updated, or otherwise rectified (article 7 of Legislative Decree n° 196/03). Pursuant to the aforementioned article, the user is entitled to request deletion, anonymization or blocking of data processed in breach of law, and, in all cases, to raise objection, on legal grounds, to the processing of same. Requests must be directed to the Company’s email address or by mail to the address of the Company as indicated in the site’s “Contact” section.