INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
This page describes how this site manages the processing of the personal data of users who consult it. This information is provided in accordance with regulations applicable to personal data for users interacting with this site’s services in the context of EU Regulation 2016/679. The information is provided for this site only and not for any other websites consulted by the user through our links.
THE DATA “CONTROLLER”
As a result of consulting the site, data relating to persons identified or identifiable may be processed. The data “controller” is SOGIMI SPA, with registered office at via C. Colombo 571, 00144 Rome.
PLACE OF DATA PROCESSING
Processing relating to web services is carried out only by technical staff of the Office responsible for processing, or by anyone responsible for occasional maintenance operations. No data deriving from the web service are communicated or distributed.
PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING
The personal data provided by users who send requests or intend to use services or products offered through the site as well as receive further specific content are used for the sole purpose of responding to the requests or carrying out the service requested and are communicated to third parties only insofar as is necessary. The legal basis for this processing is the need to respond to interested parties’ requests or to carry out activities set out by agreements stipulated with interested parties.
With the user’s expressed consent the data may be used for commercial communication activities relating to offers of further products or services by the controller. The legal basis for this processing is the interested party’s freely-given consent.
AIn addition to these situations, users’ browsing data are stored for such time as is strictly necessary for managing processing activities within the limits established by law.
TYPE OF DATA PROCESSED
The computer systems and software procedures used for the functioning of the site obtain, during their normal operation, certain personal data the transmission of which is implicit in the use of internet communication protocols. This is information collected to be associated with identified interested parties, but which by its nature could, through processing and association with data held by third parties, enable identification of users. This category of data includes IP addresses or domain names of computers used by users connecting to the site, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good outcome, error, etc.) and other parameters relating to the operating system and to the user’s computer environment. These data are used for the sole purpose of collecting anonymous statistical information on the use of the site and for checking that the site is functioning correctly and are deleted after processing. The data may be used for ascertaining responsibility in the event of hypothetical cybercrime harming the site.
DATA PROVIDED VOLUNTARILY BY THE USER
The optional, explicit and voluntary sending of email to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, which is necessary for responding to requests, as well as any other personal data included in the email. Specific summary information will be progressively shown or displayed on the pages of the site prepared for particular services on request.
Cookies are a textual element that is inserted in a computer’s hard disk only after authorisation. The function of cookies is to speed up traffic on the web or to report when a specific site is visited and they enable web applications to send information to individual users. No personal data of users are acquired by the site for this purpose. No use is made of cookies for the transmission of personal information, nor of so-called persistent cookies of any type, i.e. systems for tracing users. The use of so-called session cookies (consisting of random numbers generated by the server) necessary for allowing secure and efficient exploration of the site. So-called session cookies used on the site avoid the need for other technical information that could jeopardise the confidentiality of users’ browsing and do not enable the acquisition of personal data identifying the user.
OPTIONAL NATURE OF PROVIDING DATA
Except as specified for browsing data, the user is free to provide their personal data for requesting the services offered by the Controller. Failure to provide such data could make it impossible to obtain what is requested.
MEANS OF PROCESSING AND PERIOD OF STORAGE OF DATA
Personal data are processed with automated tools for such time as is strictly necessary to achieve the objectives for which they are collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.
Data are kept for such time as is strictly necessary for achieving the aims indicated in this informative note and will be deleted at the end of this period, unless the data must be kept for legal obligations or for the legal assertion of a right.
RIGHTS OF INTERESTED PARTIES
Within the limits and under the conditions established by law, the controller is required to respond to requests from the interested party in relation to the personal data concerning them. In particular, on the basis of applicable regulations:
1. The interested party has the right to obtain from the data controller confirmation of whether or not the processing of personal data concerning them is ongoing and, if it is, to obtain access to the personal data and to the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients in third countries or international organisations;
- when possible, the envisaged period of storage of the personal data or, if this is not possible, the criteria used for determining this period;
- the existence of the interested party’s right to ask the data controller for correction or deletion of the personal data or restriction of the processing of the personal data concerning them or to object to their processing;
- the right to make a complaint to a supervisory authority;
- if the data were not collected from the interested party, all available information about their origin;
- the existence of an automated decision-making process, including profiling.
2. The interested party has the right to obtain from the data controller correction of inaccurate personal data concerning them without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the supplementation of incomplete personal data, including by providing an additional declaration.
3. The interested party has the right to obtain from the data controller the deletion of personal data concerning them without unjustified delay and the data controller is obliged to delete the personal data without unjustified delay within the limits and cases established by applicable regulations. The data controller informs each of the recipients to whom the personal data were transmitted of any corrections or deletions or restrictions on processing within the limits and in the forms established by applicable regulations.
4. The interested party has the right to obtain restrictions on processing from the data controller.
5. The interested party has the right to receive, in a structured, commonly used and legible form from an automatic device, the personal data concerning them provided to a data controller and has the right to transmit such data to another data controller without impediment from the data controller to whom they were provided.
Requests should be sent to the Controller at firstname.lastname@example.org, where any data protection manager designated by the Controller can also be contacted.
This version of the information on the processing of personal data was updated on 22 May 2018.