Subject of Processing
Data Controller pursuant to current legislation is the website administrator, Laura Pogliani, who can be contacted through the CONTACT US section.
Legal basis for processing
This website processes data based predominantly on user consent. Consent can be given using the banner at the bottom of the page, or by using or consulting the site, as conclusive behaviour. By using or consulting the site, visitors and users approve this privacy policy and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary to provide a service. Further consent relating to the service’s specific purpose is collected using the communication or service request forms.
Provision of data and therefore consent to the collection and processing of data is voluntary, a User may deny consent, and may at any time revoke consent already given (using the banner at the bottom of the page or the browser’s cookie settings or the Contacts link). However, denying consent may mean it is impossible to provide some services and the website’s navigation experience may be compromised.
Data regarding website security and the prevention of abuse and Spam, as well as site traffic analysis data (statistics) in aggregate form, are processed in accordance with the Data Controller’s legitimate interests to protect the site and its users. In these cases, a user always has the right to oppose processing of data (see also User rights).
Purposes of Processing
The processing of data collected by the site, beyond the purposes that relate to and are instrumental and necessary for the provision of the service, is aimed at :
– Statistics (analysis)
Data and information are collected only in aggregate and anonymous form to ensure the website functions correctly. None of this information is connected to a natural person who uses the site, and it cannot identify any natural person. Consent is not required.
– Security
Data and information are collected to protect the security of the site (anti-spam filters, firewalls, virus detection) and its Users and to prevent or identify fraud or abuse that damages the website. Data are automatically recorded and may also include personal data (IP address) which could be used, in accordance with current legislation on the subject, to block attempts to damage the site or cause damage to other users, or any activity that is in any way damaging or constitutes a crime. These data are not used to identify or profile Users and are erased periodically. Consent is not required.
– Accessory activities
We communicate data to third parties who perform functions that are necessary or instrumental to the operativity of the service (e.g. comments box), and to allow third parties to carry out technical or logistical activities or any other activity on our behalf. Providers only have access to the personal data that are necessary to perform their tasks, and are committed to not using data for other purposes, and are obliged to process personal data in compliance with current legislation.
Collected data
This site collects data from users in two ways.
– Data collected automatically
When a User navigates the site, the following information may be collected which are stored in the site’s (hosting) server log files:
– Internet protocol (IP) address;
– browser type;
– parameters of the device used to connect to the site;
– name of the user’s Internet service provider (ISP);
– date and time of visit;
– web page where the visitor entered (referral) and exited;
– any number of clicks made.
These data are used for statistical and analytical purposes, solely in aggregate form. IP addresses are used only for security purposes and are not crossed with any other data.
– Data provided voluntarily
The site may collect other data when a user voluntarily uses its services, such as comments services, communication services (contact forms, comments box), and the following data will be used only to provide the requested service:
– name;
– e-mail address.
Place where data are processed
Data are processed at the Data Controller’s location, and at Aruba Web Hosting’s datacentre. Aruba Web Hosting is the Data Processor, processing data on behalf of the Data Controller. Aruba is located in the European Economic Area and acts in compliance with European law.
Data storage period
The data collected by the site are stored for the length of time strictly necessary to perform the specified activities. When this time has elapsed, data will be erased or anonymised, unless there are further reasons to store the data.
Data (IP address) used for site security purposes (to block attempts to damage the site) are stored for 30 days.
Data for analytical purposes (statistics) are stored in aggregate form for 24 months.
Transfer of collected data to third parties
Generally, data collected by the site are not provided to third parties, except in specific cases: legitimate requests from law enforcement agencies and only in cases provided for by legislation; where it is necessary to do so to provide a specific service requested by a User; to execute security checks or to optimise the site.
Transfer of data to countries outside the EU
This site may share some collected data with services located outside the European Union. Particularly, with Google, Facebook and Microsoft (LinkedIn) via social media plug-ins and the Google Analytics service. The transfer is authorised in accordance with specific decisions taken by the European Union and by the Italian Data Protection Authority – Garante, particularly decision 1250/2016 (Privacy Shield – Garante’s privacy policy is here), which does not require further consent. The above businesses guarantee that they adhere to the Privacy Shield.
Security measures
We process visitors/users’ data lawfully and fairly, adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of data. We are committed to protecting the security of your personal data when it is sent, using Secure Sockets Layer (SSL) software which encrypts the information in transit. Processing is carried out using computer and/or telematic tools, with organisational methods and approaches that are strictly related to the purposes indicated. As well as the Data Controller, in some cases, categories of persons authorised to process data who work on the site and any external party (such as third-party technical service providers, hosting providers) could have access to data.
Cookies
This site uses cookies, text files that are stored on the user’s device or that allow access to information on the user’s device. Cookies allow us to store information on visitors’ preferences. They are used to check that the site functions correctly and to improve functionality by personalising page content based on the type of browser used, or to simplify navigation by automating procedures (e.g. login, site language), and finally to analyse visitors’ use of the site.
This site uses the following categories of cookie:
– technical cookies, only used to send electronic communication, to guarantee that the site is viewed and navigated correctly. Furthermore, they allow us to distinguish between different connected users to provide a requested service to the correct user (login), and for reasons of site security. Some of these cookies are erased when the browser is closed (session cookies), others have a longer duration (for example cookies required to store a user’s consent in relation to the use of cookies, which last for 1 year). These cookies do not require consent;
– analytical cookies, used directly by the site’s manager to collect information, in aggregate form, on the number of users and on how they visit the site. They are similar to technical cookies if the service is anonymised.
– profiling and marketing cookies, used exclusively by third parties (i.e. not the data controller for this site) to collect information on user behaviour during navigation, and on consumer interests and habits, including to provide personalised advertising.
By clicking OK on the banner shown when the site is first accessed or by navigating the site, the visitor gives express consent to the use of cookies and similar technologies, and particularly to the storage of these cookies on his or her device for the purposes set out above, or to use cookies to access information on his or her device.
Disabling cookies
Users can refuse the use of cookies and can at any time revoke consent already given. Since cookies are connected to the browser used, THEY CAN BE DISABLED DIRECTLY FROM THE BROWSER, thus refusing/revoking consent to the use of cookies, or from this dedicated area (click here).
DISABLING COOKIES COULD STOP SOME OF THE SITE’S FUNCTIONS FROM WORKING PROPERLY, particularly, services provided by third parties may not be accessible, and therefore the following contents may not be viewable:
– videos from YouTube or other video sharing services;
– social network buttons;
– Google maps.
Instructions on how to disable cookies can be found at the following web pages:
Mozilla Firefox – Microsoft Internet Explorer – Microsoft Edge – Google Chrome – Opera – Apple Safari
Third-party cookies
This site also acts as an intermediary for third-party cookies (like social network buttons), used to provide further services and functionality to visitors and to simplify use of the site, or to provide personalised advertising. This site has no control over cookies managed entirely by third parties and has no access to the information collected by these cookies. Information on the use of these cookies and their purposes, as well as methods to disable them, are provided directly by the third parties on the pages indicated below.
Please note that, generally, tracking users does not mean they can be identified, unless the User is already registered for a service and is already logged in; in this latter case it means that the User has already given consent directly to the third party at the time he or she registered for the service (e.g. Facebook).
This site uses the following third-party cookies.
– Google Inc.
For information on how Google uses and processes data, please see Google privacy policy and How Google uses information from sites or apps that use its services
– Google Analytics: used to analyse how users use the site, to compile reports on site activities and user behaviour, to check how often users visit the site, how the site is found and which pages are visited most frequently. This information is combined with information collected from other sites to compare usage of the site with other sites of the same category.
Data collected: browser identifier, data and time of interaction with the site, originating page, IP address.
Place where data are processed: European Union as service anonymisation is active.
The data collected do not allow us to personally identify users, and the data are not crossed with other information relating to the same person. Data are processed in aggregate and anonymised form (shortened to the last octet). In accordance with the appropriate agreement (DPA), Google Inc. (the data processor) is forbidden to cross these data with those collected by other services.
Further information on cookies used by Google Analytics can be found at Google Analytics Cookie Usage on Websites.
Users can selectively disable (opt-out) the collection of data by Google Analytics by installing the appropriate opt-out components provided by Google on their browser.
– YouTube: video-sharing platform, owned by Google. Cookies are set when a page containing embedded content is accessed, and when a video is started, and do not identify the User unless he or she is already logged in to his or her Google profile.
An advanced privacy (no cookie) option has been added for videos contained on the site which operates in such a way that YouTube does not store information on visitors unless they voluntarily play the video.
Data collected: number and behaviour of service users, IP address, information that connects site visits to the Google account of users already logged in, video viewing preferences.
Place where data are processed: USA.
Social Media Plug-in
This site also incorporates plug-ins and/or buttons to allow easy sharing of content on your preferred social media networks. When you visit a page on our website which contains a plug-in, your browser connects directly to the social media network server from where the plug-in is loaded. This server may track your visit to our website and, if appropriate, associate it to your social media account, particularly, if you are connected at the time of your visit or if you have recently navigated in a website containing social media plug-ins. If you don’t want social media networks to record data relating to your visit to our website, you must exit your social media account and, in all likelihood, erase the cookies that the social media network has installed on your browser.
Plug-ins with advanced functions to protect User privacy are installed on this site which do not send cookies or access the cookies present on a User’s browser when opening a page but only after a plug-in is clicked.
The collection and use of information by these third parties are governed by their respective privacy policies which we recommend you view.
– Facebook (cookie policy link)
– Twitter (cookie policy link)
– LinkedIn (cookie policy link)
– Google+ (cookie policy link).
User rights
Pursuant to European Regulation 679/2016 (GDPR) Users can, in accordance with the methods and in the limits set out by current legislation, exercise the following rights:
– to object in whole or in part, for legitimate reasons, to the processing of personal data concerning him or her for direct marketing or direct sales purposes or to carry out market research or commercial communication;
– to request confirmation of the existence of personal data concerning him or her (right of access);
– to know from which source the personal data originate;
– to receive legible communication about it;
– to receive information regarding the logic, methods and purposes of processing;
– to request that personal data are updated, rectified, completed, erased, anonymised, restricted where data have been processed unlawfully, including cases where data are no longer necessary to pursue the purposes for which they were collected;
– where data are processed based on consent, to receive, at only the cost of the appropriate format, personal data concerning him or her which he or she has provided in a structured, commonly used, machine-readable and interoperable format;
– the right to lodge a complaint to the supervisory authority (Garante [Italian Data Protection Authority] – link to the Garante site);
– as well as, generally, to exercise all rights that are recognised by current legislation.
Requests are to be made to the data controller.
Updates
This privacy policy was updated on 29th November 2018.