The computer systems and software procedures responsible for the operation of the Website acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This data category includes the IP addresses or domain names of computers and terminals used by users, addresses in URI/URL notation and other parameters related to the responses of the interrogated servers, the user’s operating system and IT environment.

These data, necessary for the use of web services, are also processed for the purpose of:

• obtain statistical information on the use of the services (most visited pages, number of visitors by time or day, geographical areas, etc.);
• check the correct functioning of the services offered.

This data is used for the only purpose of obtaining anonymous information on the use of the Application, as well as for checking the correct functioning. The data might be used for investigating responsibilities in case of crime.

The browsing data are kept for the time strictly necessary to achieve the indicated purposes, except in case of verification of a possible crime from the Judicial Authority).

The legal basis for the processing of personal data is the legitimate interest in the proper and safe functioning of the Site and the services offered (Art. 6 GDPR).

The Policy on the use of cookies can be consulted on the menu item "Cookie policy" at the bottom of each page of the Site.

Regarding the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.

The optional, explicit and voluntary sending of messages to the contact addresses indicated on this website and/or the compilation of data collection forms entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data inserted.

The legal basis for the processing of data is the execution of a pre-contractual measure requested by the data subject (art. 6, par. 1, lit. b) GDPR).

The following describes the processing carried out for the other services available on the Site.

In order to be able to benefit from the services offered by the Data Controller and receive communications related to them, as specified below, the user is required to register by creating a Personal profile by accessing the specific reserved area.

For this purpose, common personal data are collected, necessary, individually or together with others, to identify the user.

In particular, personal and contact data such as name and surname, date of birth, nationality, tax code, phone number, email address and residence will be processed, as well as further information entered by the user within the individual Sections of the Site, necessary to the user for using the available services on the Website. The non-provision by the User of certain Personal Data may impede this Website from carrying out the services offered.

The personal data contained in the User profile will be stored until the user decides to deactivate his Profile or modifies his information and may be used for legal defense, or in the preparatory stages to its possible establishment, from misconduct and abuse in the use of the same or related services by the User.

The storage for administrative, accounting and tax purposes is limited to the period of time that matters for each single area.

Upon release of specific consent, users may receive commercial and promotional information on the services offered by the Data Controller on a periodic basis. The Newsletter of the Data Controller is distributed by email to those who request to receive it by providing their consent.

The user can unsubscribe at any time, also through the specific functionality present at the bottom of each promotional email received. The withdrawal of consent does not affect the lawfulness of the processing carried out up to that time.

The user has the right, but not the obligation, to provide their personal data requested in the various forms on the Site. Mandatory fields, aimed at collecting data necessary to identify the user to use the services provided, are marked. The non-provision by the User of certain Personal Data. necessary to the Data Controller, may impede this Website from carrying out the services offered, pursuant to legal and contractual obligations, for the purposes of providing the services requested by the User and their use.

The User is responsible for the personal data of third parties published or shared through this Website and guarantees that he has the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties.

The personal data collected during the registration process and/or when using or interacting with the services requested, are processed by the Data Controller adopting the appropriate security measures aimed at preventing access, unauthorized disclosure, modification or destruction of personal data.

The services provided by the Website involve the collection, registration, organization, storage, consultation, processing, extraction, use, deletion and destruction of data.

The processing is carried out using manual IT and/or telematic tools, with organizational methods and with logics strictly related to the purposes indicated.

If the Data Controller intends to further process personal data for a purpose other than the one for which they were collected, prior to such further processing, information on that different purpose and any other relevant information will be provided.

To ensure the security and confidentiality of data, the Data Controller uses data networks protected by industry standard firewalls and password protection which has adopted the technical and organizational measures provided for the protection of personal data.

The processing does not involve the activation of an automated decision-making process, including profiling.

The data may only be accessed by subjects authorized by the Data Controller, involved in the management of the Site that, for the tasks assigned to them, access the collected data (administrative, commercial, marketing, legal)trained for this purpose in the field of personal data protection.

Any other subjects who, for the tasks assigned to them, access the data collected (such as suppliers, third-party technical services, IT companies) are appointed, where necessary, data processors or sub-processors pursuant to and for the purposes of art. 28 GDPR. A complete and up-to-date list of the parties appointed as data processors may be requested from the Data Controller.

The personal data processed will not be disclosed to third-party recipients, nor will they be disseminated outside the Site.

The data collected and processed may be communicated, in accordance with the law and following an explicit request, to the police, the judicial authority, security information bodies or other public entities for the purposes of defense or State security or for the prevention, investigation or prosecution of criminal offenses.

The personal data collected shall be stored on servers located within the European Economic Area in accordance with the times described. Should the need arise to transfer the data collected abroad, the owner guarantees that this will be done in accordance with the provisions of Articles 45 and ss GDPR, to countries which have been deemed to ensure an adequate level of protection by the European Commission or which provide adequate guarantees of personal data protection or where necessary, making use of the standard data protection clauses adopted by the Commission in accordance with the examination procedure laid down in Article 93, par.2.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them or the limitation of the processing that concerns them or to oppose the processing pursuant to art. 15 and following of the GDPR. The appropriate request must be submitted by contacting the Data Controller or by sending a registered letter A/R to the addresses of the owner specified above.

By relying on the conditions, the data subjects may submit any complaints to the data protection authority (Art. 77 GDPR). Alternatively, an appeal may be made to the judicial authority (Art. 79 GDPR).

Please note that this policy, made pursuant to Article 13 of the GDPR will be up to date periodically. We therefore invite you to review the cookie policy periodically.

Last update: April 2023