POLICY ON THE PROCESSING OF PERSONAL DATA FOR BROWSING THE WEBSITE AND COOKIES
pursuant to arts. 12 et seq. of Regulation (EU) 2016/679 (GDPR)
Regulation (EU) 2016/679 (“General Data Protection Regulation”), hereinafter, the GDPR, provides safeguards for natural persons with regard to the processing of their personal data. In accordance with the above regulation, the processing of personal data that refers to an identified or identifiable natural person, being the “data subject”, is based on the principles of correctness, legality and transparency, as well as the protection of confidentiality and the rights of such data subject.
Pursuant to arts. 12 et seq. of the GDPR, Zucchetti Group companies (being Zucchetti Spa and its subsidiaries or associated or investee companies), as JOINT DATA CONTROLLERS pursuant to art. 26 of GDPR, will process the personal data provided by you in compliance with the regulation, with the utmost care, implementing effective management procedures and processes to ensure the protection of your personal data. For this purpose, the undersigned, using material and operational procedures to safeguard the collected data, we undertake to protect the information provided, in order to avoid unauthorized access and disclosure, maintain the accuracy of the data and guarantee its appropriate use.
Identification details of the Joint Controllers and, if appointed, the Representative of the territory of the State and the Data Protection Officer.
Joint Controllers – The Joint Controllers are the Zucchetti Group companies, as identified in the introduction, whose contact details are: Via Solferino 1, Lodi 26900 LO, tel: +39 0371/5941; fax: 0371/5942195; email: email@example.com and whose list is made available on request by sending an email to firstname.lastname@example.org
Data Protection Officer
The Data Protection Officer (DPO), is – for Group companies having made such appointment, Mr. Mario Brocca, tel. 0371/5943191, fax 0371/5943095, email email@example.com; certified email: firstname.lastname@example.org.
Legal basis for processing
This website processes data based on consent. By using or consulting this website, you implicitly consent to the possibility of storing only those cookies that are strictly necessary (“technical cookies”) for the functioning of this website. For other types of cookies, you can provide or withhold your consent through the appropriate flags in the banner that appears when you open the website.
In fulfilment of this premise, the following information is provided.
Personal data collected and mandatory or optional nature of data provision and consequences of any refusal to do so
Like all websites, this website also uses log files to retain the information collected during visits by users in an automated manner. The following types of information may be collected:
- internet protocol (IP) address;
- type of browser and parameters of the device used to connect to the website;
- name of the Internet service provider (ISP);
- date and time of the visit;
- the web page from which the visitor arrives (referral) and exits to;
- the number of clicks, if any.
The above information is processed automatically and collected in order to check the proper functioning of the website, as well as for statistical or security reasons.
For security reasons (anti-spam filters, firewall, virus detection), the data recorded automatically may also include such personal data as the IP address, which may be used in compliance with the relevant current legislation to block attempts to damage the website or other users or, in any case, to block other detrimental activities or crimes. Such data is never used to identify or profile the user, but solely to safeguard the website and its users.
As a consequence of normal use, the IT systems and software procedures dedicated to the functioning of this website acquire certain personal data whose transmission is inherent to the use of Internet communications protocols. This category of data includes the IP addresses or domain names of the computers used to link to the website, the addresses of the resources requested in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the reply given by the server (success, error, etc.) and other parameters relating to the operating system and IT environment of the user.
Except as specified for the browsing data, the user is free to provide additional personal data, with respect to that indicated above, when registering with the website.
Failure to provide this Data may make it impossible to obtain the requested information or to provide certain services and the browsing experience on the website might be compromised.
Zucchetti confirms that your “sensitive” data is never collected.
Retention period of your data:
The personal data collected during the browsing session will be retained for the time needed to carry out the specified activities and for no more than 26 months. Data provided voluntarily by the user will be retained until the user revokes the related consent given.
Pursuant to and for the effects of Arts. 12 et seq of the GDPR, the personal data that you provide to us will be recorded, processed and retained in our hard-copy and electronic files, with the use of adequate technical and organizational measures in order to safeguard such data. The processing of your personal data may consist in any operation or series of operations described in art. 4, para. 1, point 2 GDPR.
Personal data will be processed with the use of suitable tools and procedures that guarantee security and confidentiality. Such processing activities may be carried out directly and/or via delegated third parties using IT equipment or electronic instruments.
Data transfer abroad
The data provided by you will be processed in the EU. If during the contractual relationship your data is transferred to another country or to an international organization, your rights under EU legislation will be guaranteed and you will be informed on a timely basis.
Personal data processing purposes
For all website users, personal data may be used to:
- allow browsing of the public web pages on our website;
- respond to requests received via the e-mail addresses published on the website;
- collect anonymous statistical information about the use of the website (e.g. analysis of the most visited web pages);
- collect anonymous statistical information about the geographical areas of arrival;
- check the proper functioning of the website;
- determine responsibilities for any illegal activity carried out to the detriment of the website.
In addition to the purposes described above, the personal data of users who register with the website will also be used for purposes connected with the services requested and, in particular, to:
- request information about the solutions offered by Zucchetti;
- examine information about and demos of Zucchetti products and services;
- browse the private web pages on our website;
- register users for the requested service;
- fulfill the contractual obligations associated with the requested service, where applicable;
- send technical communications and/or those relating to the management and provision of the services requested;
- marketing and remarketing purposes;
- send advertising and promotional information by e-mail;
- make direct sales via the website.
Scope of knowledge of your data
The following categories of data processors or persons tasked with processing by the undersigned may become aware of your data: Employees or collaborators in general working in:
- The offices of Zucchetti Accademia;
- The commercialization of services;
- Managers of the fiduciary services delivered by Zucchetti.
Technical cookies will be downloaded when browsing Zucchetti websites. These include:
- session cookies used to “fill the shopping cart” for on-line purchases; authentication cookies; cookies for multimedia content, such as Flash Player, that are deleted at the end of the session; customization cookies (e.g. to choose the browsing language), etc.;
- “analytics” cookies for the statistical analysis of access/visits to the website, which are used solely for statistical purposes and to collect information in an aggregated form.
There are also statistical and profiling cookies, also of third parties to which you may be redirected during browsing.
The complete and updated list of cookie types is available in the banner of the cookie detection and management tool.
How to deactivate cookies?
Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. The cookies stored on the hard disk of your device can however be deleted and, in addition, it is possible to deactivate cookies by following the instructions provided for the principal browsers at the links below:
Communication and dissemination
The undersigned may communicate externally the data provided by you on registration, making it known to one or more specific parties, in order to fulfill all required legal and/or contractual obligations. In particular, your data may be communicated to public offices or bodies or supervisory bodies, in accordance with legal and/or contractual obligations;
Your data may be may communicated as follows:
- to parties able to access the data pursuant to laws, regulations or EU legislation, within the limits envisaged in such provisions;
- to parties that need to access your data for purposes ancillary to the relationship that exists between you and us, within the limits strictly necessary to carry out the ancillary tasks;
- to our consultants and/or professionals, within the limits required for them to carry out their work at our or their organization, following our appointment letter that imposes duties of confidentiality and security.
Dissemination – The undersigned will not disseminate your data indiscriminately, i.e. they will not make it known to unspecified parties or make it available for use or consultation.
Trust and confidentiality – The undersigned recognize the importance of the trust shown by data subjects who consent to the processing of their personal data and, therefore, undertake not to sell, lease or rent such personal information to others.
Rights pursuant to articles 15 et seq. of the GDPR
Pursuant to art. 15 et seq. of the GDPR, you are entitled to obtain confirmation of whether or not your personal data has been processed. You are entitled to access your personal data and to request its correction, deletion or restriction, as well as to object, in whole or in part, to the processing carried out.
You are entitled to obtain access to the following information from the Data Controller:
a) the purposes of processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to which the personal data has been or will be communicated, especially if they are resident in another country or are international organizations;
d) when possible, the expected period of time that the personal data will be retained or, if not possible, the criteria used to determine that period;
e) if the data was not collected from the data subject, all the information available about its origin;
f) the existence of an automated decision process, including the profiling referred to in art. 22, paras. 1 and 4, and, at least in such cases, meaningful information about the logic used, as well as the importance of such processing and its consequences for the data subject.
If the data is transferred to a third country or to an international organization, you are entitled to be informed about the existence of adequate guarantees pursuant to art. 46 GDPR.
Pursuant to art. 2-undicies of Legislative Decree 196/2003, the exercise of your rights may be delayed, restricted or excluded, following justification provided without delay, unless this might compromise the purpose of the restriction, for as long as and to the extent that this constitutes a necessary and proportionate measure, taking into account the fundamental rights and legitimate interests of the data subject, in order to safeguard the interests referred to in paragraph 1, points a) (protected interests with regard to money laundering), e) (for the conduct of defensive investigations or the exercise of a right in court) and f) (for the confidentiality of the identity of the employee who reports offenses by virtue of his duties). In such cases, your rights may also be exercised through the Authority in the manner referred to in Article 160 of said Decree. In such case, the Authority will inform you that it has carried out all the necessary checks or that it has carried out a review, as well as of your right to take legal action.
To exercise these rights, you may contact the Joint Controllers at email@example.com or call +39 0371/594.3191 or write to the Zucchetti Privacy Office, via Dante 17 – 26900 Lodi. The Joint Controllers will respond within 30 days of receiving your formal request.
Pursuant to art. 26(3) of the GDPR, we hereby inform you that you may exercise these rights vis-a-vis and against each Data Controller, the complete list of which is made available upon request, by sending an email to firstname.lastname@example.org. In addition, please note that the same address may be used to request the Joint Controller Agreement signed by all group companies.
If your rights concerning your personal data are infringed, you are entitled to complain to the competent authority: “Personal Data Protection Authority”.
Zucchetti has not appointed and will not appoint any Data Processors for the above purposes.
Processing without the need for the data subject’s consent
Even without your consent, the undersigned are entitled to process your personal data should it be necessary in order to:
- fulfil an obligation required by law, by a regulation or by EU legislation;
- fulfil obligations deriving from a contract to which you are a party or to fulfill specific requests received from you prior to termination of the contract.
Furthermore, your express consent is not required when the processing:
a) concerns data obtained from public registers, lists, deeds or documents that can be read by anyone, without prejudice to the limits and procedures that laws, regulations or EU legislation establish with regard to obtaining knowledge about and the publishing of data, or to data on the performance of economic activities, processed in compliance with current regulations governing business and industrial secrets;
b) is necessary in order to safeguard the life or physical safety of a third party (in this case, the Controller must inform the data subject about the processing of that personal data by means of a disclosure, even if subsequent to the processing activity itself, without delay. In such circumstances, therefore, consent is given following presentation of the disclosure);
c) is necessary, with the exclusion of dissemination, in order to carry out defense investigations pursuant to Law no. 397 dated December 7, 2000 or, in any case, to uphold or defend a right in court, on condition that the data is processed solely for those purposes and for the period strictly necessary for their pursuit, in compliance with current regulations governing business and industrial secrets;
d) is necessary, with the exclusion of dissemination, in cases identified by the Garante on the basis of legal principles, in pursuit of the legitimate interests of the Controller or another recipient of the data, including with reference to the activities of banking groups and subsidiaries or associates, should the fundamental rights and liberties, dignity or legitimate interests of the data subject not prevail.
THE JOINT DATA