As prescribed by applicable legislation (art. 13 of the General Data Protection Regulation, hereinafter also the GDPR), users (hereinafter also “data subjects”) accessing the www.grupposerviziassociati.it website (hereinafter also “the website”) are hereby provided with information on the processing of their data.
DATA CONTROLLER – CONTACT DETAILS
The Data Controller is Gruppo Servizi Associati Società per Azioni, with registered offices in Via di Cervara 143/B-C, Rome (RM) – 00155 – VAT No. 0148180391. The Company may be contacted by e-mail at firstname.lastname@example.org
The company processes browsing data and any data supplied spontaneously by the user.
During normal operations, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is an inherent feature of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but, by its very nature, could be processed and matched with data held by third parties, thus leading to the identification of users.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the method used to submit the request to the server, the returned file size, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters regarding the users’ operating system and computer environment.
Data provided directly by users
This includes the personal data provided voluntarily by users (e.g. upon requesting information by e-mail at the addresses specified on the website or by filling out the forms relating to the various services offered – see the specific privacy policies provided on the relevant pages).
PURPOSES AND LEGAL BASES FOR PROCESSING
Browsing data: purposes and legal bases for processing
Browsing data is collected to obtain statistical information on the use of the website, for security purposes, and to check the website’s correct operation, and may also be used to ascertain liability in the event of computer crimes against the website.
The legal basis for processing such data is legitimate interest and, in the event of requests from the Authorities, compliance with a legal obligation.
Data provided directly by users: purposes and legal bases for processing
Personal data provided voluntarily by users by contacting the data controller through the contact details provided on the website is used exclusively to fulfil the users’ requests. Users may also confer their data through forms relating to specific services. In this case, the data will be processed in order to execute the services requested, as specified in detail in the privacy policies provided on the relevant pages.
The legal basis for processing such data is the implementation of pre-contractual measures.
This data may also be used, based on the data controller’s legitimate interest, to verify the security and proper operation of the computer systems used and to carry out defence actions or to assert or defend a right in judicial proceedings.
Collected data is processed using IT tools guaranteeing adequate security measures such as to prevent the loss of data, its illicit or improper use, and any unauthorised access to same.
Transferring data abroad
Processing data in connection with the website services is conducted via servers situated within the European territory. Data is not transferred abroad.
Data retention time
Data provided directly by users is stored for the time strictly required to implement their requests and then deleted, except when needed to carry out defence actions (this may require a longer retention period).
The browsing data of users who access the website shall not be retained for more than 30 days and will be deleted immediately following aggregation, except when required by the judicial authorities to detect criminal activities.
NON-PROVISION OF DATA
With the exception of browsing data required to implement computer and internet protocols, the provision of data by users through the various methods made available is free and optional.
However, non-provision of data may make it impossible for the company to fulfil the requests a user has forwarded or intends to forward.
Data is processed by purposely authorised employees of the Data Controller.
Data may be communicated to the competent Authorities, in the event of specific requests with which the data controller is legally required to comply, to the IT companies that the data controller uses for hosting services and for assistance and maintenance of the systems used, and to legal advisers for management and legal assistance in the event of disputes.
It should be noted that some of the parties indicated operate as data processors and that communication to those operating as independent data controllers is carried out either to fulfil specific legal obligations or to achieve contractual obligations or the data controller’s legitimate interest of maintaining the security of the computer systems used and carrying out defence actions through legal advisers.
Data subjects may ask the Data Controller for a list of external parties acting as data processors.
Communication is in any case limited to those categories of data whose transmission is necessary for the purpose of carrying out the activities and aims pursued.
RIGHTS OF THE DATA SUBJECT
Data subjects have the right to obtain, at any time, from the Data Controller access to their data and its rectification or erasure, as well as the right to restrict processing of personal data concerning them and the right to object to such processing.
Data subjects may enforce their rights at any time, without the need to initiate specific formalities, by emailing the data controller at email@example.com
For more details on the rights set forth by the applicable legislation, please consult the datasheet on the rights of data subjects accessible from the website footer.