PRIVACY POLICY

This  privacy policy document,   updated  in accordance with EU Regulation (GDPR) 2016/679 on the processing of personal data,  as well as  D.Lgs 181/18  amending  D.Lgs 196/2003 , regulates the methods of processing the data  collected by a  website  , when  the user  browses.           

Their specific purpose is to inform the user   about the processing of their personal data in accordance with the law and the latest EU Regulation 679/2016  that has profoundly changed the discipline. A website must have a  personal data controller  . The person responsible for personal data is the one who has the decision-making and organizational powers over the processing and the manner of data processing and is responsible to the confidentiality guarantor. Two or more co-leaders can also be appointed. In this case, it is imperative that the user knows, through a link pointing to the agreement between them, the competences of each co-responsible person. 

    

 The personal data manager is  accompanied  by the data processor This person processes the data on behalf of the person responsible for the processing of personal data. This means that a person close to the owner receives instructions on how to handle the data. The personal data controller must be competent and able to fully comply with the security requirements that it has put in place. Added to these two people is  the Data Protection Officer (DPO)  , who, although appointed directly by the Owner, is nevertheless a person independent of him.     

  The previously voluntary data protection officer is now partly mandatory in accordance with Article 37 of Regulation (EU) 679/2016.  This article specifies which individuals are affected and which are exempt.  In any case, the DPO, also called RPD in Italian, is an independent person and will process the data independently.  In addition, he is directly responsible and communicates with the integrity guarantor.  Ultimately, the appointment of the data protection officer reflects the new approach of the GDPR, which aims to   enable data processing  and facilitate its implementation by the holder and the controller. The task of the data protection officer    is to protect personal data  , not the interests of the data controller.

 

Although the controller is a person close to the owner, the data protection officer is a much more independent person who cannot and should not take orders from the owner for effective data protection.

The privacy policy must also  indicate  the place  where the data is processed. This corresponds to the headquarters of the data controller. It is also important to state  the purpose  of the data processing. In fact, according to the new rules, the data must be kept for a reasonable period of time to achieve the purposes pursued with the website, before being deleted.  

   It is therefore imperative that the purposes are clearly and concisely stated in the privacy policy.

The document must also specify the types of   cookies used on the website  . Cookies are short pieces of information that can be stored on the user's computer when the browser accesses a particular website. With them, the server sends information that is read and updated each time the user returns to the site.   

There are different types of cookies:

  • Technical cookies  : According to the law, these are cookies used only for the "transmission of a communication over an electronic communications network or to the extent strictly necessary for the provider of an information society service expressly requested by the subscriber or user". Service".  They are not used for any other purpose and are usually installed directly by the website owner or administrator.  
  • Third Party Cookies  : This happens when a third party places cookies on a website. In this case, the user must be informed that, in addition to the site's cookies, there are also cookies from other providers. Typical third-party cookies are those from social networks.   
  • Profiling cookies  : They aim to create profiles related to users and are used to send advertising messages in line with the preferences expressed by the user while browsing the Internet. Depending on the data protection guarantor, this can be:  
    • Advertising profiling  ,  meaning they collect and process user data for advertising purposes (e.g. to share with advertisers);  
    • Retargeting activities  , consisting of forms of online advertising selected on the basis of the user's previous actions or searches on the Internet (e.g. Google AdWords); 
    • created by   social networks  ; 
    • statistical activities managed by third parties  (e.g. Google Analytics). 

The document also aims to indicate whether the site    allows for social media plug-ins  and the possible transfer of data to  companies in non-continental countries . It is also important to mention what new rights the data subject has under the new European regulations, such as: B. the right to  erasure    

  of the data  ,  its updating or the right to  object to data transfer.    

 

How do I use the document?

Thanks to this document you can:

  • Please indicate for which   website  you are using this document; 
  •   Indicate  the owner of the data  and  the place where they are processed;   
  • Indicate the possible existence of   multiple controllers  for the processing of personal data. 
  • Enter   the person responsible for personal data  (DPO). 
  • Indicate the   purposes  of the data processing and the  duration  required for the website to use them.   
  • determine which   cookies  are used by the website, whether they are only technical cookies, third-party cookies and/or profiling cookies; 
  • Indicate whether the website    uses social media plug-ins ; 
  •  Specify whether the user should receive notifications about  updates to the website  . 

Once you have the document, it needs to be inserted into the web page of the site and made available to the user.

 

Regulation reference REGULATION  (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/ 46/EC (General Data Protection Regulation )  . 

 

Legislative Decree 181/18  on “Provisions adapting national legislation to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data” and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) amending Legislative Decree 196/2003, “Code on the Protection of Personal Data”  .  .   

Resolution of the Data Protection Officer n. 229/2014  regarding "Identification of the simplified methods of information and obtaining consent for the use of cookies".