In accordance with Article 13 of the “European Regulation 2016/679 related to the protection of physical individuals with regard to the Processing of Personal Data, as well as the free circulation of said data” (from now the GDPR), ICT Consulting S.p.A. informs the User that it commits itself to process users’ personal data according to the principles of lawfulness, fairness, transparency, integrity and confidentiality.
Therefore, the User is informed that:
A. DATA CATEGORIES: Data to be processed will be your personal data, such as:
a.Data collected automatically. Information systems and applications dedicated to the functions of this website may reveal, during the normal functioning of the system, certain information (whose transmission is implicit in the use of internet communication protocols) that is potentially associated to identifiable Users. Among the data collected there are IP addresses and the email domains of the computers used by the Users who connect to the site, the URI (Uniform Resource Identifier) of the resources requested, the method used in order to supply the request to the supplier, the dimension of the files received in the replies, the number code indicating the state of the reply given by the server (successful, error, etc) and other parametres regarding the operating system, the browser and the information environment utilised by the User, the name of the internet service provider (ISP), date and time of visit, web page of the visitor (referral), both incoming and outgoing.
b.Data provided voluntarily by the User. The voluntary and explicit sending of emails to addresses indicated in the different access channels of this site does not entail any request for consent and it entails the acquisition of the address and the data of the sender, information that is required in order to respond to the requests made as well as further personal information that may be included within the missive. Such data is understood to be voluntarily supplied by the User at the very moment that the service provided commences. By including a comment or any other information the User expressly accepts the privacy information, and in particular, the Users agrees that the contents may also be communicated to third parties. On the contrary, specific summary information may be reported or shown on pages in the site that are intended for certain services by request (forms). The User will thus have to explicitly agree to the use of data reported in these forms in order to send a particular request.
B. DATA CONTROLLER: Data Controller is ICT Consulting S.p.A., Piazzale L. Cadorna 4 – 20123 Milano, VAT NUMBER 12472460158. ICT Consulting may be contacted by email at email@example.com. Data Controller has also appointed a Data Protection Officer (DPO) available at the address firstname.lastname@example.org for any information concerning personal data processing.
C. SOURCE OF PERSONAL DATA: The Controller can obtain personal data directly from the User.
D. PURPOSE OF DATA PROCESSING AND THE LEGAL BASIS:
- For data automatically collected, the legal basis is the legitimate interest of the Controller and the purpose is to guarantee and improve the web surfing experience.
- For data voluntarily supplied by the User, the legal basis is consent and, for the sending of emails to our addresses, the purpose is being able to send replies to the specific requests carried out by the User; for the forms the purpose is indicated in the relevant specific information.
- For cookies and plug-ins: please look at the policy.
E. THE RECIPIENTS OF THE DATA: within the purpose limitations, your personal data may be disclosed to third parties, including but not limited to our partners, consulting firms, consultants, private companies, appointed as Processor by the Controller.
F. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES: Your personal data will be not transfer to Third countries outside the European Union.
G. THE STORAGE PERIOD OF PERSONAL DATA: the data provided will be kept for a period of time that is no longer than the attainment of the purpose for which it is processed (“principle of conservation limits”, art.5, GDPR) or on the basis of the expiry dates as laid down by law. Verification of the obsolescence of the data conserved in relation to the objectives for which it has been gathered is carried out upon a periodical basis. At the end of the storage period, the data will be deleted from electronical and magnetic devices.
H. THE RIGHTS OF THE INTERESTED PARTY: the interested party always has the right to request the Holder to give access to his data as well as the amendment or cancellation of the data, the limitation of the data processing or the ability to oppose the processing, to request the data portability and to revoke consent to data processing by affirming these and other rights as laid down by the GDPR by means of a simple communication to the Holder. The interested party may take out a complaint with a controlling authority.
I. THE RIGHTS OF THE DATA SUBJECT: the Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access, rectification of inaccurate personal data concerning him or her or erasure of personal data concerning him or her without undue delay. The data subject shall also have the right to obtain from the Controller restriction of processing, to object at any time to processing of personal data concerning him or her to request data portability or to withdraw consent on which the processing is based. This may be done by simply notifying the Data Controller. In addition, the data subject shall have the right to lodge a complaint with a supervisory authority.
J. DATA PROCESSING PROCEDURE: personal data provided will undergo data processing according to the afore-mentioned legislation and the limits of confidentiality to which the Data Controller’s activities are inspired. Your data will be processed by means of information technology both on paper as well as by any other suitable means, in full compliance with the adequate security measures as laid down by the GDPR.