Information on the processing of personal data pursuant to articles. 13-14 EU Reg. 2016/679

 

The information describes the processing operations that Interzero Italy Srl carries out on the personal data of users (hereinafter referred to as “you” “your”) who interact with the site www.interzero.it (hereinafter the “Site”) (the processing operations carried out by Interzero on the personal data of users who interact with the site www.interzero.it are referred to below as the “Service”).

Online services of companies other than the one listed above are subject to their own data protection information, which can be found on their websites.

 

Interzero Italy Srl considers the protection and security of your personal data very important, and takes this aspect into account throughout its business activity. In this policy we offer you an overview of all aspects of the Service that are relevant to data protection legislation. In the following sections we will explain:

  • What data we collect when you use the Service;
  • With what objectives does Interzero Italy Srl process this data;
  • What are your rights and options regarding the processing of your data;
  • How you can contact us for data protection issues.

  1. Data controller

The Data Controller is Interzero Italy Srl, with registered office in Via Messina, 38 – 20154 Milan, (hereinafter the “Company” or the “Data Controller”)

 

When the term “we” “our” is used in this Personal Data Protection Policy, it refers solely to Interzero Italy Srl

 

The Data Controller can be contacted at the email address privacy@interzero.it , or by post, addressed to Interzero, Via Messina, 38 – 20154 Milan.

 

  1. Categories of personal data processed

2.1 Automatic collection of access data

The Site can be visited without providing personal data. The only data collected is the access data that is automatically transmitted by our browser. These will include for example your online identification (for example IP address, session ID, device ID), information regarding the web browser and operating system used, the web path through which you are visiting the Site (i.e. if you are visiting our site via a link), information relating to texts, video images etc. that you view on the Site, the choice of language on the browser, any error messages and access times.

 

2.2 Data communicated through the Site

We collect all the information and data that you communicate to us through the Site (by way of example and not limited to, name, surname, date of birth) and contact data (by way of example and not limited to, e-mail addresses and telephone number). For example, on some pages of the Site, through functions such as the contact form or contact functions, you can send us messages and, in some cases, files (for example PDF documents). The information you provide to us will only be used to handle your request.

Disclosure of your message to another Interzero company or to an external third party will only occur if necessary to process your request (for example, we will disclose your message to another Interzero Group company if the latter is responsible for the management of your request). If you do not want your message to be disclosed to another company, you can state this directly in your message. In this case we will send your message without identifying information (such as your name, customer number or contact details).

The legal basis for this data management is Article 6 (1) (b) of the GDPR. If you have given your consent to the disclosure or processing by third parties of the data you have communicated to us, the legal basis will be Article 6 (1) (a) of the GDPR.

 

  1. Purpose of the processing

Purpose Categories of personal data Legal basis
1. Carry out the Service (by way of example and not limited to: creation of your personal profile on the Site; allow you to use the features of the Site, including requesting information on our Services via the appropriate contact section). Common personal data Necessary processing on a contractual basis (art. 6, par. 1 letter b) GDPR)
2. Manage the cookies necessary for the Site: technical cookies are essential for the correct functioning of the Site and are used for the sole purpose of managing various Services linked to the Site itself, such as logins. Common personal data Necessary processing on a contractual basis (art. 6, par. 1 letter b) GDPR)
3. Fulfillment of regulatory obligations in the execution of the Service (by way of example and not limited to, obligations of an accounting, administrative, fiscal nature, relating to the archiving of contractual documents and the regular keeping of accounting records pursuant to art. 2220 of the Civil Code ), possibly also by communication to third parties Common personal data Processing necessary to fulfill legal obligations to which the Data Controller is subject (art. 6, par. 1 letter (c) GDPR)
4. Response to requests made by administrative, jurisdictional or public security authorities (by way of example and not exhaustively, pursuant to art. 210 cpc and 248 cpp) Common personal data Processing necessary to fulfill legal obligations to which the Data Controller is subject (art. 6, Apr. 1 letter (c) GDPR)

 
5. Exercise or defense of the Data Controller’s rights in court or out of court, or in any case in the context of disputes or disputes (initiated by you, by the Data Controller, by third parties or by jurisdictional or administrative authorities) Common personal data Processing necessary for the pursuit of the legitimate interest of the Data Controller (art. 6, par. 1 letter (f) GDPR) and for the exercise of one’s rights (art.17, par.3, lett. (e) GDPR
6. Direct marketing: sending promotional messages to users who have previously already purchased or requested more details on a service (for services similar to those previously purchased or requested) Common personal data Processing necessary for the pursuit of the legitimate interest of the Data Controller (art. 6 (1) par. 1 letter (f) GDPR)
7. Carrying out statistical research/analysis on aggregate or anonymous data, aimed at measuring the functioning of the Service, data traffic, interactions. Common personal data Processing necessary for the pursuit of the legitimate interest of the Data Controller (art. 6 (1) par. 1 letter (f) GDPR) (Interest of the Owner in monitoring the correct functioning of the Site, data traffic, your interactions with the Site);

 

 

  1. Treatment methods

Each treatment will be conducted in compliance with the methods set out in the articles. 6 and 32 of the GDPR and through the adoption of the appropriate security measures envisaged.

 

  1. Categories of recipients of the personal data processed:

In order to fulfill the above purposes, personal data will also be processed by third parties other than the Data Controller.

These subjects will process the personal data both on behalf of the Data Controller (therefore, as managers) and as independent data controllers, upon specific communication from the Data Controller.

Specifically, the following categories of recipients will process personal data:

  1. suppliers of products, services or services necessary for the correct execution of the Service (by way of example and not limited to, IT service providers, business consultants);
  2. jurisdictional, administrative (including tax authorities) and/or public security authorities, with reference to legal or regulatory obligations to communicate personal data or other regulatory obligations;
  3. third parties and/or bodies responsible for control and supervision of the Data Controller’s business activity (by way of example and not limited to, board of auditors, supervisory body, auditors).

 

In the event of disclosure of data to our service providers, they are permitted to use it solely to carry out their duties. These service providers are carefully selected by us, and by contract they must follow our instructions, adopt technical and organizational measures suitable for protecting the rights of data subjects. Furthermore, they are monitored regularly.

 

  1. Transfer of data abroad

Personal data will be transferred, outside the European Economic Area, only to countries that ensure an adequate level of protection of the personal data of the interested parties, on the basis of an adequacy decision adopted by the European Commission:

In case of transfer to countries outside the European Economic Area which do not ensure an adequate level of protection of the personal data of the interested parties, the transfer will only take place:

  • subject to the adoption of appropriate or appropriate guarantees (such as, by way of example and not limited to, the stipulation of data transfer agreements that implement the standard contractual clauses approved by the European Commission);
  • if it is necessary for the conclusion of a contract or the fulfillment of contractual obligations between the Customer and the Owner.

In any case, in such eventualities we will take care to provide you, upon your simple request, detailed information regarding the methods of data transfer to third countries, any appropriate or appropriate guarantees adopted and the means to obtain a copy of such data or the place where have been made available.

  1. Retention period

Unless otherwise specified in this policy, we will use and retain your data for as long as necessary to fulfill our contractual or statutory duties, or to fulfill the purposes for which the data is collected.

We will then delete your data immediately, unless it is necessary to keep it until the statute of limitations has expired in order to use it as evidence in civil cases or to comply with the mandatory retention period of 10 years.

 

  1. Cookie management

On the Site we use our own cookies and third-party cookies. A cookie is a standardized text file that is stored by your browser for a set period of time. Cookies make it possible to locally store information, such as language settings and temporary identifiers that can be retrieved upon subsequent accesses to the site from the server that set the cookie. In the security settings of your browser you can view and delete active cookies. You can adjust your browser settings as you wish, and thus for example refuse to accept third-party cookies. Please take into account that in this case you may not be able to use all the functions of the Site.

Our cookies serve to make your visit to the Site easier and safer.

 

  1. Third Party Platforms

Through the Site it is possible to view contents of external platforms and interact with them. Below are detailed the third-party cookies that could be used by the Site, as well as the links through which the user can receive more information and request the deactivation of cookies.

 

Youtube

We use YouTube videos on some pages of the Site. YouTube is a video platform operated by the Google Company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”).

YouTube videos can be viewed directly from the Site. Such videos fall under the “extended data protection mode”, so your data will only be transmitted to YouTube if you view the videos. This data transmission is completely independent of us. For cases where your personal data must be transmitted to the United States, Google and YouTube have adhered to the EU-USA Data Privacy Framework .

When the Site contains YouTube videos, YouTube and Google acquire your access data, and the information that you have visited the relevant page on the Site. This will happen regardless of whether or not you are logged in to YouTube or Google. If you are logged in to Google, your data will be associated directly with your Google account. If you do not want these to be associated with your YouTube profile, you must log out before watching a video. YouTube and Google may use your access data to create usage profiles for the purposes of marketing, market research and for the targeted design of their websites. You have the right to object to the creation of these usage profiles: in this case the objection must be sent directly to YouTube. You will find further information in Google’s Privacy Policy, which also applies to YouTube: https://policies.google.com/privacy?hl=en-US and https://policies.google.com/privacy/frameworks?hl= en-US.

Google Analytics

The Site uses Google Analytics, a web analytics service offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics uses cookies to collect your login data when you visit the Site. The cookies used by Google Analytics provide for the anonymization of the user IP.

For exceptional cases in which personal data is transmitted to the United States, Google has adhered to the EU-USA Data Privacy Framework . The European Commission has issued an adequacy decision, concluding that the United States ensures an adequate level of protection for personal data transferred from the EU to companies participating in the Framework.

Google will use the information obtained through cookies to evaluate the use of the Site, to draw up reports on their activity and to provide us with further services associated with the Site and the use of the Internet. You will find further information on this topic in the Google Analytics Google Analytics Privacy Policy.

You can object to the aforementioned production and processing of pseudonymised usage profiles at any time. For this purpose you have several options available:

(1) You can set your browser to block Google Analytics.

(2) You can adjust your Google advertising settings

(3) You can install the opt-out plug-in provided by Google at https://tools.google.com/dlpage/gaoptout?hl=de on your Firefox, Internet Explorer or Chrome browser (this option is not usable on mobile phones).

The data generated by Google Analytics are stored by Google as indicated in the information available at the following link:
https://policies.google.com/technologies/cookies?hl=it

 

Google tag manager

The Site uses Google Tag Manager, a service offered by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Tag Manager is used to manage the Site’s tags more efficiently. The tag is a code that is incorporated into the source code of our Site with the aim, for example, of capturing the presence of frequently used elements of the Site (for example the code for the web analysis service). Google Tag Manager works without the use of cookies. The data is partly processed by a Google server in the USA. In the case of personal data transmitted to the United States, Google has adhered to the EU-USA Data Privacy Framework . The legal basis for this operation is Article 6 (1) (f) of the GDPR, based on our legitimate interest in carrying out business on our Site. You will find more information at Google’s Information on Tag Manager.

Google ReCAPTCHA

We include the bot identification function, for example for accesses to online forms (“ReCaptcha”), provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://adssettings.google.com/authenticated

 

Google Maps

We include maps through the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/ , opt-out: https://adssettings.google.com/authenticated .

MyFonts

The Site also uses external fonts, provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA (hereinafter called “MyFonts”). These fonts are inserted through the connection with a MyFonts server. To deliver the font files to your browser, your IP address is transmitted to a MyFonts server when you visit the Site. Additional information (for example, the name of the site visited, the date and time of the request and the type of browser used) could be transmitted to MyFonts. To prevent MyFonts from executing JavaScript code, you can disable JavaScript in your browser or install a JavaScript blocker (https://www.java.com/it/download/help/disable_browser.html ). You will find further information on data privacy at MyFonts on the following link: https://www.myfonts.com/a/font/legal/website-use-privacy-policy).

 

  1. Data processing for Linkedin

Interzero uses the social network Linkedin. On this social network we communicate the latest news from Interzero and everything we have done, and we are happy to use the possibilities offered by social networks to communicate directly with their members.

Despite this, it is important to underline that we have no influence on the data processing by social networks. So please consider carefully what type of personal information and messages you send to us through social networks and, if in doubt, use different means to contact us among those we make available to you. We are therefore not responsible for the conduct of the operators of these social networks and their members.

If you communicate with us via our social media accounts, we will process the information provided to us for this purpose by the social network in question (for example your name, your page and the contents of messages you have sent to us), in accordance with the purpose for which you sent them to us (for example requested services, suggestions or criticisms). We will delete the data collected in this way as soon as their storage is no longer necessary, or we will limit their processing if statutory data retention obligations exist. If you make public posts on our social media accounts, we will decide on a case-by-case basis whether and when to delete them, based on your interests and ours.

The legal bases for the above data processing depend on the objective of your message.

 

If it concerns using our customer service, or requesting a service from Interzero, the legal basis will be Article 6 (1) (b) of the GDPR. Otherwise the legal basis will be Article 6 (1) (f) of the GDPR (fair balance of interests based on our legitimate interest in processing your message). If you give your consent to the processing of the above data, the legal basis will be Article 6 (1) (a) of the GDPR.

 

  1. Your rights

You have the right to ask us for access to your personal data, pursuant to art. 15 GDPR.

By exercising the right of access, you can request information about:

  • the purpose of the processing;
  • the categories of personal data in question;
  • the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations;
  • where possible, the expected retention period of personal data or, where not possible, the criteria used to determine this period;
  • the existence of the right to ask the Data Controller to rectify or delete personal data or limit the processing of personal data concerning the interested party, or to oppose their processing;
  • the right to lodge a complaint with a supervisory authority;
  • if the personal data is not collected from you, all available information on its origin;
  • the existence of an automated decision-making process, including profiling pursuant to art. 22, paragraphs 1 and 4, of the GDPR and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing towards the interested party.

 

The following rights are also guaranteed:

  1. the right to obtain from the Data Controller the rectification of inaccurate personal data, or the integration of incomplete personal data, pursuant to art. 16 GDPR;
  2. the right to obtain from the Data Controller the deletion of personal data, pursuant to art. 17 GDPR. The exercise of this right may not be guaranteed by the Data Controller (or the Data Controller may only partially respond to the requests) to the extent that the processing of the personal data subject to the cancellation request is required in compliance with legal obligations or for the verification , the exercise or defense of a right in court;
  3. the right to obtain from the Data Controller the limitation of processing, pursuant to art. 18 GDPR;
  4. within the limits established by law, the right to obtain from the Data Controller the portability of personal data processed on a contractual basis pursuant to art. 6, paragraph 1, letter b) of the GDPR;
  5. the right to object to the processing of personal data pursuant to art. 21 GDPR, unless the Data Controller demonstrates, upon receipt of a request in this regard, the existence of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the interested party, or to ascertain, the exercise or defense of a right in court.

 

The above requests must be addressed to the Data Controller, at the contact details set out in the art. 1 of this information.

The Data Controller will respond to requests without undue delay.

In the event of non-response or negative, non-punctual or unsatisfactory feedback to your requests, you may contact a supervisory authority. Italian citizens, habitually resident or those who work in Italy, or believe that the alleged violation by the Data Controller with reference to the processing of their personal data has been carried out in Italy, can contact the Guarantor for the protection of personal data – www.garanteprivacy.it – to obtain adequate protection of your rights.

Citizens of another EU member state, habitually resident or those who work in another EU member state, or believe that the alleged violation by the Data Controller with reference to the processing of their personal data has taken place in another member state EU, they can consult the following web page http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for more information about the competent supervisory authority.

You also have the right to complain to the data protection authority. For Interzero Italy Srl this authority is the Guarantor for the protection of personal data, Piazza di Monte Citorio n. 121 – 00186 Rome.

  1. 12 . Right of withdrawal and opposition

If you wish to exercise your rights of withdrawal and objection as illustrated below, a notification without particular formal requirements sent to the address indicated in the art. 1 of this information.

 

12.1 Withdrawal of consent

According to Article 7 (2) of the GDPR, you have the right to withdraw at any time from any declaration of consent you have provided to us. As a result, we will be unable to continue data processing based on this consent in the future. Revocation of your consent will not affect the lawfulness of the processing undertaken following the consent granted and until the time of revocation.

 

  1. 2 Object to data processing

To the extent that we process your data on the basis of legitimate interest in accordance with Article 6 (1) (f) GDPR, you have the right under Article 21 to object to the processing of your data if the relevant conditions exist. from a particular situation, or if such opposition concerns direct marketing. In this second case you have the general right to object which we are obliged to accept even in the absence of reasons.

 

  1. Security measures

We adopt appropriate technical measures to guarantee data security for the Service, in particular to protect your data from the dangers that may arise during its transmission, and so that third parties do not gain knowledge of it in an unauthorized manner. These measures are constantly updated, in light of the latest technological developments. To secure the personal data you have provided on the Site we use the transport layer security (TLS) protocol, which encrypts the information you have entered.

  1. Changes to this Data Protection Policy

We will periodically update this information, for example in the event of a review of the Site, or if the statutory rules or official regulations change.