Data controller: Piemme S.r.l., Via dell’Artigianato 32/E–20865 Usmate Velate (MB)–ITALY
In compliance with the obligations deriving from the national regulation (Italian Decree Law dated 30th June 2003 n.196, Data Protection Law), the Community legislation (European General Data Protection Regulation n. 679/2016, GDPR) and subsequent amendments, this website respects and protects the privacy of its visitors and users, making any possible and reasonable effort not to infringe its users’ rights.
Legal basis for data processing
The provision of the data, as well as the consent to the relevant collection and processing, is voluntary. The User can deny consent or withdraw at any time an already given consent (through the “Contacts” link at the bottom of the page). However, a denied consent can imply the impossibility to supply some services and the website navigation experience could be jeopardised.
As from 25th May 2018 (date of entry into force of the GDPR), the present website will process some of the data according to the data processing controller’s legitimate interests.
Collected data and relevant purposes
Like in any other website, in the present one log files are used (through the ShinyStat service) to store the following kind of information collected automatically during the users’ navigation:
- Internet Protocol address (IP);
- browser type and parameters of the device used to connect to the website;
- name of the Internet Service Provider (ISP);
- date and time of the navigation;
- visitor’s origin (referral) and output webpage;
- if possible, number of clicks.
Use of the information
The above mentioned information is processed automatically and collected exclusively in aggregate form both in order to verify the correct functioning of the website, and for security reasons (as from 25th May such information will be treated according to the data controller’s legitimate interests).
For security reasons (anti-spam filters, firewall, virus detection), the automatically registered data can include personal data such as the IP address, which might be used, in compliance with the regulations in force, to block possible attempts to damage the website itself, or any damages towards other users and any other dangerous or illicit actions. Such information is never used for the user’s identification or profiling, but only to protect the website and its users (as from 25th May such information will be treated according to the controller’s legitimate interests).
Use of information
The data received will be used solely for supplying the required service and only for the relevant necessary time.
The information that the website users will decide to disclose through the services and tools at their disposal, are willingly and voluntarily provided by the user, thus releasing the present website from any liabilities related to any possible breach of laws. The user will therefore have to be in possession of all the necessary authorisations for the entry of third party personal data or contents protected by national or international norms.
Use of information
The data collected in the website during its functioning are used solely for the above mentioned purposes and will be stored for the necessary time required to carry out the defined activities. In any case, the data collected in the website will, for any reason, never be disclosed to third parties, unless legitimately requested by the judicial authorities and otherwise provided by law.
The data used for security reasons (blocking of attempts to damage the website) will be stored for 5 days.
Place of data processing
The data collected in the website will be processed at the Data Controller’s headquarters (Piemme S.r.l., via dell’Artigianato, 32/E–Usmate Velate (MB)–Italy), as well as at aruba.it datacentre. The Data Controller and Processor Piemme S.r.l., is a member of the European Economic Area (EEA) and operates in compliance with the European regulations.
Session cookies are necessary to distinguish the different users connected to the site. They are used to avoid the supply of a required functionality to the wrong user and to protect the website from cyber-attacks. Session cookies do not contain personal data, are not stored and expire at the end of the navigation session. No consent is required for the use of session cookies.
The functionality cookies used in the website are strictly necessary for the website use. In particular, they are linked to an explicit user’s functionality request (such as a “Login”), for which no consent is necessary.
How to disable cookies
The instructions to disable cookies are indicated in the following webpages:
Mozilla Firefox–Microsoft Internet Explorer–Microsoft Edge–Google Chrome–Opera–Apple Safari
Third party cookies
The present website acts as an intermediate for third party cookies, used to supply further services and functionalities to the visitors, as well as to improve the use of the website itself, i.e. through the buttons for social networks and videos. This website does not have any kind of control on third party cookies, which are completely handled by the third parties themselves. Consequently, the information about the use of these cookies and the relevant purposes, as well as on the modalities for their possible disabling, are supplied directly by the third parties in the following pages.
In particular, in this website, the following third party cookies are used:
- Google Analytics: A Google analysis tool, which, by using cookies (performance cookies), collects anonymous navigation data (IP addresses truncated at the latest octet) aggregated exclusively in order to analyse how the website is used by the visitors, fill out reports about the activity of the website and supply other information, including the number of visitors and the webpages visited. Google can also transfer this information to third parties if required by law or whenever such third parties should treat the above mentioned information on behalf of Google. Google shall not associate the IP address to any other data owned by Google. The data forwarded to Google will be stored in the Google server in the United States.
According to a specific agreement with Google, responsible for the data processing, all data will be treated following the Controller’s requests (please refer to the last part of the present Policy), forwarded through the software settings and according to which the advertising options and the data sharing are disabled.
Further information about Google Analytics cookies are available in “Google Analytics Cookie Usage on Websites”.
Selections and obligations
The user can disable selectively the Google Analytics data collection process by installing on its own browser the suitable component supplied by Google (opt out).
ShinyStat: a tool for the analysis of the website traffic, such as:
visits to the website with detailed analysis for the last 15 or 100 days;
details on devices, browser, operating systems, colours and resolutions utilised by the users.
visitors’ provenance, in particular, referral websites, search engines, search keys, social networks and
Socio-demographic data about the users (gender, age, interests).
- Youtube: a video-sharing platform owned by Google, using cookies to collect information about users and navigation devices. The videos included in the website do not transmit cookies to the webpage access, due to the “advanced privacy setting (“no cookie)” according to which YouTube cannot store information about visitors unless the video is voluntarily reproduced.
Cookies: test_cookie.doubleclick.net is not a permanent cookie, but it is used to verify if the user’s browser supports cookies.
For further information about Google data use and processing, please refer both to the relevant information on the pertinent Google webpage and to the webpage regarding how data are processed by Google when utilising partners’ websites or app.
Transfer of data to non-EU countries
The present website could share some of the data collected with services located outside the European Union area, in particular with Google, Facebook and Microsoft (LinkedIn) through the social plugin and the Google Analytics services. The transfer is authorised according to specific decisions by the European Union and the Data Protection Authority, in particular No. 1250/2016 (Privacy Shield–please refer to the Italian Data Protection Authority informative page), for which no further consent is necessary. The above mentioned companies grant their participation in the Privacy Shield.
In this website users’ data are treated honestly and properly, by selecting the appropriate security measures aimed at blocking unauthorised data accesses, disclosure, variations or deletion. The data processing is carried out by means of technological and/or telematic tools, with organization and logical methods strictly connected to the indicated purposes. In some cases, in addition to the data controller, also other designated people involved in the website organization (i.e. operating in administration, sales, marketing, legal and system management departments), as well as external operators (i.e. third party technical service suppliers, couriers, hosting providers, IT companies and communication agencies) could be authorised to access to the data.
In compliance with the European Regulation 679/2016 (GDPR) and the national directive, the User can, according to the conditions and limits set by the laws in force, exercise the following rights:
- require the confirmation of the existence of personal data (right of access);
- know their origin;
- receive related intelligible information;
- be informed about the data processing logic, methods and purposes;
- require the updating, the adjustment, the integration, the cancellation, the transformation into anonymous form, the blocking of the data processed illegally, including the data which are no longer necessary to the purposes for which they have been collected;
- in case of consent-based data processing, receive at the only cost of the possible support the personal data transmitted to the data controller in a structured way, readable by a data processor and in a format commonly used by an electronic device;
- issue a complaint to the Control Authorities (Data Protection Authority–link to the relevant page);
- and, in general, exercise all the rights granted by the laws in force.
The above mentioned requests will have to be addressed to the data processing Controller to the email address: firstname.lastname@example.org.
The rights of the entities involved in the data processing are granted in case of data processed according to the legitimate interests, too (except the portability right, which is not set by law), in particular the right to object to the processing which can be exercised sending a request to the data processing controller.
Pursuant to applicable law, the data processing Controller is the website administrator, Piemme S.r.l., reachable through the “CONTACTS” section.
Piemme S.r.l., via dell’Artigianato, 32/E, 20865 Usmate Velate (MB) is appointed data processor, processing data on behalf of the data controller. Aruba.it, is located within the European Economic Area and operates in compliance with the European regulations (Piemme S.r.l. policy privacy).
Google is appointed data processing responsible, treating data on behalf of the data controller (Google Analytics).
The present policy privacy is updated as at 24th May 2018.