on the processing of personal data for browsing the website and about cookies Pursuant to arts. 12 et seq of Regulation (EU) 2016/679 (GDPR)
Subject: information about the processing of personal data pursuant to arts. 12 et seq of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016
Introduction – Regulation (EU) 2016/679 («General Data Protection Regulation»), hereinafter GDPR) provides safeguards for natural persons with regard to the processing of their personal data. In compliance with the above Regulation, Zucchetti strives to ensure that the processing of data attributable to a natural person (the “data subject”) is based on the principles of correctness, legality and transparency, as well as the protection of confidentiality and the rights of the data subject. In compliance with Regulation (EU) 2016/679 (European regulation for the protection of personal data), we hereby provide the required information about the processing of the personal data provided by you. As the Controller, our organization will process your personal data with the utmost care in compliance with the Regulation, implementing effective operational procedures and processes in order to guarantee the related processing safeguards. For this purpose, using material and operational procedures to safeguard the collected data, we undertake to protect the information provided, in order to avoid unauthorized access and disclosure, maintain the accuracy of the data and guarantee its appropriate use.
Legal basis for processing – This website processes data based on the consents given. By using or consulting this website, visitors and users explicitly approve this privacy information and give consent for the processing of their personal data in the manner and for the purposes described below, including any dissemination to third parties that is necessary for the provision of a service. The provision of data and, therefore, the giving of consent for the collection and processing of such data is mandatory in order to continue browsing this website.
Consistent with this introduction, the following information is provided:
Personal data collected and mandatory or optional nature of the provision of data and consequences of any refusal – Like all websites, this website also uses log files to retain the information collected during visits by users in an automated manner. The following types of information may be collected:
- Internet protocol (IP) address;
- type of browser and parameters of the device used to connect to the website;
- name of the Internet service provider (ISP);
- date and time of the visit;
- the web page that the visitor arrives from (referral) and leaves for; – the number of clicks, if any.
The above information is processed automatically and collected in order to check the proper functioning of the website, as well as for statistical or security reasons. For security reasons (anti-spam filters, firewall, virus detection), the data recorded automatically may also include such personal data as the IP address, which may be used in compliance with the relevant current legislation to block attempts to damage the website or other users or, in any case, to block other detrimental activities or crimes. Such data is never used to identify or profile the user, but solely to safeguard the website and its users.
As a consequence of normal use, the IT systems and software procedures dedicated to the functioning of this website acquire certain personal data whose transmission is inherent to the use of Internet communications protocols. This category of data includes the IP addresses or domain names of the computers used to link to the website, the addresses of the resources requested in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the reply given by the server (success, error, etc.) and other parameters relating to the operating system and IT environment of the user. Except as specified for the browsing data, the user is free to provide additional personal data, with respect to that indicated above, when registering with the website.
Failure to provide this data may make it impossible to obtain the requested information or to provide certain services and the browsing experience on the website might be compromised. Zucchetti confirms that your “sensitive” data is never collected.
Length of time that your data will be retained – The personal data collected during the browsing session will be retained for the time needed to carry out the specified activities and for no more than 26 months. Data provided voluntarily by the user will be retained until the user revokes the related consent given.
Methods of processing – Pursuant and consequent to arts. 12 et seq of the GDPR, the personal data that you provide to us will be recorded, processed and retained in our hard-copy and electronic files, adopting adequate technical and organizational measures in order to safeguard that data. The processing of your personal data may consist in any operation or series of operations described in art. 4, para. 1, point 2 GDPR. Personal data will be processed using suitable tools and procedures that guarantee security and confidentiality. Such processing may be carried out directly and/or via delegated third parties using IT equipment or electronic instruments. Transfer abroad of personal data – The data provided by you will only be processed in Italy. If during the contractual relationship your data is transferred to another country or to an international organization, your rights under EU legislation will be guaranteed and you will be informed on a timely basis.
Purposes of processing your personal data – The personal data of all users of the website may be used to: – allow browsing of the public web pages on our website;
- respond to requests received via the e-mail addresses published on the website;
- collect anonymous statistical information about use of the website (e.g. analysis of the most visited web pages);
- collect anonymous statistical information about the geographical areas of arrival; – check the proper functioning of the website;
- determine responsibilities for any illegal activity carried out to the detriment of the website. In addition to the purposes described above, the personal data of users who register with the website will also be used for purposes connected with the services requested and, in particular, to:
- request information about the solutions offered by Zucchetti;
- examine information about and demos of Zucchetti products and services;
- browse the private web pages on our website; – register users for the requested service;
- fulfill the contractual obligations associated with the requested service, where applicable; – carry out marketing activities;
- send advertising, technical and promotional information by e-mail;
- make direct sales via the website.
Extent of knowledge of your data – The following categories of data processors or persons tasked with processing by our organization may become aware of your data:
− Employees or collaborators in general working in:
- The offices of Zucchetti Accademia; o The commercialization of services;
- Marketing; o Managers of the fiduciary services delivered by Zucchetti.
Technical cookies will be downloaded when browsing Zucchetti websites. These include:
- session cookies used to “fill the shopping cart” for on-line purchases; authentication cookies; cookies for multimedia content, such as Flash Player, that are deleted at the end of the session; customization cookies (e.g. to choose the browsing language), etc.;
- “analytics” cookies for the statistical analysis of access/visits to the website, which are used solely for statistical purposes and to collect information in an aggregated form.
Some pages contain interactive maps provided by Google, which might install cookies to record information and preferences relating to the service.
Some pages contain videos published on YouTube that might install cookies to record information and preferences relating to the service. For further
Google Analytics To determine how often users visit each page of the website, how long they stay and how often they generate a conversion.
Google AdWords To attract new visitors to the website, increase online sales, receive more phone calls and increase customer loyalty by sending advertising links to the company website during their browsing
Facebook Pixel To track people on the website in order to show them (or exclude them) Facebook ads; optimize campaigns towards specific actions; and monitor the results. In particular, it monitors the display of key pages; monitors searches on the Website; monitors when items are added to a cart; monitors when items are added to a wish list; monitors when payment information is added to the purchasing process; monitors completed purchases or purchase procedures; monitors when a user expresses interest in your offer; monitors when an registration form is completed
Linkedin Pixel To show relevant advertising both on the LinkedIn and other websites. To know if someone saw an ad on LinkedIn and later visited and took action (for example, downloaded a white paper or made a purchase) on the website. Determine whether an advertisement was shown and what were the results, or provide information on how the user interacts with the advertising message.
How to deactivate cookies?
Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. The cookies store on the hard disk of your device can however be deleted and, in addition, it is possible to deactivate cookies by following the instructions provided for the principal browsers at the links below: Chrome
http://support.mozilla.org/it/kb/Eliminare%20i%20cookie Internet Explorer http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-10 Opera
http://www.opera.com/help/tutorials/security/privacy/ Safari http://support.apple.com/kb/ph11920
Communication and dissemination – Our organization may communicate externally the data provided by you on registration, making it known to one or more specific parties, in order to fulfill all required legal and/or contractual obligations. In particular, your data may be communicated to:
- other Zucchetti Group companies, including parent companies, subsidiaries and associates;
- public offices or bodies or supervisory bodies, in accordance with legal and/or contractual obligations; We may communicate your data in the following terms:
- to parties able to access it pursuant to laws, regulations or EU legislation, within the limits envisaged in those rules;
- to parties that need to access your data for purposes ancillary to the relationship that exists between you and us, within the limits strictly necessary to carry out the ancillary tasks;
- to our consultants and/or professionals, within the limits required for them to carry out their work at our or their organization, following our appointment letter that imposes duties of confidentiality and security.
Dissemination – We will not disseminate your data indiscriminately, i.e. we will not make it known to unspecified subjects, or make it available for use or consultation.
Trust and confidentiality – We recognize the importance of the trust shown by data subjects who consent to the processing of their personal data and, therefore, we undertake not to sell, hire or rent such personal information to others.
Rights pursuant to arts. 15 et seq GDPR – Pursuant to art. 15 et seq GDPR, you are entitled to obtain confirmation of whether or not your personal data has been processed, even if the results have not yet been recorded. You are entitled to access your personal data and to request its correction, deletion or restriction, as well as to object, in whole or in part, to the processing carried out.
You are entitled to obtain access to the following information from the Data Controller: a) the purposes of processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to which the personal data has been or will be communicated, especially if they are resident in another country or are international organizations;
- when possible, the expected period of time that the personal data will be retained or, if not possible, the criteria used to determine that period;
- if the data was not collected from the data subject, all the information available about its origin;
- the existence of an automated decision process, including the profiling referred to in art. 22, paras. 1 and 4, and, at least in such cases, meaningful information about the logic used, as well as the importance of such processing and its consequences for the data subject.
If the data is transferred to another country or to an international organization, you are entitled to be informed about the existence of adequate guarantees pursuant to art. 46 GDPR.
To exercise these rights, contact the “Data Controller” for our organization at firstname.lastname@example.org or call +39 0371/594.3191 or write to the Zucchetti Privacy Office, via Dante 17 – 26900 Lodi. The Controller will respond within 30 days of receiving your formal request.
If your rights concerning your personal data are infringed, you are entitled to complain to the competent authority: “Guarantor for the protection of personal data – Garante”.
Identification details of the Data Controller and, if appointed, the Representative in the territory of the State and the Data Processor.
Data Controller – The Data Controller is ZUCCHETTI SPA, with registered offices at via Solferino 1, Lodi 26900 LO Tel: +39 0371/5941; fax: +39 0371/5942195 certified e-mail address: email@example.com; email: firstname.lastname@example.org.
DPO – The Data Protection Officer is Mario Brocca, who can be contacted at tel. +39 0371/5943191, fax +39 0371/5943095, e-mail: email@example.com.
Data Processors – Zucchetti has not appointed and will not appoint any Data Processors for the above purposes.
Representative in the territory of the State – Pursuant to art. 4, para. 1, point 17 GDPR, it is confirmed that none of the related circumstances envisaged in the Regulation are applicable and that, accordingly, our organization has not appointed any Representatives in the territory of the State for the purpose of applying the regulations that govern the processing of personal data. Processing without need for consent from the data subject – Even without your consent, this organization is entitled to process your personal data should it be necessary in order to:
- fulfill an obligation required by law, by a regulation or by EU legislation;
- fulfill obligations deriving from a contract to which you are a party or to fulfill specific requests received from you prior to termination of the contract.
- Furthermore, your express consent is not required when the processing:
- concerns data obtained from public registers, lists, deeds or documents that can be read by anyone, without prejudice to the limits and procedures that laws, regulations or EU legislation establish with regard to obtaining knowledge about and the publishing of data, or to data on the performance of economic activities, processed in compliance with current regulations governing business and industrial secrets;
- is necessary in order to safeguard the life or physical safety of a third party (in this case, the Controller must inform the data subject about the processing of that personal data, even subsequent, but as soon as possible. In such circumstances, therefore, consent is given following presentation of that information); 3) is necessary, with the exclusion of dissemination, in order to carry out defense investigations pursuant to Law 397 dated December 7, 2000 or, in any case, to uphold or defend a right in court, on condition that the data is processed solely for those purposes and for the period strictly necessary for their pursuit, in compliance with current regulations governing business and industrial secrets;
4) is necessary, with the exclusion of dissemination, in cases identified by the Garante on the basis of legal principles, in pursuit of the legitimate interests of the Controller or another recipient of the data, including with reference to the activities of banking groups and subsidiaries or associates, should the fundamental rights and liberties, dignity or legitimate interests of the data subject not prevail.
of the processing of personal data