Version: 1.0 – data: 23.05.2018
(Information on personal data processing in accordance with Article 13 of the Regulation EU 2016/679)
• is intended specifically for the website tbd.diennea.com (hereinafter “the Site”);
• forms an integral part of the Site and the services we offer;
• is also be intended as Information pursuant to art. 13 of the GDPR for those who interact with the web services of this Site.
The processing of your personal data shall follow principles of correctness, lawfulness, transparency, purpose and retention limitation, data minimization, accuracy, integrity, confidentiality and accountability pursuant to article 5 of the GDPR. Your personal data will therefore be processed in accordance with the legislation governing Privacy and confidentiality obligations.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. Data Controller and Data Protection Officer (DPO)
The Controller of the processing is Diennea as specified above. The Data Controller’s organization comprises a Data Protection Officer (DPO). The DPO is available for any information regarding the processing of the personal data of Diennea, including the list of data processors. It is possible to contact the DPO by writing to email@example.com.
2. Personal Data subject to processing
As you use the Site, we inform you that Diennea may collect and process information related to you as an individual such as your name, an identification number, an online ID or one or more characteristic elements of your physical, physiological, mental, economic, cultural or social identity which allows you to be identified, either directly, or together with additional information (“Personal Data”).
Personal Data which may be processed by Diennea through the Site are as follows:
a. Browsing Data
During their normal operation, the computer systems and software procedures used to operate the Site acquire some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified subjects, but by their very nature could identify users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users that connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer of the user’s IT environment. These data are used in order to obtain anonymous statistical information about the site and to allow its proper operation, to permit – given the architecture of the systems used – the proper delivery of services, for motives of security and to establish liability in case of computer crimes against the Site or third parties; navigation data are normally deleted after sixty days.
b. Data provided voluntarily by the user
c. Third party personal data provided voluntarily by the user
When using some of the services of the Site, you are allowed to submit Personal Data related to other persons (e.g. filling the section Tell us what you need). In any situation where you decide to share Personal Data related to other persons through the Website, you will be considered as an independent data controller regarding that Personal Data and must assume all inherent legal obligations and responsibilities. To this end, you must fully indemnify Diennea against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, initiated by the third parties whose Personal Data have been processed through the use of the Site in violation of the applicable rules on personal data protection.
In any case, if you provide or in other way process Personal Data of third parties in using the Site, you henceforth guarantee – assuming all related responsibilities – that this specific processing is grounded on an appropriate legal basis in accordance with art. 6 of the GDPR, which legitimizes the processing of the information in question.
Definitions, characteristics and application of the legislation
There are various types of cookies, depending on their features and functions, and these may remain on the computer or mobile device of the user for different periods of time: so-called session cookies, which are automatically deleted when you close your browser; so-called persistent cookies, which remain on the user’s device until a pre-established date.
Among the technical cookies, which do not require prior explicit consent for their use, the Italian Data Protection Authority (see General Measure “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies – May 8, 2014”) also includes:
• “analytic cookies” used directly by the site operator to collect information, concerning the number of users and how they visit the site, provided they only process information in aggregate form;
• navigation or session cookies (for authentication);
• functional cookies which allow user navigation on the basis of a set of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided to the same.
The prior consent of the user is instead required for “profiling cookies”, i.e. those aimed at creating profiles related to the user in order to send him/her advertising messages in line with the preferences expressed by the same while surfing the web.
Types of cookies used by the Site and the possibility of (de-)selection
The Site uses the following cookies offering the possibility to (de-)select the same (and therefore to disable them), except for third-party cookies, for which the user must directly refer to the relevant procedures for selecting and de-selecting the cookies mentioned below indicated by way of links:
• technical cookies – session or navigation – are strictly necessary for the operation of the Site or to allow the users to make use of the content and services they have requested;
• technical-analytics cookies, which allow for an understanding of how the Site is used by users. These cookies do not collect information about the identity of the user or any personal data. The data is processed in an aggregate and anonymous form;
• technical-functional cookies, i.e. used to activate specific functionalities of the Site and a number of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided.
WARNING: disabling the technical and/or functional cookies of the Site may lead to certain services or features of the Site being unavailable or the Site many not function properly, and the user may be forced to change or manually enter some information or preferences each time they visit the Site.
· Third-party cookies, i.e. cookies from web sites or servers other than that of Diennea, used for specific purposes of the said third parties, including profiling cookies. Note that these subjects, listed below with the relative links to their privacy policies, are independent Controllers of the data collection and handling processes via cookies; you must therefore refer to their personal data handling policies, information policies and consent forms (selection and deselection of respective cookies) as specified in the aforementioned Provision. To complete this it must be noted that Diennea makes the utmost effort to track cookies on its own Site. These are updated regularly on the table below, where we ensure transparency of the cookies sent directly by Diennea and the purposes of these procedures. As concerns these cookies, we provide the links to the information policies of the third parties that send them via our Site: we assign these third parties, as noted above, with the responsibility of supplying the information policy and collecting consent from the users, as envisaged in the Provision. This responsibility refers not only to the cookies sent directly by the third parties but also any additional cookies sent via our Site based on the use of the services used by the third parties themselves. In fact, with regard to these cookies, sent by the suppliers of services of the aforementioned third parties, Diennea cannot exercise any right of control and cannot be aware of either the characteristics or purposes of these.
The following section lists the links to the information on third party cookies:
Specifically, the cookies present on the Site are indicated at the following link: https://tbd.diennea.com/en/cookies/
How to view and modify the cookies including through your navigation program (so-called browser)
3. Purpose of the processing
The purposes of the processing of your Personal Data that we intend to carry out, following your explicit consent when necessary, are the following:
a. to provide the services requested (e.g., a contact request) and to allow you to browse and explore the Site;
b. to answer specific requests addressed to Diennea;
c. to carry out marketing activities, conduct studies, research, market statistics and send you advertising and information material related to the activities, the products and the services of Diennea (“marketing”). In accordance with the “Guidelines on Marketing and Against Spam – 4 July 2013 [Web doc 2542348]” issued by the Italian Data Protection Authority, if you decide to give your consent to receive information related to promotional activities of the Data Controller including market research, we inform you that said activity can be performed, as provided for in the applicable regulations, by way of postal mail, a telephone contacts operator (“traditional methods”), e-mail, SMS and through the use social networks (“automated methods”). Diennea also advise you that you can, at any time, withdraw your consent that you have previously granted to traditional or automated methods by giving notice to the Data Controller without any formality, simply by writing to firstname.lastname@example.org. You can always object to such processing activities for marketing purposes by writing to email@example.com, without prejudice to the lawfulness of the processing founded on your previous consent;
d. to create user profiles by analysing preferences, habits, interests and consumption choices expressed through the use of the Site and the services offered, and, where appropriate, by using profiling cookies, in order to send you material and commercial communications and personalized promotions on the services offered by Diennea (“profiling”);
e. to fulfill the obligations provided for by law, regulations or EU legislation or request from competent Authorities;
f. to carry out statistical analysis without the possibility to identify the user;
g. to carry out direct marketing activities via e-mail for services similar to those you have subscribed to, unless you objected to such processing initially or in subsequent communications, by writing to firstname.lastname@example.org.
Your Personal Data will be processed by electronic or automated means.
4. Legal basis and mandatory or optional nature of the processing
The legal basis of the processing of Personal Data for the purposes referred to in section 3 (a-b) is Article 6(1)(b) of the GDPR (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”), since processing operations are required in order to provide the services or to respond to requests. The provision of Personal Data for these purposes is optional, however, failure to provide them may imply the inability to initiate the requested services or respond to requests.
Processing operations carried out for the marketing purposes described under section 3.c. are based on the granting of your consent pursuant to Article 6(1)(a) of the GDPR (“[…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”). It is not mandatory to give your consent to Diennea for this purpose and you are free to revoke it at any time without any consequence. You can revoke your previously given consent without prejudice to the lawfulness of the processing founded on your previous consent.
The processing carried out for profiling purpose described in section 3.d. is based on your consent pursuant to Article 6(1)(a) (“[…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), which may be collected through specific check-boxes or the cookie banner, or on legitimate interest of Diennea pursuant to Article 6(1)(f) (“[…] processing is necessary for the pursuit of the legitimate interest of the data controller”) of the GDPR. The provision of your Personal Data for these purposes is therefore entirely optional and does not affect your use of the services. You may oppose the processing of your Personal Data for marketing and profiling purposes at any time by writing to email@example.com.
The processing of your Personal Data described in section 3.e. represents a legitimate processing of personal data pursuant to Article 6 (1) (c) of the GDPR (“[…] processing is necessary for compliance with a legal obligation to which the controller is subject”).
Please note that the processing of your Personal Data referred to in section 3.f. is not performed on Personal Data and therefore it can be freely performed by Diennea.
The processing of your Personal Data for the purposes described in section 3.g. (soft spam) represents a legitimate processing under the applicable law on personal data protection, which does not require your consent. You can object to the processing of your Personal Data for this purpose both when requesting the products and services available on the Site and on subsequent communications by the Data Controller by writing to firstname.lastname@example.org.
5. Recipients of Personal Data
For the purposes referred to in Section 3 above, your Personal Data may be shared with the parties listed below (the “Recipients”):
a. subjects typically acting as data processors, namely: i) persons, companies or professional firms providing Diennea with advice and consulting in accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the services; ii) subjects to engage with in order to provide the services (for instance, hosting providers like Aruba S.p.A. as Data processor) iii) persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
b. subjects, bodies or authorities to disclose your Personal Data to in accordance with the provisions of law or under the orders of the authorities or in case of abuse reports to investigate complaints and identify the source of messages received from users;
c. persons authorised by Diennea to process the Personal Data required for carrying out activities strictly related to the provision of the services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (for example Diennea’s employees)
6. Transfers of Personal Data
The Data Controller does not intend to transfer your Personal Data outside the European Economic Area.
7. Retention of Personal Data
The Personal Data processed for the purposes referred to in sections 3.a. and 3.b. will be retained for the period deemed strictly necessary to fulfill such purposes. In any case, since the Personal Data are processed for the provision of the services, Diennea will retain the Personal Data for the period allowed by Italian law to protect its interests (art. 2946 and ensuing articles of the Italian Civil Code).
For the purposes referred to in section 3.c. (marketing) and section 3.d.(profiling), your Personal Data may be processed until you withdraw your consent.
The Personal Data processed for the purposes referred to in section 3.e. will be retained for the period required by the specific obligations or by applicable law.
Personal Data referred to in section 3.g. will be processed until you object the processing by writing to email@example.com or using the link found at the bottom of each sof spam email you receive.
Further information on the data retention period and the criteria adopted in determining this period may be requested in writing from the DPO of Diennea at the following address: firstname.lastname@example.org. Diennea has, in any case, the possibility of retaining your Personal Data for the period allowed by Italian law to protect its interests (art. 2947 (1) (3) of the Italian Civil Code).
8. Data subject rights
Under Articles 15 and following of the GDPR, you, as a data subject, are entitled to request from Diennea, at any time, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing according to Article 21 of the GDPR. You are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the GDPR, as well as to obtain the Personal Data you have provided to Diennea in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.
Requests should be made in writing to email@example.com.
You may interrupt the reception of soft spam by using the appropriate link at the bottom of each e-mail received.Consent to the installation and reading of profiling cookies can be revoked by the methods indicated in section 2.c.
In any case, you will always be entitled to file a complaint with the competent supervisory authority (the Italian Data Protection Authority, Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the GDPR, if you believe that the processing of your data violates applicable law.