Premise: normative references.
This informative note:
- is made pursuant to Legislative Decree no. 196/2003 and ss.mm.ii. (“Code regarding the protection of personal data”, hereinafter also “Code”) and of EU Regulation no. 679/2016 (“General Data Protection Regulation”, hereinafter also referred to as “GDPR”), to which reference should be made for anything not provided for in this document;
- is intended for those (hereinafter referred to as “users” or “interested parties”) who interact with the website of the undersigned company Similea Ltd accessible from the addresses:
The information itself is provided only for the aforementioned site (with the 2 addresses described above), and not for other websites that may be consulted by the user through links.
Following consultation of this site, data relating to identified or identifiable persons may be processed, collected from the interested party (see Article 13 of the GDPR) or not obtained from the same (see Article 14 of the GDPR).
We mean by processing any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or set of personal data, such as the collection, registration, organization, structuring, preservation, ‘adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
The Controller is:
Registered office address: Viale Umberto Tupini, 133, 00144 Roma
Operational head office address: Via di Valle Foresta, s.n.c., 00062 Bracciano (Rm)
InnovaRe di Franco Alfredo Lugli Martinez, with:
registered office address in Viale Egeo, 71, 00144 Roma
has been designated as Processor as responsible for the processing of personal data on behalf of the Controller, as well as for the maintenance of the technological part of the site.
Place and treatment of data processing
The processing connected to the web services of this site will take place at the aforementioned legal and/or operational headquarters of Similea srl, and is only handled by technical personnel in charge of processing the same.
In case of necessity, the data related to some services can be processed by the Processor InNovaRe at the aforementioned registered office.
Types of data processed
“Personal data” means any information concerning an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity , physiological, genetic, psychological, economic, cultural or social (see Article 4 GDPR).
These personal data include, but are not limited to, the name, surname, date of birth, sex, residence and/or domicile, email address, landline or mobile phone number.
In the event that personal data are provided voluntarily by the user, sending them (reiterates: optional, explicit and voluntary), also by email to the above addresses involves the acquisition of the sender’s address, necessary to respond to the requests, as well as any other personal data included in the communication.
Unless otherwise specified, all data required by this Application is mandatory; if the user refuses to communicate them, it may be impossible for this Application to provide the Service.
In cases where this Application indicates some data as optional, the user is free to refrain from communicating them, without this having any consequence on the availability of the Service or on its operation.
The user who has doubts about which data are mandatory, can contact the owner.
The user assumes responsibility for the personal data of third parties obtained, published or shared through this application, and guarantees to have the right to communicate or disseminate them, freeing the owner from any liability to third parties.
Particular categories of personal data
- Personal data c.d. “Sensitive” (see Article 9 GDPR).
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometric data intended to uniquely identify a physical person, health or life-related data sexual orientation or sexual orientation of the person.
The processing of the aforesaid data is forbidden, unless one of the following cases occurs:
- the data subject has explicitly consented to the processing of such data for one or more specific purposes;
- processing is necessary to fulfill the obligations and exercise the specific rights of the Data Controller of the data subject in matters of labour law and social security and social protection, to the extent that it is authorized by Union or Member State law or from a collective agreement of the member states;
- processing is necessary to protect a vital interest of the data subject or of another natural person, if the person concerned is physically or legally incapable of giving his consent;
- the processing is carried out, within the scope of its legitimate activities and with adequate guarantees, by a foundation, association or other non-profit organization pursuing political, philosophical, religious or trade union purposes, provided that the treatment only concerns the members, former members or persons who have regular contacts with the foundation, association or body, and that personal data are not communicated outside without the consent of the interested party;
- the processing concerns personal data made manifestly public by the interested party;
- processing is necessary to establish, exercise or defend a right in court, or whenever the courts exercise their judicial functions;
- processing is necessary for reasons of significant public interest on the basis of Union or Member State law;
- processing is necessary for preventive medicine or occupational medicine purposes, assessment of the employee’s ability to work, diagnosis, assistance or health or social therapy or management of health or social systems and services on the basis of Union law or Member States or in accordance with the contract with a health professional;
- processing is necessary for reasons of public interest in the field of public health, on the basis of Union or Member State law;
- processing is necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, on the basis of Union or Member State law.
- Personal datac.d. “Judicial” (related to criminal convictions and crimes: see Article 10 GDPR).
The processing of personal data relating to criminal convictions and crimes or related security measures on the basis of art. 6 (1) GDPR must only take place under the supervision of the public authority or if the processing is authorized by Union or Member State law.
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols..
This category of data includes IP addresses or domain names of computers and terminals used by users, addresses in URI / URL notation (Uniform Resource Identifier / Locator) of the requested resources, the time of the request, the method used in the submit the request to the server, the file size obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.) and other parameters related to the operating system and the user’s computer environment..
These data, necessary for the use of web services, are also processed for the purpose of:
- obtain statistical information on the use of services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
- check the correct operation of the services offered.
The navigation data do not persist for more than seven days (without prejudice to any need to ascertain criminal offenses by the judicial authorities).
This information is collected automatically through this application (and / or from third party applications integrated into this application), including: IP addresses or domain names of computers used by the user who connects with this application, addresses in notation URI (Uniform Resource Identifier), the time of the request, the method used in forwarding the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (good order, error, etc. ), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages consulted, to the parameters relating to the operating system and to the IT environment of the user.
Purpose of the processing
The processing of personal data is carried out on the basis and in compliance with current EU legislation and the Italian state described in the introduction, and for the following purposes:
- execution of a contract of which the interested party is a party or of precontractual measures adopted at the request of the same;
- fulfillment of legal obligations to which the Controller is subject;
- fulfillment of the obligations assumed by the Controller towards users;
- safeguarding the vital interests of the data subject or of another physical person;
- execution of a task carried out in the public interest or in connection with the exercise of official authority vested in the Controller;
- pursuit of the legitimate interest of the Controller (provided that the interests or the fundamental rights and freedoms of the data subject do not prevail);
- exercise of their rights by the Controller, including in judicial and / or out-of-court proceedings;
- scientific or technical or historical research, and statistics;
- correct and effective management of commercial relationships and direct marketing.
The pursuit of the described purposes involves, inter alia, the following activities:
- the acquisition and management of requests by the interested party of products and / or services, and the related administrative and fiscal obligations.
The provision of data for the performance of these activities is optional, but any refusal by the party determines the inability to provide the required services and / or products. The Controller also specifies that any failure or incorrect communication of the requested / necessary information may lead to: total or partial impossibility on he part of the Controller to guarantee the correctness of the processing; the possible non-compliance of the results of the treatment with the obligations established by the civil, administrative and fiscal regulations to which it is addressed.
- up to possible opposition from the interested party, the sending of commercial / promotional / informative communications (by ordinary mail, email, telephone, sms, fax), also through the registration in a mailing list and newsletter.
The provision of data for the accomplishment of these activities is optional; in case of failure to provide, the Controller can not provide the aforementioned service for sending commercial / promotional / informative communications, but in any case the possibility for the interested party to use the products and/or services indicated in point 1 above will not be excluded.
Explicit consent and revocation of the same
When, pursuant to art. 6, co. 1, lett. a) GDPR and in the cases expressly provided for by current legislation (see, for example, Article 9, paragraph 2, letter a) GDPR on data “Sensitive”), the processing of personal data is based on the consent of the person concerned, these must be called to express it explicitly.
In this site, the request / explanation of consent is presented with the following forms / modalities:
- Compilation of the information request form and acceptance of the conditions set out therein;
With the same forms / modalities, the interested party may, at any time, revoke the previously expressed consent.
With regard to minors (see Article 8 of the GDPR), consent may be requested and expressed where the minor is at least 16 years old. On the other hand, if the minor is under the age of 16, treatment is permitted if and to the extent that consent is given or authorized by the holder of parental responsibility (parents or guardian); in this case, the Controller shall make every reasonable effort to verify that the consent is given or authorized by the holder of parental responsibility on the child in consideration of the available technologies.
However, the undersigned company undertakes not to store or consciously use any personal data acquired from minors for any purpose, including disclosure to third parties.
Rights of the interested party
The interested party has the right (see Chapter III, articles 12 – 22 GDPR):
- to obtain from the Controller, at any time, the confirmation that a personal data treatment is being processed, or, in this case, to obtain access to the data and all the related information;
- to receive training to exercise their rights;
- to receive the necessary information if personal data are collected from the data subject or from third parties;
- to obtain the correction of personal data (see Article 16 DGPR) and/or their cancellation for the reasons indicated in art. 17 GDPR;
- to obtain any limitation of the treatment;
- to the portability (in particular: transfer) to other Controller of his own data, under the terms and conditions set forth in art. 20 GDPR;
- to oppose at any time, for reasons connected with their particular situation, to the treatment, within the terms and conditions set forth in art. 21 GDPR;
- not to be subjected to a decision based solely on automated processing (including profiling), under the terms and conditions set forth in art. 22 GDPR.
Scope of communication and dissemination of data
The data may be communicated and / or disseminated, only subject to specific consent by the interested party and for the purposes described above, to the third parties shown below by way of example: parties who perform assistance activities (call center, help desk, etc.); studies or companies in the field of assistance and / or consultancy relationships, also concerning the control of company organizational management (accounting, administrative, legal, tax, financial, etc.); companies contractually linked to the writer; Entities and / or public administrations for audits and / or audits in compliance with civil and / or tax obligations; banks and credit and insurance institutions for carrying out economic and / or insurance activities, competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request.
The aforementioned subjects perform the function of Processor, or operate in complete autonomy as a separate Controller.
Methods of processing and storage of data
The processing is carried out in an automated and / or manual electronic form, with methods and instruments aimed at guaranteeing the maximum security and confidentiality, by qualified persons specifically appointed to do so.
The data is stored at the offices of the Controller, or at the offices of third parties identified from time to time, for the time strictly necessary to ensure the pursuit of the purposes described above and the provision of related services (subject to transformation in autonomous form), and in any case not exceeding the period of time prescribed by law.
In particolar: security measures
The Controller and the Processor implement technical and organizational measures in order to guarantee an adequate level of security and ensure full compliance of the treatment with current legislation.
These measures are aimed, among other things:
- to ensure on a permanent basis the confidentiality and resistance of treatment systems and services;
- to prevent the loss of data, illicit uses of the same, and unauthorized access;
- to promptly restore access and availability of personal data in the event of a physical or technical accident.
For any request for information and/or clarification regarding the contents of this document, or for any question or complaint about the processing of personal data, the interested party may contact the Data Controller:
- by ordinary mail to Similea s.r.l., at the following addresses:
- Viale Umberto Tupini, 133, 00144 Rome (registered office);
- or: Via di Valle Foresta, s.n.c., 00062 Bracciano- Rm (operational headoffice);
- by e-mail, to the following e-mail address: firstname.lastname@example.org;
- through PEC, at the address: email@example.com.