Data processing includes any operation or set of operations, carried out even without the aid of electronic instruments, relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (hereinafter “GDPR”).
This general information is provided in compliance with art. 13 GDPR, as well as pursuant to Legislative Decree 196/2003 (so-called “Privacy Code”) for all interested parties who consult and, more generally, interact with the services provided through the Site.
The information is valid exclusively for this Site, therefore the Owner assumes no responsibility regarding other third-party websites that may be consulted and/or accessible in any way via hyperlinks on the Site itself.
Interested parties, by using the Site, accept this information and are therefore invited to read it completely before providing personal information of any kind.
1. Data Controller
The Data Controller is Giovanni Bassetto with registered office in Via Giuseppe Sirtori 6, 20129 Milan (hereinafter, the “Data Controller”) at the email address: email@example.com.
2. Categories of personal data being processed
a) Browsing data
The IT systems and software procedures used to operate the Site are managed by the Owner entirely through the WordPress.org platform and acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers used by the interested parties who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the interested parties.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site.
The Site is set up to process data without associating them with identified interested parties, but, due to the very nature of the data, these could, through processing and association with data held by third parties, allow the identification of the same.
The WordPress.org data processing policies apply to the processing, which can be consulted in detail at the following address: https://it.wordpress.org/about/privacy/
b) Data provided voluntarily by the user
Without prejudice to what is specified above in relation to navigation data, the Data Controller will acquire any personal data provided by interested parties through the Site by voluntarily and explicitly sending e-mails to the addresses indicated or through the possible compilation of specifically prepared forms. Voluntary sending through these channels does not require further information or requests for consent. Specific summary information will be reported or displayed on the Site page prepared for the form. Interested parties must therefore explicitly consent to the use of the data reported in this form in order to send the request.
Through the Site, the Owner will not acquire data of a sensitive nature or in any case belonging to the particular categories referred to in the art. 9 of the Regulation or data relating to criminal convictions or crimes.
c) Cookies and other technologies
3. Purposes and legal bases of the processing
a) Provision of the requested services
The data provided voluntarily by the interested parties will be processed by the Data Controller to respond to their requests and exclusively for this purpose. The provision of such data is therefore necessary to obtain the requested service and the legal basis of the processing is article 6, paragraph 1, letter. b), GDPR.
b) Compliance with legal obligations
The data collected and that provided by the interested parties will also be processed by the Data Controller to fulfill legal obligations that weigh on them. Also in this case, the provision of such data is mandatory and the processing is based on art. 6, paragraph 1, letter. c), GDPR.
c) Processing pertinent to the legitimate interest of the Data Controller
The data of the interested parties will also be processed by the Data Controller to ensure the correct functioning of the Site and its contents. Also in this case, the provision of such data is mandatory and their processing is based on art.6, paragraph 1, letter. f), GDPR.
4. Treatment methods
The processing of personal data occurs using paper, IT, telematic and other telecommunications systems. Data processing operations are carried out in such a way as to guarantee minimisation, security and confidentiality, in full compliance with the applicable legislation (articles 5 and 32 GDPR, Privacy Code and provisions of the competent authorities).
5. Duration of treatment
The personal data collected from the interested parties will be kept for the time strictly necessary to follow up on the requests made by them via the Site.
All further data will be stored and processed for the strictly necessary period and, in any case, for a period not exceeding 12 months from their acquisition and/or communication, except for the renewed conferment of the same in the forms of law.
6. Data circulation
The data collected are not subject to dissemination and cannot be transferred abroad.
7. Changes to the information
The Owner reserves the right to modify or simply update the content of this information, in part or completely, also due to any changes in applicable legislation. Such changes and/or updates will be binding as soon as they are published on the Site. The Owner therefore invites you to regularly visit this section to become aware of the most recent and updated version of the information and to be updated on the data collected and their use.
8. Rights of interested parties
Pursuant to Chapter III (articles 12-22) of the GDPR, in addition to the information reported in this information, interested parties have the right at any time to obtain from the Data Controller:
- confirmation of the existence of the data and communication of the same;
- updating, rectification, integration, cancellation, transformation of your data;
- the blocking of data processed in violation of the law.
Interested parties may exercise their rights by writing to the Data Controller at the following e-mail address: firstname.lastname@example.org.