Art. 13-14 of the EU Reg. 2016/679
The disclosure is a general obligation that must be fulfilled before or at the latest when initiating the direct collection of personal data. In the case of personal data not collected directly from the interested party, the information must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or to the interested party). Pursuant to the General Regulations for the Protection of Personal Data of Individuals (GDPR – Reg. (EU) 2016/679), the undersigned organization, data controller, informs of the following:
SOURCES AND CATEGORIES OF PERSONAL DATA
The personal data held by the undersigned organization are collected directly from the interested parties. This site does not collect sensitive data, for which are intended to reveal the racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations of a religious, philosophical or political nature or union, health status, and sex life.
The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters relating to the operating system and the user’s computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Profiling data on the consumer’s habits or consumption choices are not directly acquired. It is however possible that through links or embedding elements of third parties, such information is acquired from autonomous or separate subjects. See the section of third-party cookies for additional information.
Like others, this website saves cookies on the browser used by the user concerned with the transmission of personal information and to enhance their experience. In fact, cookies are small text strings that the sites visited by the user send to their terminal (usually to the browser), where they are stored, sometimes for long periods of time, to be then retransmitted to the same sites on the next visit.
As explained below, it is possible to choose which cookies to accept, bearing in mind that refusing use may affect the ability to perform certain functions on the site, or the accuracy and adequacy of some customizable content proposed, or the ability to recognize the user from one visit to the next. If no choice is made in this regard, the default settings will be applied and all cookies will be activated: however, the user can communicate or change this setting at any time.
When session cookies are used they are not stored permanently on the user’s computer and disappear when the browser is closed. Their use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site, to prevent the use of other technologies that could compromise the privacy of users’ browsing, and they do not allow the acquisition of personal identification data. Analytic cookies are used to help to understand how visitors interact with the contents of the site, collecting information (geographic and web origin, technology used, language, pages of entry, visit, exit, time spent, etc.) and generating website usage statistics without the personal identification of individual visitors. Both session and analytic cookies are to be considered technical cookies for which, as it is not necessary to give consent, the opt-out mechanism is in force. Technical cookies are not disclosed to third parties as necessary or useful for the operation of the site; therefore, they are processed only by persons qualified such as persons in charge, data processors, or system administrators.
Third party cookies
Finally, the site incorporates cookies and other elements (tags, pixels, etc.) of third parties (autonomous and on which the owner has no responsibility) that also perform profiling activities and for which you can refer to the respective sites:
- Google Analytics
- Google (widget)
- Facebook (widget)
- Youtube (widget)
- Twitter (widget)
- Instagram (widget)
- Linkedin (widget)
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the email. Even the explicit and voluntary submission of forms that can be filled in on the site containing data of the interested party involves processing which complies with the pre-contractual obligations, including when performing the services provided by sending the forms. Such information in the forms may contain personal data, contact details, telephone numbers, email addresses of the interested parties, and identified and identifiable third parties related to the use of the site. However, specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
Newsletter and Mailing-list
PURPOSES AND LEGAL BASIS OF PROCESSING
Personal data are used (ref. Art.6 (b) of the GDPR):
- to allow navigation on the site and,
- if necessary to perform the service or provision requested as part of the normal activity carried out by the undersigned organization Classification ATECORI 2007: Code: 72.2 – research and experimental development in the field of social sciences and humanities. The main objective are to carry out of the following activities: the development, production and marketing of innovative products or services with high technological value and more specifically the development, production, marketing, design and construction of “smart” urban infrastructure. Specifically, intelligent urban systems with high innovative value that improve energy efficiency and the services provided in a district or a city, related to electricity, water, transport, waste collection, and public lighting.
Furthermore, all personal data can be processed:
- for purposes connected to obligations established by law, as well as by provisions issued by law authorities (see articles 6 (c) and 9 (b, g, h) of the GDPR);
- for the assessment, exercise, or defense of a right in court and out-of-court (legitimate interest) of the undersigned organization (see articles 6 (f) and 9 (f) of the GDPR);
- for direct marketing purposes according to the legitimate interests of the owner in particular; for cookies, advertising ids used to display advertisements and ads; for e-mail addresses for sending the newsletter; for navigation and usage logs to protect site and services from cyber-attacks; in such cases the interested party can always refuse consent so that the data controller will abstain from processing their data (see Article 6 (f) of the GDPR);
- for functional purposes to the activity for which the interested party has the right to express their consent or not, for example: subscription to the newsletter, to receive information messages, to promote and sell products and services, measure satisfaction, and communicate data to third parties for receiving information, promotional, and marketing communications (GDPR art.6 (a)).
CONSEQUENCES OF REFUSING TO CONFER DATA
The provision of data collected from the interested party is optional but essential for processing them for the purposes described previously in points a) and b). In the event that the parties do not communicate their indispensable data and do not allow the processing, it will not be possible to carry out and put in place the proposed services and to follow the contractual obligations undertaken, with a consequent prejudice for the correct fulfillment of regulatory obligations such as accounting, taxes, and administration, etc.
Apart from that specified for navigation data, the user is free to provide personal data for cookies and specific requests via forms e.g. on products and / or services. Failure to provide such data may make it impossible to obtain what has been requested. For all non-essential data, including sensitive data, the conferment is optional. In the absence of consent or incomplete or incorrect conferment of certain data, including sensitive data, the required obligations may be so incomplete as to cause prejudices, penalties, or loss of benefits. This is a result of the impossibility to ensure adequate processing according to the obligations for which it is performed, and for the possible mismatch of results from the processing itself to the obligations imposed by the related laws. In this case the undersigned organization is exonerated from any and all liability for any sanctions or provisions afflicted.
METHODS USED TO PROCESS DATA
The processes connected to the site’s web services use automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place at the server in Italy or the EU and are only handled by technical staff in charge of processing, or by persons in charge of maintenance and administration. Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access and loss of confidentiality. The structure is equipped with anti-intrusion devices, firewall, and log and disaster recovery. Specific mechanisms are used for the encryption, segregation of data, authentication, and authorization of users.
Data processing means the collection, recording, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerized, and telematic tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of personal data will therefore be processed in compliance with the methods indicated art. 5 EU Reg. 2016/679. This ensures, among other things, that the data is processed lawfully and fairly, collected and registered for specific purposes, is explicit and legitimate, accurate, and if necessary updated, relevant, complete and not excessive in relation to the purposes of the processing. It also ensures that fundamental rights and freedoms are respected, as well as the dignity of the person concerned, with particular reference to privacy and personal identity, through measures of protection and security. The undersigned organization has prepared and will further improve the security system for accessing and storing data.
There is no automated decision-making process (e.g. for profiling).
EXTRA EU TRANSFERS
Processing does not take place in non-EU and non-EEA countries.
DATA CONSERVATION PERIOD
In general, the personal data will be kept as long as the purposes of the process persist according to the data category.
The data (only the indispensable ones) are communicated:
- to persons in charge of processing, both internal to the undersigned organization, and external, who perform specific tasks and operations (site administration, analysis of navigation data, traffic, profiling, management of emails and forms sent voluntarily by the user, processing of e-commerce requests and orders, etc.), and
- in cases and to subjects foreseen by the law.
CATAGORIES OF RECIPIENTS
The data will not be disseminated unless otherwise required by law or prior to anonymization. Considering the previous discussion regarding cookies and third party elements, if the user has not given consent to communications, they will only have access to services that do not require consent. In case of necessity, specific and precise consents will be required and the subjects who will receive the data will use them as autonomous owners.
In some cases (not subject to the ordinary management of this site) the Authority may request news and information, for the purpose of monitoring the processing of personal data. In such cases the answer is mandatory under penalty of administrative sanction.
RIGHTS OF THE INTERESTED PARTY
At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided to the data controller, according to Art. 15 to 22 of the GDPR (link to the standard); propose a claim to the Guarantor (www.garanteprivacy.it); if the processing is based on consent, it can be revoked, taking into account that the withdrawal of consent does not affect the lawfulness of the processing based on consent before revocation.
Almost all browsers offer the possibility to manage and disable cookies in order to respect user preferences. In some browsers it is possible to set rules to manage cookies site by site, an option that offers a more precise control on the user’s privacy; another function available on some browsers is the incognito mode, so that all cookies created in this mode are deleted after closing.
Consult the following instructions for managing cookies for various browsers:
PHONE NUMBERS AND CONTACTS
The data controller is Planet Idea S.r.l., with its legal representative pro tempore.
The headquarters are located at Corso Valdocco 2, cap 10122, Turin.
The contact details are: telephone +39 011.0130523; e-mail firstname.lastname@example.org
The complete list of data controllers is available on request.