DECLARATION OF CONSENT
1.Personal data collected by the Website
The Data Controller collects the following types of Personal Data:
A. Content and information provided voluntarily by the Member: at the time of registration and during the use of the Platform, the Member may share with the Website manager (who is the Data Controller) or make public on the Website Personal Data in the form of (i) content (e.g. photos, images, videos, audio etc.) and/or (ii) personal information (e.g. name and surname, address, tax code, email address, fixed and mobile telephone number, area of work, sector of activity etc.). If the Member fails to provide the Data Controller with the Personal Data referred to in this paragraph, for which there is a legal or contractual obligation to provide (for example, if they are a necessary requirement for the use of the Platform), the Website manager (who is the Data Controller) will be unable to provide all or part of its services.
The Member who communicates to the Data Controller the Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
Failure by the Member to provide the Data Controller with the Personal Data referred to in this paragraph, for which there is a legal or contractual obligation to provide it (for example, if it is a necessary requirement for the use of the Platform), will result in the impossibility for the Website manager (who is the Data Controller) to provide all or part of its services.
C. Data and content acquired automatically during the use of the Website:
i.Technical data: the computer systems and software procedures used for the functioning of this Website may acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified Users, but by its very nature it could, through processing and association with Personal Data held by third parties, allow the User to be identified. This category includes IP addresses, or the domain names used by the Users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained, etc.
ii.Usage Data: Personal Data relating to the use of the Website by the User may also be collected, such as the pages visited, the actions performed, the functionalities and services used, or information relating to the use of the Platform (for example, type of events attended, average duration of sessions, access device, navigability, mode of interaction with other Users, tools/services used, virtual rooms used, etc.)
iii.Geolocation Data: the Website may collect Personal Data about the Member’s location such as Global Navigation Satellite System (GNSS) data (e.g. GPS data), or data identifying the nearest cell tower, Wi-Fi and Bluetooth hotspots communicated when the Members enable location-based products or features.
D. Personal data collected through cookies or similar technologies:
The Personal Data collected may be used for the performance of contractual and pre-contractual obligations, for legal obligations as well as for the following purposes:
- Member registration and authentication: to allow the Member to register on the Website to access and be identified.
- Support and contact with the Member: to respond to the Member’s requests and help with any problem.
- Comment and feedback: to allow the Member to send reviews or comments.
- Communication via live chat or other systems: to allow the Member to interact with a live chat or other systems on the Website.
- Visualization of content from external platforms: to allow the Member to visualize and share content from social networks or other external platforms.
- Login through accounts on external platforms: to allow the Member to login to the Website through an account on external platforms.
- External management of payments by credit card, bank transfer or other means: to manage the Member’s payments through external platforms that acquire the payment data without the Website Operator having access to it.
- Technical monitoring of the infrastructure for maintenance, troubleshooting and performance improvement purposes: to identify and resolve technical problems and improve performance.
- Storage, hosting and management of backend infrastructure: to manage the technical infrastructure for storing Members’ data.
- Traffic optimisation and distribution: to manage more efficiently and improve the performance of the technical infrastructure.
- Member database management: to organise, access and modify Members’ data.
- Statistics: to perform statistical analyses based on aggregate data or data that do not identify the Member.
- Monitoring, analysis and tracking of the activities carried out within the Website for maintenance and improvement purposes: to monitor and analyse the activities carried out within the Website in order to improve its functionality and efficiency.
- Analysis of Member characteristics: to group and analyse in an automated way the Members’ characteristics and provide personalised services or messages within the scope of the Contract.
- Analysis of the Member’s contractual experience: to modify the Website in order to adapt it to the Member’s needs.
- Sending emails or newsletters and mailing list management: to contact the Member with emails containing commercial and promotional information about the Website.
- Advertising targeting and remarketing: to show advertisements that are relevant to the Member based on his/her browsing behaviour and preferences.
- Own market research and surveys: to carry out market research and surveys internally.
- Third-party market research and surveys: for market research and surveys of third parties.
- Implementation of advertising and/or promotional campaigns of third parties: to implement advertising and/or promotional campaigns of third parties within the Website.
- Marketing and distribution in aggregate and anonymous form: to market and distribute in aggregate and anonymous form the data on Members for commercial and marketing purposes.
- Billing: to proceed with billing customers.
- Any other purpose deemed necessary for the execution of the Contract.
3. Methods of processing and categories of recipients to whom the data are disclosed
The processing of Personal Data is carried out by means of computer and/or digital tools, with operational methods and logics strictly related to the purposes indicated.
The Personal Data may be accessed by persons involved in the organisation of the Data Controller (such as, for example, human resources staff, sales staff, system administrators, etc.). The Personal Data subject to processing may also be communicated to third parties (such as IT companies, service providers, postal couriers, hosting providers, etc.) with whom the Data Controller has entered into contractual relationships in the context of the provision of the services offered by the latter to Members and of the terms of this Contract (including the Annexes). Such third parties may act, depending on the case, as external managers or independent data controllers. A Member may request an updated list of such third parties and further information on the privacy policies of the third-party recipients by sending a written request to email@example.com.
4. Legal basis for the processing of Personal Data
The processing of Personal Data relating to the Member is based on the following legal bases:
- the consent given by the User for the purposes indicated;
- the processing is necessary for the performance of a contract with the Member and/or pre-contractual obligations;
- the processing is necessary to fulfil a legal obligation to which the Data Controller is subject;
- the processing is necessary for the performance of a task carried out in the public interest or for the exercise of public obligations of the Data Controller;
- processing is necessary to pursue the legitimate interests of the Data Controller and/or of third parties;
- the processing is necessary to pursue a vital interest of the Data Controller and/or of third parties.
It is always possible however, to ask the Data Controller to clarify the legal basis of each processing operation by sending a written request to firstname.lastname@example.org.
The Personal Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in their processing are located. For further information, the Member may contact the Data Controller at the following email address email@example.com or at the following postal address Via Campania 59 – 00187 Rome, Italy.
6. Security measures
Processing is carried out in accordance with methods and tools suitable to guarantee the security and confidentiality of Personal Data, since the Data Controller has adopted appropriate technical and organizational measures that guarantee, and allow to demonstrate, that the processing is carried out in compliance with the reference legislation.
7. Duration period of Personal Data retention
Personal Data will be kept for the period of time necessary to fulfil the purposes for which they were collected.
In particular, Personal Data shall be stored for the entire duration of the contractual relationship, for the performance of the obligations related and consequent thereto, for the compliance with applicable legal and regulatory obligations, as well as for the Data Controller’s or third parties’ legal defence purposes.
If the processing of Personal Data is based on the consent of the Member, the Data Controller may retain the Personal Data until such consent is revoked.
Personal Data may be kept for a longer period if necessary, to fulfil a legal obligation or by order of an authority.
All Personal Data will be deleted or stored in a form that does not allow the Member to be identified within 30 days after the end of the retention period. At the end of this 30-day period, the right of access, deletion, rectification and the right to portability of Personal Data may no longer be exercised.
8. Automated decision-making processes
All Personal Data collected will not be subject to any automated decision-making process that may produce legal effects for the individual or that may significantly affect the individual.
9. Member’s rights
The Member may exercise certain rights with regard to the Personal Data processed by the Data Controller. In particular, the Member has the right to:
- revoke consent at any time;
- object to the processing of its Personal Data;
- access his/her Personal Data;
- verify and request rectification;
- obtain the limitation of the processing;
- obtain the deletion of his/her Personal Data;
- receive his/her Personal Data;
- file a claim with the data protection supervisory authority and/or take legal action.
In order to exercise his/her rights, the Member may send a request to the contact details of the Data Controller indicated in this document. Requests are made free of charge and processed by the Data Controller as soon as possible, in any case within 30 days.
10. Data Controller
The Data Controller is Gestione 3C Srl Unipersonale, having its registered office in Via Campania 59, Rome – 00187 Roma (Italy), VAT N. and Fiscal Code 12555611008, e-mail: firstname.lastname@example.org.
CONSENT TO THE PROCESSING OF PERSONAL DATA REGULATION (EU) 2016/679
Please note that, pursuant to Article 7 of the Regulation, the Member has the right to revoke in writing the consent to the processing of Personal Data. The Member declares that he/she has received the information referred to in Article 13 of the EU Regulation 2016/679, in particular with respect to the rights recognised by the EU Regulation 2016/679, and that he/she consents, pursuant to Article 7 et seq. of the Regulation, to the processing of Personal Data, including special data, in the manner indicated in the information notice itself and for the purposes indicated in that document and necessary for the performance of the Contract. The purposes that are not necessary for the execution of the Contract (Advertising targeting and remarketing; Third-party market research and surveys; Implementation of advertising and/or promotional campaigns of third parties) will instead be subject to optional consent by the Member.
Last update: 10/03/2021