Privacy Policy
INFORMATION RELATING TO EU REGULATION GDPR 679/2016 ON PRIVACY PROTECTION AND REQUEST FOR CONSENT WHERE REQUIRED
In accordance with the current GDPR legislation on the protection of personal data, pursuant to and by effect of Articles 12 13 and 14 and following and Articles 13 and 23 of the integration of Legislative Decree. 101/2018 (including subsequent amendments and additions to Legislative Decrees 105/2019 and 125/2019 up to the additions to Legislative Decrees 133/2019, Prime Ministerial Decree 131/2020, Presidential Decree 54/2021 and Legislative Decree 65/2021 in implementation of Prime Ministerial Decree 81 of 14 April 2021, also including the additions to Legislative Decree 122/2021, Prime Ministerial Decree 12 October 2021, Legislative Decree 24 November 2021, Legislative Decree 24 March 2022 number 24 and finally recent amendments, additions and variations to Legislative Decree 138/2024 on cyber security of the European NIS2 directive) we inform you that any data provided by you will be processed, always and in any case taking into account the obligations and in compliance with the above regulations. cited.
To obtain information about your Personal Data processed within the domain, the purposes, the retention times and the subjects with whom the Data is shared, contact the Owner.
Changes may be introduced in the future to this Privacy Policy in order to ensure constant compliance with the additions that may occur to the applicable laws.
We therefore invite Users to carefully read the rules that we apply for the collection and processing of personal data and to continue to provide a satisfactory service.
Pursuant to Article 1 of GDPR 679/2016 (“object and purpose of the data”), Article 2 of GDPR 679/2016 (“scope of application of the processing”), Article 4 GDPR 679/2016 (“definition of processing”) and its definitive entry into activation (as per art. 99 GDPR commonly referred to as ‘EU Regulation’), processing must be understood as: “any operation or set of operations, performed with or without the aid of automated processes and applied to personal data (where personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person) or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, profiling (according to art. 22 GDPR any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements), erasure or destruction”.
Owner and Data Controller
Anne Mortgat CF:MRTNNA69R44L219J
As the parent of a minor.
Methods and place of data processing
Methods of processing
The owner adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the data, such tools adopted for its processing must comply with the directives imposed by Art. 25 of the EU Regulation GDPR 679/2016 Art. 25 design by design and by default.
The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Owner, in some cases, categories of persons involved in the organization of this Application (administrative, commercial, marketing, legal, system administration personnel) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communications agencies) may have access to the Data, also appointed, if necessary, as Data Processors by the Owner.
The updated list of Data Processors may always be requested from the Data Controller.
You may revoke your consent at any time and/or object to the processing of your data by notifying the data controller of your personal data by email to the email address [email protected]
Place
The Data is processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve the transfer of the User’s Data to a country other than their own. To learn more about the place where such transferred Data is processed, Users can consult the section containing details on the processing of Personal Data.
Retention time
The Data Controller will process the personal data for the time necessary to fulfill the purposes above and for the Service Purposes and for no longer than 2 years from the collection of data for Marketing Purposes. The personal data processed will be retained for the entire duration of the association, mandate or membership relationship to the services offered and, in the event of revocation and/or other type of termination of the relationship, within the limitation periods indicated in art. 19 of Legislative Decree 35/2017.
Therefore:
Personal Data collected for purposes related to the performance of a contract between the Owner and the User will be retained until such contract has been fully performed.
Personal Data collected for purposes related to the legitimate interests of the Owner will be retained for as long as necessary to achieve such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner in the relevant sections of this document or by contacting the Owner.
The Owner may be authorized to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not revoked. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever this is necessary to fulfill a legal obligation or by order of an authority.
Once the retention period has expired, Personal Data will be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be exercised after the expiration of the retention period.
Cookie Policy
This Application uses Trackers. To learn more, Users can consult the Cookie Policy.
Further information for users
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
Users have given consent for one or more specific purposes.
the provision of Data is necessary for the performance of a contract with the User and/or for the execution of pre-contractual measures;
the processing is necessary for compliance with a legal obligation to which the Owner is subject;
the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Owner;
the processing is necessary for the pursuit of the legitimate interest of the Owner or third parties.
It is always possible to ask the Owner to clarify the specific legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.
Users’ rights under the General Data Protection Regulation (GDPR)
Users may exercise certain rights with reference to the Data processed by the Owner.
In particular, Users have the right to do the following, to the extent permitted by law:
Withdraw consent at any time:
all Data are processed for direct marketing purposes, they can object to such processing at any time, free of charge and without providing any justification. If the User objects to the processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To find out whether the Owner processes Personal Data for direct marketing purposes, Users can refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise the User’s rights can be addressed to the Owner using the contact details indicated in this document. Such requests are free of charge and will be answered by the Owner as soon as possible and in any case within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or limitations of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data have been disclosed, unless this proves impossible or involves a disproportionate effort. Upon request of Users, the Owner will inform them about such recipients.
More information on data collection and processing
Legal action
The User’s Personal Data may be used for legal purposes by the Owner in court or in the preparatory stages of any legal action arising from improper use of this Application or related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
More information about the User’s personal data
Upon request of the User, in addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.
System logs and maintenance
For needs related to operation and maintenance, this Application and any third-party services used by it may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.
Information not contained in this policy
More details in relation to the collection or processing of Personal Data may be requested at any time from the Data Controller by consulting the contact information at the beginning of this document.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page and, if possible, on this Application and/or – if technically and legally feasible – by sending a notification to Users via one of the contact details held by the Data Controller. It is strongly recommended to consult this page often, referring to the date of the last modification indicated at the bottom.
If the changes affect processing based on consent, the Data Controller will collect the User’s consent again, if necessary.
Please note that in the event of need, external attacks, data breach, disaster recovery, big data, total/partial loss of the interested party’s data, the Data Controller will take and implement all the mandatory measures provided for by art. 33 and 34 GDPR and such violations will be immediately communicated not only to the interested party but also to the competent bodies (in some cases no later than 72 hours from the recognition of the fact).
The interested party has the right to request the procedure for managing such attacks.
The violation of such communications, or other crimes relating to the rights of the interested party, will be punishable with administrative sanctions against the data controller according to article 83 of the EU Reg. GDPR 679/2016 which could also lead to the suspension of the activity of the data controller (Art. 81 GDPR).
In accordance with the current EU Reg. GDPR 679/2016, it is communicated and made known that the data controller structure, given its organizational chart, is not obliged to have a professional external control figure (D.P.O. Data Protection Officer) as foreseen and described in the EU Reg. in articles 37 38 and 39 and at the same time for the same reason, having carried out an in-depth risk assessment DVR with the assistance of a professional, it does not require a “Di cuius” Impact Assessment (DPIA) (Art. 35 GDPR).
Definitions and legal references
Personal Data (or Data)
Personal data is any information that, directly or indirectly, also in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.
Usage data
This information is collected automatically through this Application (also from third-party applications integrated into this Application), including: the IP addresses or domain names of the computers utilized by the User who connects to this Application, the URI (Uniform Resource Identifier) addresses, the time of the request, the method utilized to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), the country of origin, the characteristics of the browser and operating system utilized by the visitor, the various temporal connotations of the visit (for example, the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages visited, the parameters relating to the operating system and the User’s IT environment.
User
The individual who uses this Application who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Controller (or Controller)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
This Application
The means by which the User’s Personal Data is collected and processed.
Service
The Service provided by this Application as described in the relevant terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references in this document to the European Union apply to all current member states of the European Union and the European Economic Area.
Legal information
This privacy policy concerns only this Application, unless otherwise specified in this document.
All of the EU Regulation GDPR 679/2016 as specified in Art.94 effectively repeals all of Regulation 95/46/EC Art. 29 and applies from 25 May 2018 (Art. 99).
Last modification made to this on 28 October 2024