Information on the processing of personal data pursuant to articles 13 and 14 of the 2016/679 European Regulation (“GDPR”)
this information is provided to you not only to fulfill the obligations imposed by the Laws regarding the protection of personal data – Regulation (EU) 2016/679 (hereinafter “GDPR”), Legislative Decree 196/2003, as updated by Legislative Decree no. Lgs 101/2018 (or “Code for the protection of personal data”) and the relevant provisions of the Authority for the protection of personal data – but also because REALE & PARTNERS SRL (hereinafter also only “the Company”) believes that the protection of personal data is a fundamental value of your business and wishes to provide any information that can help you protect your privacy and control the use made of personal data when you browse one or more of the following sites (hereinafter the “Sites”):
Personal data are information regarding an identified or identifiable natural person defined as “interested” (hereinafter also “User”), such as personal data, navigation data, information relating to economic conditions, state of health, lifestyle, etc.
Holder of the treatment
The data controller, i.e. the subject who determines the purposes and means of the processing of personal data to which one can contact to exercise the rights recognized by the GDPR, is REALE & PARTNERS SRL, VAT IT16436181008 with registered office in Rome, Via Isole Eolie 3, ZIP code 00141.
The Data Controller can be contacted by sending an e-mail to firstname.lastname@example.org or by sending a communication by traditional mail to the Data Controller’s address, taking care to specify the reason for the request.
Sources and categories of data processed, nature of the provision of data and methods of treatment
The personal data being processed are collected mainly from the User, when the latter browses the Sites or uses the services made available by him. This information analyzes the personal data processed in the various sections of the Sites and exclusively regulates the personal data processing activities carried out on the Sites and not for other websites to which the User is redirected. The data collected by the Sites are mainly processed electronically through software and IT procedures suitable for guaranteeing technical and IT security measures (such as the implementation of the secure HTTPS transmission protocol for the transfer of information entered within the Sites. ).
Types of data and nature of the provision
The computer systems and software procedures used to operate the Sites acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the Sites, addresses in URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment (such as, for example, the name and type of device that connects to the Sites). The provision of such data is not mandatory, when the User decides not to provide such data, do not browse the Sites and will not be able to access the functions made available by the same.
Purpose of processing
- These data are used in order to obtain anonymous statistical information on the use of the Sites, to check their correct functioning, to improve the quality of the services offered and to optimize the functionality of the Sites.
- These data are processed to a strictly necessary and proportionate extent to ensure the security of the networks and information passing through them.
Art. 6 (1) (f) GDPR – Legitimate interest of the data controller in maintaining the safety of the Site and that it is not used in ways that infringe the rights of others or as a channel for the commission of offenses or any fraud (cf. recital 47 of the GDPR).
The personal data referred to in this section are kept for up to 6 months from collection, except for any opposition by the interested party, which can be exercised at any time in the manner indicated in the “Rights of the interested party” section of this information.
Types of data and nature of the provision
The Sites hosts a contact area through which the User can proceed to forward a contact request to the Company or proceed to formulate specific requests for assistance.
This section collects the following types of data:
- name and surname;
- email address;
- free field for inserting the message text.
The Data Controller cannot carry out any type of preventive check in relation to the information entered in the fields that can be freely filled in by the User.
The Company asks Users not to enter information from which, even indirectly, it is possible to have knowledge of data belonging to particular categories referred to in Article 9 of the GDPR. If these types of data are entered, the Data Controller will not take this information into consideration in the feedback formulated and will proceed to delete such data in a secure manner that does not allow its recovery. The provision of data in this area is optional. If the User decides not to provide such data, he or she will not be able to forward contact requests to the Company which will therefore be unable to provide appropriate feedback.
Purpose of processing
Provide feedback to contact requests sent to the Company by Users via the form.
Art. 6 (1) (b) GDPR – the processing is necessary for the execution of pre-contractual measures adopted at the request of the interested party.
Data retention period
Only for the time necessary to contact the User who has requested it from the Users and for a period of 6 months from the receipt of the User’s request, in order to correctly manage any subsequent requests from the same User or for information others relating to the same or similar themes.
Any recipients or any categories of recipients of personal data and transfer of personal data to a third country or outside the European Economic Area (EEA).
The data will be accessed only by duly instructed authorized persons (also with regard to compliance with security measures and confidentiality obligations) pursuant to art. 29 GDPR (by way of example: staff and collaborators of the Company who are responsible for providing feedback to contact requests made by Users).
The data will be able to further access, as independent data controllers or managers pursuant to art. 28 GDPR, professionals and consultants appointed by the Data Controller.
In particular, but not limited to, they will be able to access the data:
- Subjects who provide services for the management of the information system and communication networks of the Company (including e-mail accounts);
- Companies that support the Owner in the administration of the Sites (e.g. the Internet service provider) or to provide the services that the User requests;
- Competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon explicit request;
- other companies in the course of corporate acquisitions or demergers, provided that it is contractually guaranteed that such information remains confidential and protected;
To obtain an updated list of subjects who may become aware of personal data, it is possible to send a communication by email to the email address email@example.com, taking care to specify the reason for the request.
The Data Controller guarantees that personal data will never be disclosed. The personal data being processed could also be transferred to third countries or sites outside the European Economic Area (EEA). In these cases, if it becomes necessary to transfer the data to a third country located outside the European Economic Area, the Data Controller guarantees that this transfer will take place exclusively in the presence of an adequacy decision by the European Commission or other adequate guarantees provided for by the Laws. regarding the protection of personal data (such as the stipulation of standard contractual clauses with the subject who will receive the data and who must in any case ensure that the user’s personal data are subjected to the same level of protection guaranteed by the Data Controller).
Minors under the age of 18 must not provide information or personal data to the Company without the consent of the exercisers of parental responsibility over them. Therefore, the Company invites all those who exercise parental responsibility on minors to inform them about the safe and responsible use of the Internet and the Web and to put in place any procedures indicated from time to time in relation to the initiatives in which the Company intends process the data of minors.
Rights of the interested party
The exercise of the rights indicated in this section is not subject to any formal constraint and is free, except for manifestly unfounded or excessive requests, pursuant to art. 12 (5) of the GDPR.
In relation to the treatments described in this information and pursuant to the GDPR, the User can exercise the following rights:
- right of access to personal data and to all information referred to in art. 15 of the GDPR,
- right to rectify inaccurate personal data and the integration of incomplete ones,
- right to cancel their data, except for those contained in documents that must be kept by the Company and unless there is a legitimate overriding reason to proceed with the processing;
- right to limitation of processing where one of the hypotheses referred to in art. 18 of the GDPR.
- right to object to the processing of their personal data, without prejudice to the provisions regarding the necessity and mandatory nature of the processing for the purpose of establishing the relationship
- right to revoke any consent given for non-mandatory processing of data, without thereby compromising the lawfulness of the processing based on the consent given before the revocation.
The interested party also has the right to lodge a complaint with the Guarantor for the Protection of Personal Data (www.garanteprivacy.it) or the Guarantor Authority of the EU state in which the interested party habitually resides or works, or the place where the alleged violation is verified, in relation to a treatment that you consider non-compliant.
For all these requests, the User can contact the Data Controller by sending a communication by traditional post to the address Rome, Via Isole Eolie 3, CAP 00141 or by email to the address firstname.lastname@example.org.
This information provides for some treatments for which the User’s consent is required. This consent may be expressed by affixing specific flags in specific boxes at the bottom of the website forms through which the personal data of the Users are collected.
Changes to this information
This information is updated as of October 26, 2022 . Any future changes made to this information will be published on this page. The Owner invites Users to regularly view this page, in order to be updated in relation to any changes. If necessary, the changes made to this information will be notified to the User by e-mail.