This information (hereinafter also “Privacy Policy”) is provided, pursuant to art. 13 of the EU Regulation n. 679/2016 concerning the protection of individuals with regard to the processing of personal data as well as the free circulation of such data (hereinafter “GDPR”), to inform Users of how the Data Controller will process their personal data, in compliance with principles of correctness, lawfulness and transparency and protection of confidentiality, as well as the rights of the user himself. This Privacy Policy is aimed exclusively at Users who consult the website and who interact with the services of the site and not for other websites or sections / pages / spaces owned by third parties that may be consulted by the User through specific link, and which have their own privacy policy.

1. Data Controller

The Data Controller is Webidoo S.p.A. with registered office in Milan (MI), in Via Gioberti n. 8, C.F. and VAT number 10076860963, e-mail address [email protected], in the person of the legal representative.

2. Data protection officer

The Data Controller has appointed a Personal Data Protection Officer (so-called Data Protection Officer – D.P.O.) who can be contacted at the e-mail address [email protected]

3. Type of personal data processed

a) Navigation data The computer systems and software procedures used to operate this site acquire, during normal operation and only for the duration of the connection, some data whose transmission is implicit in the use of Internet communication protocols (for example, the IP address and the so-called timestamp). This information is not processed for the purpose of associating it with Users and it will not be possible to associate it directly with the User through the processes of Webidoo and its website; however, by their very nature, they could, through processing and association with data held by third parties, allow the indirect identification of the User. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site. b) Data provided voluntarily by Users Personal data provided directly and voluntarily by users of the site may be processed (name and surname, telephone number, province, e – mail). If the User provides personal data of third parties, he fully assumes responsibility and must do what is necessary so that the communication of the data to the Data Controller and the subsequent processing by the same takes place in compliance with the GDPR, for which – by way of example – the ‘User, before providing personal data of third parties, must inform them and obtain consent to the processing, if requested. c) Cookies This site uses cookies, information packages sent by a web server (in this case, from this site) to the user’s browser and automatically stored by the latter on their device (personal computer, tablet, mobile phone, etc. .) and automatically sent back to the server at each subsequent access to the site, as specified in the site’s Cookie Policy.

4. Methods of data processing

Personal Data may be entered voluntarily by the User, or collected automatically while browsing the site. Failure by the User to provide some personal data may not allow the Owner to provide the requested services. . The processing of data, for the purposes referred to in paragraph 6, may take place using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated, adopting all the technical and procedural security measures deemed adequate, aimed at prevent unauthorized access, disclosure, modification or destruction of personal data, identified and updated on the basis of IT risk, as indicated by art. 32 of the GDPR.

5. Subjects involved in the treatment

In addition to the Data Controller, categories of persons authorized to process the processing involved in the development and execution of the services provided by the Data Controller through this website, and related activities (administrative staff, commercial staff, system administrators) may have access to the data. or external parties (such as third party technical service providers, hosting providers, consultants). The personal data expressly provided by the Users will be communicated to third parties only if the communication is necessary to pursue the purposes referred to in paragraph 6. All the employees or suppliers used by the Data Controller for the processing of the User’s personal data have been appropriately and legally authorized and made responsible for the methods and purposes of the processing attributed to them; they will act in compliance with and in accordance with this information. The list of these subjects is constantly updated and available at the headquarters of the Data Controller.

6. Purpose and legal basis of the processing

The User’s personal data are processed to allow the Owner:

a. to provide the services provided by the site and respond to the User’s requests. The legal basis of this processing is the need to execute a User’s request, execute a contract and / or pre-contractual measures adopted at the request of the person to whom the data refers. For this purpose the provision of personal data is necessary; therefore, failure to provide them will make it impossible for the User to obtain the services requested from the Owner;

b. to send the User communications for marketing activities on their services / products through automated (e-mail, text message, autoresponders) and non-automated (ordinary mail, telephone with operator) tools. The legal basis of the processing is the free and optional consent of the User. The possibility remains for the User to oppose the sending of such communications at any time, revoking the consent previously expressed;

c. to fulfill, in general, any obligation deriving from applicable legislation or an order of the Authority, and administrative, accounting and tax activities. The legal basis of the processing for this purpose is the legal obligation;

d. to ensure that the Site is updated and meets the needs of Users, to analyze, review and improve the services of the Site and, if necessary, exercise the rights of action and defense in court. The legal basis of the processing for this purpose is the legitimate interest of the Data Controller in the protection of their assets, their business and their rights.

7. Retention times

The processed data will be kept for the period strictly necessary for the pursuit of the aforementioned purposes and / or for the different time prescribed by law. The data processed for the purposes indicated in lett. b. of art. 6 will be kept for 5 (five) years from the moment the consent is given. At any time, the User can revoke the consent given previously. The User may at any time request to interrupt the provision of the service and exercise his rights referred to in paragraph 9 below.

8. Transfer abroad

The User’s personal data will not be transferred outside the EEA area; should the Data Controller transfer the User’s personal data outside the territory of the European Union, such transfers will be covered with an adequate level of protection.

9. User rights

As a data subject, the GDPR grants the User specific rights, including those to ask the Data Controller:

  • confirmation as to whether or not your personal data is being processed and, in this case, to obtain access to it (Article 15 “right of access”);
  • the correction of inaccurate personal data, or the integration of incomplete personal data (Article 16 “right of rectification”);
  • the cancellation of the data, in the presence of one of the reasons provided for by the GDPR (Article 17 “right of cancellation”), where applicable;
  • to limit the processing of their data, in the presence of one of the reasons provided for by the GDPR (Article 18 “right of limitation”);
  • to receive the personal data provided in a structured format, commonly used and readable by an automatic device, as well as to transmit them to another Data Controller (Article 20 “right to portability”), where applicable;
  • not to be subjected to a decision based solely on automated processing that produces effects or significantly affects his person (Article 22).

To exercise their rights, the User may contact the Data Controller in writing at the addresses referred to in paragraph 1. Without prejudice to any other administrative or judicial appeal, the User also has the right to lodge a complaint with a Supervisory Authority, if believes that the processing in question is carried out in violation of the GDPR; for Italy, the Guarantor for the protection of personal data is competent, which can be contacted via the contact details available on the website

10. Changes to the privacy policy

This privacy policy may undergo changes over time – also related to the possible entry into force of new sector regulations, to the updating or provision of new services by the Owner or to technological innovations – for which the User is invited to consult this page periodically.

Last updated: 09/02/2021