INFORMATION ON THE PROCESSING OF PERSONAL DATA
Last updated: may 2022
This policy may be subject to change as a result of new legislation, so please visit this section periodically for updates.
- DATA CONTROLLER
- PERSONAL DATA BEING PROCESSED
- PURPOSE AND LEGAL BASIS OF PROCESSING
- NATURE OF PROVIDING PERSONAL DATA
- DATA RETENTION PERIOD
- METHODS OF TREATMENT
- RECIPIENTS OF PERSONAL DATA
- SCOPE OF DATA CIRCULATION
- RIGHTS OF THE DATA SUBJECT
- DATA CONTROLLER.
The Data Controller is the company TEON S.R.L., with registered office in Via Suor Maria Pelletier, 4 – 20900 Monza (MB) and business office in Via Fara, 20 – 20124 Milan (MI), VAT and C.F. 08962300961, Tel. +39 02 49484500, e-mail firstname.lastname@example.org, PEC email@example.com, hereinafter also “Data Controller” or just “Data Controller”.
For any clarification, information, exercise of the rights listed in this notice, please contact:
address for sending registered mail a/r: Via Fara, 20 – 20124 Milan (MI).
- PERSONAL DATA BEING PROCESSED.
“Personal data” means all information that could directly or indirectly enable the identification of users.
a) Navigation data.
The computer systems and software procedures used to operate this Site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes, for example, the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
- monitor the proper functioning of the services offered;
- establish liability in the event of offences against the Website or committed through the Website (malware attempts, spamming, abusive access to computer systems, etc.).
b) Data actively communicated by the user.
Through the Site, the user may voluntarily provide personal data such as, for instance, personal data provided in the contact forms on the site for the purpose of contacting the Controller to send requests for information/clarifications or to spontaneously send his/her candidature via CV.
The optional, explicit and voluntary use of the aforementioned channels of communication with the Controller entails the acquisition of the sender’s contact data, which are necessary to reply, as well as all personal data included in the communications (such as, for example, technical data of the energy supply – fuel used, energy expenditure, heating consumption, etc.).
The Data Controller shall process the user’s data in compliance with the Applicable Legislation, assuming that they refer to the user himself or to third parties who have expressly authorised him to confer them or whose personal data the user was in any case entitled to confer. With respect to such hypotheses, the user undertakes to indemnify and hold harmless the Data Controller from any dispute, claim, or request for compensation for damages from the processing of personal data that may be received from such third parties.
Please help us keep your personal data up-to-date by informing us of any changes.
c) Cookies and other tracking systems.
- PURPOSE AND LEGAL BASIS OF PROCESSING.
Subject to the above, the personal data acquired will be processed for the following purposes:
a) provide feedback to any requests for information and/or clarification.
Legal basis of the processing: the need to implement pre-contractual measures taken at the request of the user (see Article 6(1)(b) of the GDPR).
b) to fulfil administrative and/or legal obligations;
c) provide feedback to any requests to exercise the rights that the applicable data protection legislation grants to the user as a data subject.
Legal basis of the processing: the need to comply with legal obligations to which the Data Controller is subject (Art. 6(1)(c) of the GDPR).
d) Providing feedback to any user reports, complaints or disputes;
e) verify any fraudulent or otherwise unlawful use of the Site and ensure its security and functionality in the interests of users and the Data Controller;
f) carry out statistical research/analysis on aggregated or anonymous data, without therefore being able to identify the user, measure traffic and assess usability and interest with respect to the Site;
g) managing technical cookies loaded on the Site;
h) provide storage, hosting and management of the Site’s backend infrastructure;
i) allow the user to be directed to the social profiles of the Site owner and to interact with them;
j) to establish, exercise or defend a right in court or whenever the courts exercise their functions.
Legal basis of the processing: legitimate interest of the users to receive feedback regarding any reports, complaints or claims made; legitimate interest of the Data Controller and of the users themselves to prevent or detect any fraudulent or, in any case, illegal use of the Site legitimate interest of the Data Controller in verifying the usability and attractiveness of the Site and in reporting the existence of the Site owner’s social profiles and the possibility to interact with them; legitimate interest of the Data Controller, if any, in exercising or defending a right in court or whenever the judicial authorities exercise their jurisdictional functions [art. 6(1)(f) of the GDPR].
k) managing profiling cookies uploaded on the Site.
Legal basis of the processing: consent of the user (see Article 6(1)(a) of the GDPR).
- NATURE OF THE PROVISION OF PERSONAL DATA.
The provision of personal data by the user is optional. Nonetheless, failure to provide such data, in whole or in part, may make it impossible to respond to any requests for information and/or requests to exercise rights.
- DATA RETENTION PERIOD.
Data processed to fulfil legal obligations will be kept for the period of time specified by the specific legislation or until the fulfilment of the same, and in any case for the period of time necessary to prove fulfilment; data processed to fulfil pre-contractual and/or contractual purposes until the fulfilment of the same and, if a contract is subsequently concluded or pre-contractual negotiations have taken place, for ten years from the conclusion of the same in order to allow for any judicial or extrajudicial protection as well as the demonstration of the correct fulfilment of the contractual obligations.
Where the processing of personal data is necessary for the pursuit of a legitimate interest of the Controller, personal data will be retained until that interest is satisfied or until the data subject objects, to be exercised in the manner set out below.
This maximum retention period may be extended, if the conditions are met, in order to allow the Controller to exercise and defend a right in court or whenever the courts exercise their jurisdictional functions or at their request.
- METHODS OF PROCESSING.
On this Website, data are collected electronically and processed by means of operations performed mainly with the aid of electronic tools, ensuring the use of appropriate measures for the security of the data processed and guaranteeing their confidentiality.
- RECIPIENTS OF PERSONAL DATA.
The categories of recipients who may become aware of your personal data during or after the execution of the contract are:
a) companies, consultants or professionals that may be appointed to install, maintain, update and, in general, manage the Data Controller’s hardware and software, including hosting providers and cloud computing, companies offering Site management and development services, all typically acting as Data Processors within the meaning and for the purposes of Article 28 of the GDPR;
b) subjects, bodies or authorities to which, in their capacity as autonomous data controllers, it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities;
c) companies between lawyers, associated firms, consultants or professionals (e.g. legal, administrative and/or tax consultancy firms) that may be appointed to support the Data Controller: in the proper fulfilment of legal obligations with which he is required to comply; in the establishment, exercise or defence of a right in court or whenever the judicial authorities exercise their jurisdictional functions;
d) persons authorised by the Data Controller to process personal data pursuant to Article 29 of the GDPR and Article 2-quaterdecies of the Italian Privacy Code and who have received special instructions on how to process data in accordance with the Applicable Regulations.
- SCOPE OF DATA CIRCULATION.
The processing of personal data relating to the services of the Website takes place at the Data Controller’s premises and is carried out only by personnel authorised to do so. The data collected will not be disseminated.
However, for the effective performance of the requested service, some data will be shared with external parties called upon to perform specific tasks on behalf of the Data Controller (e.g.: hosting, housing, cloud providers, e-mail service providers for the needs of publishing the Site and managing the e-mail/PEC service, web agencies, professionals, etc.).
The Data Controller’s hosting provider’s servers are located within the European Union. Certain providers of the Controller or the servers of such providers, however, may be located in countries outside the EU. In such cases, personal data may be transferred to countries outside the European Union. In any case, such transfers will only take place if one or more of the conditions set out in the current legislation for transfers to non-EU countries are met. Further information is available from the Data Controller by writing to the following address: firstname.lastname@example.org.
The Data Controller undertakes to protect the security of personal data by adopting all the computer and physical measures necessary for the protection of the personal data provided. No security system guarantees this protection with absolute certainty, therefore, except in cases of liability for negligence, the Data Controller shall not be liable for the actions of third parties who abusively access the systems without due authorisation. For these reasons, users of the Site are advised to ensure that their computer is equipped with software suitable for the protection of network data transmission (e.g. up-to-date antivirus software) and that their Internet provider has adopted suitable measures for the security of network data transmission.
- THE RIGHTS OF THE DATA SUBJECT.
Article 13 para. 2 and Articles 15 to 22 of EU Reg. 2016/679 (GDPR) list the user’s rights.
The Controller therefore wishes to inform you of the existence:
- of the data subject’s right to ask the data controller for access to personal data (Art. 15 GDPR), rectification (Art. 16 GDPR) or restriction of processing concerning him or her (Art. 18 GDPR) or to object, on legitimate grounds, to their processing (Art. 21 GDPR), as well as the right to data portability (Art. 20 GDPR);
- the right to request the deletion (Art. 17 GDPR), transformation into anonymous form or blocking of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed.
Requests may be addressed to the Data Controller, without formalities or, alternatively, using the form provided by the Data Protection Authority available at the Site:
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924, by sending an e-mail to: email@example.com.
If the processing is based on Art. 6(1)(a) or Art. 9(2)(a), the user has the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal.
Similarly, in the event of a breach of the law, the user has the right to lodge a complaint with the Garante per la Protezione dei Dati Personali, as the authority responsible for monitoring processing in the Italian State. The form for lodging a complaint with the Garante per la Privacy can be found at:
For a more detailed discussion of your rights, see Articles 15 et seq. of the GDPR.
To exercise one or more of the above rights, you may contact us at the following e-mail address: firstname.lastname@example.org.