Data controller is ATERIAL S.r.l., a company incorporated under the laws of Italy, Registy of Companies of Bergamo number BG – 457701, tax and vat code 04371000169, with registered office in Italy, Bergamo, Via Goffredo Mameli n. 10.
Users can contact the data controller by sending an e-mail to firstname.lastname@example.org or by sending a letter to the address: Via Goffredo Mameli n. 10, Bergamo (IT).
Legal basis for the processing
The provision of personal data is not statutory nor a contractual requirement: users may deny their consent to the processing and revoke their consent at any time (this can be done through the banner at the bottom of the page, or by changing settings of your browser or by contacting the data controller). However, if users do not agree on data processing, they may not use some services and the browsing experience may be hindered.
Data is also processed to maintain the Website secure and protect it from misuse and spam, as well as to analyse user’s traffic for statistical purposes. This data cannot be related to the user and is processed on the basis of data controller’s legitimate interest to the Website’s and user’s data security. In these cases, the user has the right to object to the processing at any time (see paragraph on user’s rights).
Purposes of processing
The purposes of data processing are the following:
- Data analysis: data is processed to verify that the Website works properly. This type of data cannot be attributed to the single user and does not identify the user.
- Security: data is processed to maintain the Website secure (i.e. antispam filters, firewalls, virus detection) so that also users are protected from frauds and damages to the Website. This type of data is registered automatically and can include personal data (i.e. IP address) which may be used in compliance with laws and regulations to block activities that may damage the Website or other users, as well as criminal activities. This data, which is periodically deleted, will never be used to identify or track user’s preferences.
- Other activities: data may be sent to third parties who provide services that are material to the functioning of the Website. Our suppliers have access to data that they need to provide their services only and undertake to not use data for other purposes and commit to process data in compliance with applicable laws.
Categories of data
The Website processes two categories of user’s data.
Data that is processed automatically
While browsing the Website, the following data may be processed and stored as log files in the Website’s server:
- Internet Protocol (IP) address;
- browser type;
- characteristics of the device that has been used to connect to the Website;
- name of the Internet Service Provider (ISP);
- date and time of the visit;
- user’s webpage of entry and exit;
- number of clicks.
This data is processed for the sole purpose of data analysis in a form that does not identify the user. The IP address is processed for security reasons only and it is not matched with any other data.
Data that is provided on a voluntary basis
The Website may also process data that is provided by users when they use the services on the Website, i.e. when they leave a comment or send a query. This data will only be used to provide the service that has been requested and includes:
- name and surname;
- email address;
- any other data that is provided on a voluntary basis.
Where data is processed
Data is processed at the data controller’s offices and at the data center of the web hosting service provider, which is IONOS. The web hosting service provider acts as data processor because he processes data on behalf of the data controller. IONOS is located in the EEA and operates in compliance with the European regulations ( https://www.ionos.it/terms-gtc/condizioni-generali-per-litalia/).
Data that is processed automatically by the Website during its operations will be stored as long as it is strictly necessary to carry out the activities that have been described above. After that time, data will be deleted or pseudonomised, unless there are other reasons to keep it. Data that is used for security (i.e. IP address and attempts to damage the Websites) will be stored for 30 days.
Transfer of data to third parties
Data is not transferred to third parties, unless: (I) there is a lwaful request from a court; (II) the transfer is necessary to provide a specific service requested by the user; and (III) we have to perform security checks on the Website or work on its optimisation.
Transfer of data outside the EU
The Website may share some data with service providers located outside the EEA. In particular with Google, Facebook and Microsoft (LinkedIn) via the social plugins and Google Analytics. This type of transfer has been authorised by specific decisions of the European Union Commission (decision no. 1250/2016, Privacy Shield) and the Italian Commissioner for data protection, therefore no additional user’s consent is required for the transfer. The abovementioned companies warrant their adherence to the Privacy Shield.
Data is processed in a lawful and correct way and is protected with security measures that are aimed to prevent unauthorized accesses, publication, changes or unauthorized distruction of data. We commit to maintain security on data communication, by applying Secure Sockets Layer (SSL) software which encrypts information in transit. Data is processed by digital and/or online devices, with organisational and technical measures that are strictly related to the purposes of processing indicated above. Besides data processors, data may be processed by people that work on the Website or other service providers (i.e. technical suppliers, hosting providers).
Cookies are small text files that websites send to the user’s computer, where they are stored to be used by the said websites when the user visits them the next times. Third-party cookies are instead installed by a different website than the one that the user is visiting. This happens because every website may contain objects that may be located in different servers than the one that hosts the visited website (i.e. images, maps, sounds, links to external websited, etc.).
Cookies are used for different purposes: digital authentication, session monitoring, recording of website settings, recording of preferences, etc.
The website uses the following types of cookies:
If cookies are turned off, some functions of the Website, i.e. third-party services, may not be available, and the following objects may not be visualised:
- social plugins;
- Google maps.
This Website uses third-party cookies (i.e. social plugin buttons) with the aim to offer additional services to the users, facilitate the use of the Website or provide personalised marketing messages. The Webiste does not have any control over these cookies that are fully managed by third parties and does not have access to the information collected by them. Details on the use of these cookies, on their purposes and on how they may be turned off are provided by the third parties directly at the pages indicated below.
We remind that user’s tracking does not usually identify the user, unless he has subscribed to the third-party service and is logged in the service when using the social plugin. In this case, the user has already agreed on the processing of his data by giving his consent to the third party directly (i.e. Facebook).
The Website uses the following third-party cookies:
Google Ireland Limited
Google Analytics: it is used to analyse how users use the Website, to send reports on Website’s activities and reports on user’s behaviour, to verify how often users visit the Website, how the Website is located by users and what pages are visited the most. This information is also used to compare the Webiste with other similar websites.
Categories of data: browser identification, browsing date and time, originating page and IP address.
Where data is processed: European Union.
Data does not identify the users and is not matched with other data of the same users. Data is processed in aggregated form and it is anonimised (last eight digits are truncated). Google Inc. may not match this data with the one collected from other services, in compliance with a specific agreement (DPA).
More information on Google Analytics cookies is available on Google Analytics Cookie Usage on Websites page (Google Analytics Cookie Usage on Websites).
The user may disable (opt out of) Google Analytics by installing on his browser the specific app provided by Google.
Social network plugins
The Website includes some plugins and/or buttons that facilitate the sharing of information on your favourite social networks. When you visit a page of the Website that shows a plugin, your browser connects directly to the social network’ servers, from which the plugins have been uploaded. These servers may track your visit to the Website and associate it to your social network account, expecially if your are logged in the social network or if you have recently visited a website with social plugins. If you do not want the social network to register data in relation to your visit to the Website, you have to log out of the social network and probably delete cookies that the social network has installed on your browser.
The Website contains plugins that have been designed to protect user’s privacy and they do so by processing user’s data only if the user clicks the plugin and not when he just opens the page that hosts the plugins.
- Facebook (https://www.facebook.com/about/privacy)
- Twitter (https://help.twitter.com/en/rules-and-policies/twitter-cookies and https://twitter.com/en/privacy)
- LinkedIn (https://www.linkedin.com/legal/privacy-policy)
- Pinterest (https://policy.pinterest.com/en/privacy-policy)
User’s rights on his data
In compliance with the GDPR, the user may exercise the following rights according to and within the limits of the applicable law:
- to object to all of part of the processing for legitimate reasons;
- to demand confirmation as to whether or not personal data concerning him is being processed;
- to know the source of data;
- to obtain information on the logic, purposes of the processing and how processing is being done;
- to demand un update, rectification, integration, deletion and pseudonymization of data;
- to receive the personal data concerning him, which he has provided to the data controller, in a structured, commonly used and machine-readable format;
- to lodge a complaint with a supervisory authority (i.e. the Italian Data Protection Commissioner – https://www.garanteprivacy.it/web/guest/home_en);
- to exercise all other statutory rights.
Requests may be addressed to the data controller.