NOTICE ON THE PROCESSING OF PERSONAL DATA

Artt. 12-13 del Regolamento (UE) 2016/679

INFORMATION AND CONTACT DETAILS OF THE DATA CONTROLLER

Investigazioni Italia s.r.l., with its registered office at 10135 Turin (TO), Corso Unione Sovietica 612, VAT number 11511180017, represented by the legal representative pro tempore, in its capacity as Data Controller (hereinafter referred to as "Controller"), informs you, pursuant to Articles 12 and 13 of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter referred to as "GDPR"), that the personal data you provide as a User of this website will be processed by specifically authorized subjects and limited to the purposes and methods specified below, with reference to the functionalities of the web portal https://www.investigazioni-italia.com (hereinafter also referred to as the "Site").

Preamble

Investigazioni Italia s.r.l. is the owner and manager of the Site to which the information contained in this privacy notice applies. The Data Controller places the utmost importance on safeguarding the confidentiality and security of personal data related to individuals with whom it comes into contact through its Site. As a User of the Site, we invite you to carefully read all sections of this document, which outlines the information regarding the processing of personal data of individuals who consult it. The User is the individual who accesses the Site, whether a natural person or an entity acting on behalf of a legal person, providing personal data. This document also serves as a notice pursuant to Articles 12 and 13 of Regulation (EU) 2016/679 and applicable national regulations (Privacy Code) concerning the processing of personal data for all those who interact with the web services of the Site, accessible electronically at this address, and exclusively for personal data collected through the Site. This notice is valid only for the Site and not for any other websites that the User may visit via links or plug-ins available on the Site. The Data Controller disclaims any responsibility for these sites and their privacy practices. Therefore, we suggest consulting the privacy policies of all entities with which you interact before providing any personal information.

Subject and Purpose of the Processing

The Data Controller informs you that your personal data will be processed, specifically your common identification and contact data, such as email address, phone number/cell phone, IP addresses, or domain names, in accordance with the purposes and methods outlined below. The personal data of the Users of the Site will be processed in the manner and forms prescribed by the GDPR for the proper functioning of the Site. With regard to the Site, the personal data provided to the Data Controller will be processed for the following purposes:

• To enable the use of the services offered by the Data Controller through the Site, and in particular with regard to all the functionalities made possible by interacting with the Site through any specific buttons and/or forms.
• To ensure the proper functioning of the Site and all technical functionalities related to it, in order to provide the user with the best possible browsing experience on the Site.
• Only with the specific consent of the User, to allow the performance of direct marketing activities through email, SMS/MMS, push notifications, fax, postal mail, and the sending of newsletters containing commercial information related to the services and activities carried out by the Data Controller.

This information notice is effective only with respect to the Site and not with respect to other and different portals or websites that may be accessed through the links present on it, for which the Data Controller is in no way responsible. The processing of the data provided generally will also be carried out automatically during navigation, solely for the purposes of access verification and/or monitoring of access to the Site and/or for the sole purpose of improving its functionality to ensure a better browsing experience. For further information, please refer to the specific Cookie Policy.

Legal Basis for the Processing

Apart from what is specified for the collection of navigation data, the communication of personal data to the Data Controller by you is based on the following legal grounds for the lawfulness of the processing:

• Article 6(1)(b) and (f) of the GDPR for the fulfillment of the purposes referred to in points (a) and (b).
• Article 6(1)(a) of the GDPR for the fulfillment of the purpose referred to in point (c).

The provision of your personal data is therefore necessary for the full achievement of the purposes referred to in points (a) and (b). Consequently, your refusal to provide the data may result in the failure to carry out the aforementioned services and functions of the Site. The provision of your personal data, except as provided by Article 130, paragraph 4 of the Privacy Code (Legislative Decree No. 196/2003 updated by Legislative Decree 101/2018) (so-called "Soft Spam"), is instead purely optional for processing aimed at carrying out direct marketing activities and sending newsletters containing commercial information related to the services and activities carried out by the Data Controller as described in point (c). Therefore, the failure to provide consent does not prevent the fulfillment of the other purposes indicated. In any case, any consent you have given may be revoked at any time, with immediate effect, interrupting the aforementioned business activities and services.

Methods of Processing

The processing of the personal data you provided is carried out through the operations indicated in Article 4, No. 2) of the GDPR, specifically: "collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, deletion, and destruction of data." The personal data you provided are subject to automated processing for the time strictly necessary to achieve the purposes for which they were collected, using technical and organizational methods adopted to prevent data loss, illegal or incorrect use, and unauthorized access, ensuring a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, by specifically authorized subjects in compliance with the provisions of Article 29 of the GDPR. These subjects may include employees and/or collaborators of the Data Controller in their capacity as authorized individuals and/or system administrators, who may carry out operations such as consultation, use, processing, comparison, and any other necessary operations in compliance with legal provisions aimed at ensuring confidentiality, security, accuracy, updating, and relevance of the data with respect to the stated purposes and methods. It is specified that the personal data you provided will be processed only at the Data Controller's premises. Unless otherwise specified below, the data will not be disclosed. According to Article 13, paragraph 1, letter (e), the data may only be processed by authorized subjects and/or external data processors under Article 28 of the GDPR (such as individual professionals and/or complex professional associations) and/or subjects acting as independent data controllers, explicitly including hosting companies and/or technical personnel responsible for the management and/or maintenance of the Site, but only and exclusively for the purposes expressly and specifically indicated above.

Scope of Data Communication

In relation to the purposes outlined above, the data may be communicated to the following subjects and/or categories of subjects, or may be shared with companies and/or individuals providing external services on behalf of the Data Controller. For clarity, the following are examples, but not exhaustive: professionals and consultants, including in associations; entities providing services for the management of the IT system and telecommunications networks (including email, web portal and website management, cloud storage services, server hosting, etc.); competent authorities and/or supervisory bodies to fulfill legal obligations; entities performing control, audit, and certification activities of the Data Controller's actions, acting as external data processors under Article 28 of the GDPR or operating independently as separate entities from the Data Controller. With exclusive reference to navigation data and IP addresses, the Site may share some of the collected data with services located outside of Italy and the European Union. In the event that this becomes necessary for any reason, the Data Controller assures that the data transfer will occur in compliance with applicable legal provisions, particularly in accordance with Articles 44, 45, 46, 47, 48, and 49 of the GDPR and other relevant laws. The Site has installed some plug-ins with advanced privacy protection features for users, which do not send cookies or access cookies on the user's browser when the page is opened, but only after clicking the plug-in. The collection and use of information by the entities listed below are governed by their respective privacy policies, to which you are encouraged to refer via the provided links. LinkedIn: https://www.linkedin.com/

Data Retention Period

In accordance with the principles of lawfulness, purpose limitation, proportionality, as well as data retention and minimization under Article 5 of the GDPR, the retention period for your personal data is established for a period not exceeding the achievement of the purposes for which the data were collected and processed, or for the entire duration of fulfilling the aforementioned purposes. Once the processing purposes have been fulfilled, your data will be permanently deleted from all physical and digital media, unless there is a need for retention for a longer period to comply with a legal obligation or by order of an authority. As for personal data collected for purposes based on the User's consent, such data will be retained for no longer than necessary to achieve the purposes for which they were collected or until the consent is revoked (Opt-Out).

Automated Decision-Making and Profiling

The Data Controller informs you that, for the processing of your personal data, it does not rely on automated decision-making processes, i.e., those aimed at making decisions solely based on technological means and predetermined criteria (i.e., without human involvement). However, the Data Controller may carry out profiling activities with the help of first-party and/or third-party profiling cookies, within the limits and according to the methods further outlined in the Cookie Policy, to which reference is explicitly made.

User Rights (Data Subject Rights)

Right of Access under Article 15 of the GDPR and Right of Rectification under Article 16 of the GDPR

As a data subject pursuant to Article 15 of the GDPR, you have the right to obtain from the Data Controller confirmation of whether or not personal data concerning you is being processed, to access the data, and to obtain all the information referred to in Article 15, paragraph 1, letters (a) to (h), through the provision of a copy of the processed data in a structured, commonly used, machine-readable, and interoperable format. Under Article 16 of the GDPR, you also have the right to obtain from the Data Controller the rectification and/or supplementation of personal data if it is outdated, inaccurate, or incomplete.

Right to Erasure under Article 17 of the GDPR and Right to Restriction of Processing under Article 18 of the GDPR

As a data subject, you have the right to obtain from the Data Controller, without undue delay, the erasure of your personal data, exclusively in the cases outlined in Article 17, paragraph 1, letters (a) to (f) of the GDPR – with the exception of the cases specifically provided for in Article 17, paragraph 3. As a data subject, pursuant to Article 18, paragraph 1, letters (a) to (d) of the GDPR, you have the right to request and obtain from the Data Controller the restriction of processing of your personal data, meaning that such data will no longer be processed and cannot be modified. The Data Controller ensures that the restriction of processing is implemented through appropriate technical means that ensure its inaccessibility and immutability.

Right to Data Portability under Article 20 of the GDPR

As a data subject, you have the right, under Article 20 of the GDPR, to receive from the Data Controller your personal data, which are processed by automated means, in a structured, commonly used, and machine-readable format. You also have the right to transmit such data to another data controller or, where technically feasible, to request the direct transmission of such data from the Data Controller to another specifically identified data controller.

Right to Object to Processing under Article 21 of the GDPR

You have the right to object at any time to the processing of personal data concerning you for reasons related to your particular situation, in cases where the processing of your data is necessary (1) for the performance of a task in the public interest and/or related to the exercise of public authority vested in the Data Controller; (2) for the pursuit of the legitimate interests of the Data Controller or a third party; (3) for profiling activities carried out by the Data Controller based on the previous points. You also have the right to object to the processing of your personal data for reasons related to your particular situation when the data is processed for scientific or historical research purposes or for statistical purposes under Article 89, paragraph 1 of the GDPR, unless the processing is necessary for the performance of a task in the public interest.

Methods for Exercising User Rights

You can exercise the rights listed above by sending a request to the email address privacy@investigazioni-italia.com or by sending a registered letter to the address "10135 Torino (TO), Corso Unione Sovietica 612," attention of Dr. Manuele Madonia, the internal contact for privacy and personal data protection. The Data Controller will confirm the receipt of your request and provide you with information regarding the actions taken with respect to the exercise of your rights under Articles 15 to 22 of the GDPR within 1 (one) month from the receipt of your request. If necessary, and considering the complexity and number of requests, the Data Controller may extend this period by 2 (two) months, with prior communication of the reasons, to be sent within 1 (one) month of receiving the request. The Data Controller will notify any rectification, deletion, restriction, or opposition to all recipients identified in Article 4, paragraph 1, No. 9 of the GDPR, to whom the data has been transmitted, unless this proves impossible or involves disproportionate effort. Following your request for rectification, deletion, restriction, or opposition, if the Data Controller has reasonable doubts about your identity, they will request additional information to confirm it. Such communications will be sent via email from the aforementioned address and processed by the person specifically authorized for this purpose. If the Data Controller fails to comply with your request within 1 (one) month from receipt of the request, they will inform you of the reasons for non-compliance and remind you of your right to lodge a complaint with the Supervisory Authority (Italian Data Protection Authority), as specified under Article 13, paragraph 2, letter (d) and governed by Articles 77 et seq. of the GDPR.

Document updated on 4/7/2024. Investigazioni Italia s.r.l. reserves the right to modify this information notice on the processing of personal data at any time and without prior notice. The User should therefore periodically check this page to verify the updated content of the information notice on the processing of personal data.