Information notice on the processing of personal data

1.Object of the Processing

Centro Studi Legacoop Srl ensures the protection of your personal data and complies with the applicable personal data protection legislation (Privacy Code and GDPR 2016/679). Your personal data is processed confidentially and transferred to third parties only in accordance with this Policy or with your consent. We process the personal data that you provide when using the website and/or after registering on the website. In particular, we process: i. personal, identifying, non-sensitive data (specifically, name, surname, tax code, email address, date of birth, telephone number) directly provided by you through direct contact and/or through the contact form available on the “Contacts” page of the website; ii. data not directly provided by you, acquired within the limits of Article 14, paragraph 5, GDPR, connected to the use of Internet communication protocols (by way of example only: page access data, amount of data transferred, status messages upon access, session ID numbers, IP addresses, URL addresses). Such data enables the reconstruction of your browsing path on the website.

2. Purposes of the Processing

Your personal data is processed: A) Without your explicit consent, for the following Service Purposes: i. to process a contact request; ii. to execute pre-contractual measures adopted at your request; iii. to compile internal statistics; iv. to fulfil pre-contractual, contractual and/or tax obligations deriving from existing relationships; v. to comply with obligations laid down by law, by a regulation, by EU legislation or by an order of an Authority; vi. to safeguard the vital interests of the data subject or of another natural person; vii. to perform tasks of public interest or connected to the exercise of public powers vested in the Controller; viii. to prevent or detect fraudulent activities or abuses harmful to the website; ix. to pursue a legitimate interest of the Controller or of third parties within the limits set out in Article 6, letter f) of the GDPR; x. to exercise the Controller’s rights, by way of example only the right of defence in legal proceedings. B) With your specific and explicit consent, for the following Marketing Purposes: i. to send newsletters, commercial communications and/or advertising material via email regarding products and/or services, different or dissimilar from those already purchased, offered by the Controller.

3. Nature of the Provision of Personal Data

The provision of your data for the purposes described in point 2, letter A), numbers i) and ii) is mandatory. In the absence of such provision, we cannot guarantee your registration on the website nor the possibility to process your requests. The provision of data for the purposes described in point 2, letter B) is optional. You may therefore choose not to provide any data or withdraw your consent to the processing of previously provided data. In this case, you will no longer receive our newsletters; however, you will continue to receive our services and retain the right to register on the website.

4. Methods of Processing

The processing of your personal data is carried out by means of the operations indicated in Article 4 of the Privacy Code and Article 4, no. 2 of the GDPR, namely: collection, recording, organisation, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure and destruction of data. The processing of your data will be based on the principles of correctness, lawfulness and transparency and may also be carried out through automated means suitable for storing, managing and transmitting the data. It will take place using appropriate tools to guarantee security and confidentiality through suitable procedures to prevent the risk of loss, unauthorised access, unlawful use and dissemination.

5. Data Retention Period

The Controller will process personal data for the time necessary to fulfil the above purposes and, in any case, for no longer than 10 years following the termination of the relationship for Service Purposes and no longer than 2 years from the collection of the data for Marketing Purposes. After such retention period, the data will be deleted or anonymised.

6. Access to Data

The personal data processed by the Controller will not be disseminated, meaning it will not be made available to unspecified subjects in any possible form, including by making it available or for simple consultation. However, it may be communicated to employees working under the authority of the Controller and to certain external parties who collaborate with it. In particular, your data may be made accessible to: i. employees and collaborators of the Controller, authorised consultants responsible for the management of the website and the provision of related services; ii. third-party companies or other subjects that carry out outsourcing activities on behalf of the Controller. Your data may also be communicated, strictly to the extent necessary, to parties legally entitled to access it under laws, regulations or EU legislation.

7. Communication of Data

Without your express consent, the Controller may communicate your data for the purposes indicated to supervisory bodies, judicial authorities, as well as to all other subjects to whom communication is mandatory by law for the fulfilment of the above purposes.

8. Data Transfer

The management and storage of personal data will take place on servers of the Controller and/or third-party companies duly appointed as data processors and/or system administrators, located within the European Union, in accordance with Articles 45 et seq. of the GDPR. Currently, the servers are located in France and Italy. The data will not be transferred outside the European Union. However, it is understood that, should it become necessary to transfer the location of the servers to Italy and/or the European Union and/or non-EU countries, such transfer will always take place in compliance with Articles 45 et seq. of the GDPR. In such a case, the Controller ensures that any transfer of data to non-EU countries will take place in accordance with the applicable legal provisions, stipulating, where necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

9. Browsing Data

The computer systems and software procedures used to operate the website may acquire, during their normal operation, certain personal data the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified users; however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified (e.g. parameters relating to the user’s operating system and IT environment). Such data is used by the Controller solely for the purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning, and is deleted immediately after processing. This data may also be used to establish liability in case of hypothetical computer crimes against the website.

10. Cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that are saved on your computer and provide us with certain information. They are widely used in order to make websites function or function more efficiently, to improve the user experience, as well as to provide certain information to the site owners. Our website uses cookies that remain on your computer for different periods. Some expire at the end of each session while others remain longer so that when you return to our website, you can benefit from a better user experience. Web browsers allow you to exercise certain control over cookies through browser settings. Most browsers allow you to block cookies or block cookies from specific sites. Browsers can also help you delete cookies when you close your browser. However, you should bear in mind that this may result in any opt-outs or preferences you have set on the site being lost. Please refer to your browser’s technical information for instructions. If you choose to disable the setting of cookies or refuse to accept a cookie, some parts of the service may not function properly or may be considerably slower. For more detailed information on the use of cookies, please refer to the dedicated policy available on the website.

11. Data Subject’s Rights

As the data subject, you have the rights set out in Article 7 of the Privacy Code and Article 15 of the GDPR, namely the right to: i. obtain confirmation as to whether or not personal data concerning you exists, even if not yet recorded, and to receive such data in an intelligible form; ii. obtain information on: a) the source of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic means; d) the identification details of the controller, processors and designated representative; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, processors or persons in charge of processing; iii. obtain: a) the updating, rectification or, where interested, integration of the data; b) the erasure, anonymisation or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been notified, also as regards their content, to those to whom the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right protected; iv. object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, using automated calling systems without the intervention of an operator via email and/or traditional marketing methods via telephone and/or paper mail. Please note that the data subject’s right to object set out in point b) above for direct marketing purposes using automated methods also extends to traditional methods and that, in any case, the possibility remains for the data subject to exercise the right to object even only in part. Therefore, the data subject may decide to receive only communications through traditional methods or only automated communications or neither of the two types. Where applicable, you also have the rights set out in Articles 16 to 21 of the GDPR (Right to rectification, Right to erasure, Right to restriction of processing, Right to data portability, Right to object), as well as the right to lodge a complaint with the Supervisory Authority.