Information on the processing of personal data of website users

Articles 13 and 14 of Regulation 2016/679/EU (hereinafter also “GDPR”)

Why this notice

Arch. Riccardo Pellini (hereafter also “Data Controller”), the Italian College Privacy Services company, is committed to respecting and protecting your privacy and wants you to feel safe both when simply browsing the website and if you decide to register by providing us with your personal data in order to take advantage of the services made available to its Users. On this page, the Data Controller intends to provide some information on the processing of personal data relating to users who visit or consult the website accessible by telematic means (the “Site”).

The information on the processing of personal data is provided only for the Owner’s website and not for other websites that may be consulted by the user through links (for which please refer to their respective information/privacy policies).

The reproduction or use of pages, materials and information contained within the Site, by any means and on any medium, is not permitted without the prior written consent of the Owner. Copying and/or printing for exclusively personal and non-commercial use is permitted (for requests and clarifications, please contact the Owner at the addresses indicated below).

Other uses of the contents, services and information on this site are not permitted.
With regard to the contents offered and the information provided, the Owner shall endeavour to keep the contents of the Site reasonably up-to-date and revised, without offering any guarantee as to the adequacy, accuracy or completeness of the information provided and explicitly disclaims any liability for any errors of omission in the information provided on the Site.

Origin – Navigation data

The Data Controller hereby informs you that the personal data provided by you and acquired at the time of your request for information and/or contact, site registration and use of the services via smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services, including navigation data and data used for the possible purchase of products and services offered by the Data Controller but also only the so-called “surfing” data of the site by Users, shall be processed in compliance with the applicable regulations.

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This is information that is not collected in order to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify the navigating users.

This category of data includes the “IP addresses” or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the proper functioning of the Data Controller’s website. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes to the detriment of the Owner’s site or other sites connected or linked to it: except for this eventuality, at present the data on web contacts do not persist for more than a few days.

Origin – Data provided by the user

The Owner collects, stores and processes your personal data for the purpose of providing the products and services offered on the Site, or for legal obligations. With regard to some specific Services, Products, Promotions, etc., the Controller may also process your data for commercial purposes. In such cases, a specific, separate, optional and always revocable consent will be requested in the manner and at the addresses indicated below.
The optional, explicit and voluntary sending of e-mails to the addresses indicated in the relevant section of the Website, as well as the filling in of questionnaires (e.g. forms), communication via chat, push notification via APPs, social networks, call centres, etc., entails the subsequent acquisition of some of your personal data, including those collected through the use of the Apps and related services, necessary to reply to your requests. Please also note that when using your mobile connection to access content and digital services offered directly by the Controller or by our Partners, it may be necessary to transfer your personal data to such third parties.
We point out that you may access the Site or connect to areas where you may be enabled to post information using blogs or noticeboards, communicate with others, for example from the Controller’s page on Facebook®, LinkedIn®, YouTube®, and other social networking sites, review products and offers, and post comments or content.

Purpose of processing and legal basis

Data are processed for the purposes

  1. strictly related to and necessary for registering to the site, services and/or Apps developed or made available by the Controller, for the use of the related information services, for the management of contact or information requests, for making purchases of products and services offered through the Controller’s site
  2. for ancillary activities related to the management of the User’s requests and the sending of feedback, which may include the transmission of promotional material; for the completion of the purchase order of the products and services offered, including aspects relating to payment by credit card, the management of shipments, the possible exercise of the right of withdrawal provided for distance purchases, the updating on the availability of products and services temporarily unavailable
  3. related to the fulfilment of obligations provided for by EU and national regulations, the protection of public order, the detection and prosecution of crimes;
  4. direct marketing, i.e. sending advertising material, direct sales, carrying out market research or commercial communication of products and/or services offered by the Controller; this activity may also concern the Controller’s products and services and be carried out by sending advertising/information/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding users, carried out using ‘traditional’ methods (e.g. paper mail and/or operator calls), or using ‘automated’ contact systems (e.g. SMS and/or MMS, telephone calls without operator intervention, e-mail, fax, interactive applications), pursuant to Article 130 c. 1 and 2 of Legislative Decree 196/03 as amended;

The provision of data for the purposes referred to in points 1), 2) and 3), connected with a pre-contractual and/or contractual phase or functional to a request by the user or envisaged by a specific regulatory provision, is compulsory and, failing this, it will not be possible to receive the information and access any services requested; with regard to point 4) of this Information on the processing of personal data, the user’s consent to the processing of data is, on the other hand, free and optional and can always be revoked without any consequences on the usability of the products and services, except for the impossibility for the Controller to keep users updated on new initiatives or special promotions or advantages that may be available.

The Data Controller may send commercial communications relating to products and/or services similar to those already provided, in accordance with Directive 2002/58/EU, using the e-mail addresses, or the hard copy addresses, indicated by you on these occasions, to which you may object in the manner and at the contact details set out below.

Methods, processing logic, storage times and security measures
Data processing is also carried out with the aid of electronic or automated means and is performed by the Data Controller and/or by third parties that the Data Controller may use to store, manage and transmit the data. The data processing will be carried out with the logic of organisation and processing of your personal data, also related to the logs originated by the access and use of the services made available via web, of the products and services used related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data. The personal data processed will be retained for the time period provided for by the legislation applicable at the time.

Again with regard to data security, in the sections of the website set up for particular services, where personal data is requested from the user navigator, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated to SSL.

SSL technology encrypts information before it is exchanged via the Internet between the user’s computer and the Controller’s central systems, making it unintelligible to unauthorised parties and thus guaranteeing the confidentiality of the information transmitted. Furthermore, transactions made using electronic payment instruments are carried out using the Payment Service Provider’s (PSP) platform directly, and the Controller only retains the minimum set of information necessary to handle any disputes.

Precisely with reference to the personal data protection aspects, the user is invited, pursuant to Article 33 of the GDPR, to notify the Controller of any circumstances or events from which a potential “personal data breach” may arise in order to allow for an immediate assessment and the adoption of any actions aimed at countering such an event by sending a communication to the Controller to the contacts indicated below.

The measures adopted by the Data Controller do not exempt the user from paying the necessary attention to the use, where required, of passwords/PINs of adequate complexity, which he/she will have to update periodically, especially in the event that he/she fears they have been hacked/known by third parties, as well as carefully guarding them and making them inaccessible to third parties, in order to avoid improper and unauthorised use.

 

Cookies

A cookie is a short string of text that is sent to your browser and possibly saved on your computer (alternatively on your smartphone/tablet or any other tool used to access the Internet); this sending generally occurs every time you visit a website. The Controller uses cookies for various purposes in order to provide you with a fast and secure digital experience, for example, by allowing you to maintain an active connection to the secure area while browsing through the pages of the site.The cookies stored on your terminal cannot be used to retrieve any data from your hard disk, transmit computer viruses or identify and use your e-mail address. Each cookie is unique to the browser and device you use to access the Website or use the Owner’s App. Generally, the purpose of cookies is to improve the operation of the Website and the user experience when using the Website, although cookies may be used to send advertisements (as set out below). For more information on what cookies are and how they work, you can consult the “All about cookies” website.

Areas of communication and data transfer.

For the pursuit of the above purposes, the Controller may communicate and have your personal data processed, in Italy and abroad, to third parties with whom we have dealings, where these third parties provide services at our request. We will only provide these third parties with the information necessary to perform the requested services taking all measures to protect your personal data.

Data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship. In this case, recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by the Controller.

In the case of the use of services offered directly by Partners, we will only provide the data strictly necessary for their performance. In any case, only the data necessary for the pursuit of the intended purposes will be disclosed and the guarantees applicable to data transfers to third countries will be applied where required. We may also disclose personal data to our commercial service providers, for marketing reasons, who are appointed as external data processors for this purpose.

In addition, personal data may be disclosed to the competent public bodies and authorities for the purposes of complying with legal obligations or for ascertaining liability in the event of computer crimes to the detriment of the site, as well as disclosed to, or allocated at, third parties (in their capacity as data processors or, in the case of providers of electronic communication services, as independent data controllers), who provide IT and telematic services (e.g.: hosting services, management and storage services, and the provision of services to third parties). hosting services, website management and development) and which the Data Controller uses to perform tasks and activities of a technical and organisational nature that are also instrumental to the functioning of the website.

The subjects belonging to the above categories operate as separate Data Controllers or as Managers appointed for this purpose by the Data Controller.

Personal data may also be disclosed to the Controller’s employees/consultants who are specifically instructed and appointed as Authorised Processing Subjects.

The categories of recipients to whom the data may be communicated are available by contacting the Controller at the addresses indicated below.

Rights of data subjects

You may at any time exercise the rights granted to you by law, including the right:

  1. to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, the existence of automated decision-making processes
  2. to obtain without delay the rectification of inaccurate personal data concerning him/her
  3. to obtain, in the cases provided for, the deletion of your data
  4. to obtain the restriction of the processing or to object to the processing, when possible
  5. to request the portability of the data you have provided to the Data Controller, i.e. to receive them in a structured, commonly used and machine-readable format, also for the purpose of transmitting such data to another data controller, within the limits and constraints set out in Article 20 of the GDPR;

Furthermore, you may lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR.

For the processing referred to in point 4) of the purposes, the user may always revoke consent and exercise the right to object to direct marketing (in ‘traditional’ and ‘automated’ form). The opposition, in the absence of any indication to the contrary, will refer to both traditional and automated communications.

The above-mentioned rights may be exercised upon request by the Data Subject using the references below.

Data Controller

Data Controller, pursuant to art. 4 of the GDPR, Arch. Riccardo Pellini – Via Nottolini T.II, 42 – S. Concordio – 55100 Lucca – P.IVA 01968740462

Personal Data Protection Officer (DPO)

The Personal Data Protection Officer can be contacted at

info(@)pelliniarchitetti.it

The use of the Website, including those intended for tablets and/or smartphones, by the User implies full knowledge and acceptance of the content and any indications included in this version of the Information on the processing of personal data published by the Controller at the time the site is accessed. The Data Controller informs you that this Information on the processing of personal data may be modified without prior notice and therefore recommends that you read it periodically.

The Data Controller

Arch. Riccardo Pellini

20/05/2024

Copyright 2024 – Pellini Architetti – P.IVA 01968740462 – Web Agency Orange Energy CommunicationPrivacy Policy