General Data Protection Regulation
According to the regulations indicated, the data will be processed based on principles of correctness, lawfulness, transparency and protection of confidentiality and user’s rights.
The policy describes exclusively the methods of managing the website – with reference to the processing of personal data of users/visitors who consult it – and does not also refer to external websites that can be consulted by users by clicking on the links available on that website.
Additional information may be provided within specific sections.
- TYPE OF DATA PROCESSED AND PURPOSE OF PROCESSING
1.1. Navigation data
During their normal operation, the computer systems and applications dedicated to the operation of this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
These data are not collected in order to be associated with identified data subjects, but by their very nature they could, through processing and association with data held by third parties, allow the identification of users/visitors.
Data collected include IP addresses or domain names of the computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) as well as other parameters relating to the operating system and computer environment of the user.
These data are processed, for the time necessary to achieve the purpose for which they are collected, to the sole aim of obtaining anonymous statistical information on the use of the website (access to it) and to check its proper operation.
The data could be used to ascertain liability in the event of cyber crimes committed against the website.
1.2. Data provided voluntarily by the user
Sending email messages to the addresses indicated on this website (for example in order to request information) involves the acquisition of the sender’s address, as well as any other personal data included in the messages. Such data will be processed solely for the purpose of processing the request and communicated to third parties only in cases where this is necessary for the fulfilment of the request (e.g. delivery of the requested documentation).
If users/visitors are requested to provide their personal data, in order to access certain services, a specific and detailed policy on the processing of personal data in accordance with the regulations in force will be provided in advance on the pages relating to the individual services and will specify data processing limits, purposes and methods.
Description of cookies
Cookies are small text files that are sent from the website visited by the user to the user’s device (usually to the browser), where they are stored so that the device can be recognised the next time the user visits the website. On each subsequent visit, cookies are sent back to the website by the user’s device.
Cookies can be “installed” (more precisely, stored and accessed), however, not only by the manager of the website visited by the user (first-party cookies), but also by a different website that “installs” cookies through the first website (third-party cookies) and is able to recognise them. This happens because on the visited website there may be elements (images, maps, sounds, links to web pages of other domains, etc.) that reside on servers different from that of the visited website.
Depending on their purpose, cookies can be classified as technical cookies or profiling cookies.
Technical cookies are “installed” for the sole purpose of “transmitting a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service”.
They are usually used to allow efficient navigation between pages, store users’ preferences (e.g. font size, language, country, etc.), store information on specific user configurations, manage login, etc. Some of these cookies (called ‘essential’ or ‘strictly necessary’) – such as session cookies used to manage the shopping basket in e-commerce websites – enable functions without which certain operations would not be possible.
The use of technical cookies does not require the user’s consent.
Then there are the so-called “analytics” or “analytical cookies”, which are used to monitor the use of the website by users for optimisation purposes. Since they are similar to technical cookies, for their installation neither users’ consent is required, nor satisfaction of any further regulatory requirements, as long as they are used directly by the first party of the website (i.e., without the intervention of any third parties). Also similar to technical cookies are analytical cookies created and made available by third parties and used by the first party of the website for mere statistical purposes, as long as suitable tools are adopted to reduce their identification power (for example, by masking significant portions of the IP address) and the third party expressly undertakes not to “cross-compare” the information contained in these cookies with other information available to it.
Profiling cookies are used to track user navigation and analyse users’ behaviour for marketing purposes and are designed to create user-related profiles. They are used to send advertising messages in line with the user’s preferences when surfing the web. These cookies may only be installed on the user’s terminal if the user has given his or her consent in the manner indicated in the above-mentioned Provision issued by the Italian Data Protection Supervisor.
Depending on their duration, cookies can be persistent cookies, which remain stored on the user’s device until they expire, unless removed by the user, and session cookies, which are not permanently stored on the user’s device and disappear when the browser is closed.
Profiling cookies are usually persistent cookies.
Cookies used on this website
This website uses technical cookies to allow safe and efficient navigation and to monitor website operation.
This web site manages cookies through lubenda.
How to delete cookies
Please note that by default almost all web browsers are set to automatically accept first-party cookies. Users can, in any case, change the default configuration through their browser settings. However, disabling/blocking cookies or deleting them may prevent optimal use of certain areas of the website or of the website as a whole. The way cookies are managed depends on the type of browser used, and often on its specific version. At any rate, it is usually necessary to open the browser settings and change the preset rules, deciding which types of cookies to disable and/or to remove the existing ones. Detailed information on the procedure for cookie settings can be found in the guides of the browser used (generally accessible from a PC using the F1 button or by clicking on the question mark icon, usually present in the browser). Please also refer to the guides of the main browsers and the following links:
Google Chrome Chrome https://support.google.com/chrome/answer/95647?hl=it
- DATA PROCESSING METHODS
Personal data are processed using automated tools (e.g. using electronic procedures and supports) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the relevant regulations in force.
The data shall also be processed according to organisational and processing criteria strictly related to the purposes for which the data were collected and, in any case, in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the procedures, and the organisational and physical measures under the provisions in force.
- OPTIONAL NATURE OF DATA PROVISION
Except as specified above for navigation data and cookies, the user/visitor is free to provide his or her own personal data, for instance in the case of enquiries or contact requests sent by e-mail or requests for access to freely chosen services, utilities and applications. Failure to provide such data may make it impossible to obtain what has been requested and may prevent IMAGINE SRL from fulfilling its contractual obligations under the contract.
- DATA CONTROLLER, DATA PROCESSORS AND CATEGORIES OF PERSONS IN CHARGE OF PROCESSING
The Data Controller is IMAGINE SRL with registered office at Via Panerazzi no. 703, Crevalcore (BO), Italy.
The data processing operations connected to the web services of this website are carried out exclusively by technical personnel in charge of data processing.
In addition to the Data Controller’s employees, some personal data processing operations may also be carried out by third parties, to whom the company entrusts the management/maintenance of the website. In this case, the same subjects will be appointed as Data Processors.
Information relating to the data processors can be obtained by sending an email to the following address: firstname.lastname@example.org
The data will not be disseminated.
- RIGHTS OF DATA SUBJECTS
The subjects to whom the personal data refer have the right, at any time, to obtain confirmation of the existence or non-existence of such data and to know their contents and origins, verify their accuracy or request their integration or updating, or correction.
The data subjects also have the right to request erasure, transformation into anonymous form or blocking of data concerning them, processed in violation of the law, and to object to their processing in any case, for legitimate reasons.
Pursuant to art. 13 GDPR EU, the data subjects always have the right to know the identity and contact details of the Data Controller and, where necessary, its representative, the contact details of the Data Protection Officer, the purposes of the processing for which the personal data are intended as well as the legal basis of the processing, the legitimate interests pursued by the Data Controller or third parties appointed as data controllers, any recipients or categories of recipients of personal data, the data retention period and the Data Controller’s intention to transfer personal data to a third country or an international organisation.
The data subjects, pursuant to art. 13 of GDPR EU 679/2016 may also at any time exercise their right to:
– have access to personal data;
– obtain the rectification or erasure of personal data or restriction of processing;
– object to the data processing;
– data portability;
– withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
– lodge a complaint with a supervisory authority; for Italy it is the Garante della Privacy;
– be informed about whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
– be informed about the existence of an automated decision-making process, including profiling and, in those cases, receive meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
In accordance with art. 14 GDPR EU, where personal data have not been obtained from the data subject, the Data Controller IMAGINE SRL will provide the data subject with the following information:
a) the identity and the contact details of the Controller and, where applicable, of the controller’s representative;
b) the contact details of the data protection officer, where applicable;
c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
d) the categories of personal data concerned;
e) the recipients or categories of recipients of the personal data, if any;
f) where applicable, that the Controller intends to transfer personal data to a recipient in a third country and the existence or absence of an adequacy decision by the European Commission or, where required, reference to the appropriate or suitable safeguards and the means to obtain a copy of them or where they have been made available.
2. In addition to the information referred to in paragraph 1, the Controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject:
a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
b) the legitimate interests pursued by the controller or by a third party;
c) the existence of the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
d) the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
e) the right to lodge a complaint with a supervisory authority – for Italy it is the Garante della Privacy;
f) from which source the personal data originate, and if applicable, whether they came from publicly accessible sources;
g) the existence of an automated decision-making process, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
3. The Controller, IMAGINE SRL, shall provide the information referred to in paragraphs 1 and 2:
a) within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;
b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or
c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
4. Where the Controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, the Controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
For any information regarding the processing of data, users may send an email to email@example.com