Information processing is a general obligation that must be fulfilled before or at most at the time of initiating the direct collection of personal data. In the case of personal data not collected directly from the interested party, the information must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or to the interested party). Pursuant to the General Data Protection Regulation (GDPR – Reg. (EU) 2016/679), the undersigned organization, data controller, informs of the following:
SOURCES AND CATEGORIES OF PERSONAL DATA
The personal data held by the undersigned organization are collected directly from the interested parties. This site also does NOT collect data belonging to particular categories (so-called “sensitive” data), for which we mean those suitable to disclose racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations of a religious, philosophical, political or trade union nature, state of health and sex life.
The computer systems and software procedures used to operate the website acquire, during their normal operation and only for the duration of the connection, some personal data and/or pseudonyms whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical cyber crimes against the site.
Profiling data regarding the habits or consumption behavior of the interested party are not directly acquired. It is, however, possible that through links or by incorporating elements of third parties, such information is acquired by independent or different subjects. Please see in this regard the section on third-party cookies.
Like others, this website saves cookies on the browser used by the user concerned for the transmission of information of a personal nature and to enhance their experience. In fact, cookies are small text strings that the sites visited by the user send to their terminal (usually to the browser), where they are stored, sometimes even for a long time, to be then retransmitted to the same sites upon the next visit.
As explained below, you can choose whether and which cookies to accept, bearing in mind that refusing their use may affect the ability to perform some transactions on the site or the accuracy and adequacy of some customizable content proposed or the ability to recognize the user from one visit to the next. If no choice is made in this regard, the default settings will be applied and all cookies will be activated: however, at any time, you may communicate or modify the decisions in this regard.
In particular, so-called session cookies are used, which are not stored permanently on the user’s computer and disappear when the browser is closed and whose use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient browsing of the site and which avoid the use of other computer techniques potentially prejudicial to the confidentiality of the user’s association and do not allow the acquisition of personal identification data of the user. Then we use analytics cookies that help to understand how visitors interact with the contents of the site, collecting information (geographical and web origin, technology used, language, entry pages, visits, exits, permanence times, etc.) and generating website usage statistics without the personal identification of individual visitors. All these are to be considered technical cookies for which, since it is not necessary to give consent, the opt-out mechanism applies. Technical cookies are not disclosed to third parties as they are necessary or useful for the operation of the site; therefore they are processed only by qualified subjects such as appointees, data processors or system administrators.
The site does not incorporate cookies and other elements (tags, pixels, etc.) of third parties.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of emails to the addresses indicated on the site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the email. The explicit and voluntary sending of forms that may be filled in on the site containing the data of the interested party also involves processing to follow up on pre-contractual obligations or the execution of the services provided for by sending the forms. This information in the forms may concern personal data, contact details, telephone numbers, email addresses of the interested parties and identified and identifiable third parties related to the user of the site. However, specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
PURPOSES AND LEGAL BASES OF THE PROCESSING
Personal data are used (ref. Art.6 par. 1 b) of the GDPR):
a) to allow browsing on the site and
b) possibly to perform the service or provision requested as part of the normal activity carried out by the undersigned organization
In addition, all personal data may be processed:
c) for purposes related to obligations provided for by the law, as well as by provisions issued by authorities legitimized by the law (ref. Article 6 par. 1 c) and Article 9 par. 2 b), g), h) of the GDPR);
d) for the assessment, exercise or defense of a right in court and out of court (legitimate interest) of the undersigned organization (ref. Article 6 par. 1 f) and Article 9 par. 2 f) of the GDPR);
e) for direct marketing purposes according to the legitimate interest of the Data Controller in particular; for cookies, advertising codes used to show advertisements; for email addresses for sending functional messages for the provision of services; for browsing and usage logs to protect the site and the service from cyber-attacks; in these cases the interested party may always deny consent so that the Data Controller will abstain from processing (ref. Art. 6 par. 1 f) of the GDPR);
f) for purposes functional to the activities for which the interested party has the right to express consent or not (GDPR Art. 6 par. 1 a)).
CONSEQUENCES OF REFUSAL TO PROVIDE DATA
The provision of data collected from the interested party is optional but essential for the purpose of processing them for the purposes cited under a) and b). In the event that the interested parties do not communicate their indispensable data and do not allow the processing, it will not be possible to proceed with the performance and implementation of the services offered and to follow up on the contractual obligations undertaken, with consequent prejudice to the correct fulfillment of regulatory obligations, such as accounting, tax and administrative obligations, etc.
Apart from the data specified for browsing data, the user is free to provide personal data for cookies and specific requests through forms e.g. on products and/or services. Failure to provide such data may make it impossible to obtain what has been requested. For all non-essential data, provision thereof is optional. In the absence of consent or incomplete or incorrect provision of certain data, the obligations requested may be so incomplete as to cause prejudice in terms of penalties or loss of benefits, both for the impossibility of guaranteeing the suitability of the processing itself for the obligations for which it is carried out, and for the possible mismatch of the results of the processing itself to the obligations imposed by the laws it addresses, intending to exempt the undersigned organization from any and all responsibility for any sanctions or afflictive measures.
DATA PROCESSING METHODS
The data processing linked to the web services of the site occur with automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place at the server in Italy or the EU and are only handled by technical staff in charge of processing, or by persons in charge of maintenance and administration operations. Specific security measures are observed to prevent the loss of data, illegal or incorrect use and unauthorized access and loss of confidentiality. The structure is equipped with anti-intrusion devices, firewalls, logs and malfunction recovery. Specific mechanisms are used for encrypting and segregating data and authenticating and authorizing users.
Data processing means their collection, recording, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerized and online tools, with software strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of personal data it will therefore be processed in compliance with the methods indicated in Art. 5 Reg EU 2016/679, which provides, among other things, that data are processed lawfully and fairly, collected and recorded for specific, explicit and legitimate purposes, exact, and, if necessary, updated, relevant, complete and not exceeding the purposes of the processing, in compliance with fundamental rights and freedoms, as well as the dignity of the interested party with particular reference to confidentiality and personal identity, through protection and security measures. The undersigned organization has prepared and will further refine the security system of the access and storage of data.
An automated decision-making process (e.g. profiling) is not carried out.
TRANSFERS OUTSIDE THE EU
The processing takes place in non-EU and non-EEA countries, when the connections to the site come from those countries (at the request of the interested party who is there).
Personal data will be stored, in general, as long as the purposes of the processing persist according to the category of data processed.
CATEGORIES OF RECIPIENTS
The data (only the indispensable data) are communicated:
• to persons in charge and responsible for data processing, both internal to the organization of the company, as well as external, who perform specific tasks and operations (site administration, analysis of browsing data, traffic, management of emails and forms sent voluntarily by the user, etc.);
• in the cases and subjects provided for by the law.
The data will not be disseminated unless otherwise provided by law or after anonymization. Without prejudice to what is specified for cookies and third-party elements, without the prior general consent of the interested party to communications to third parties, it will be possible to carry out only the services that do not provide for such communications. In case of need, specific and timely consents will be requested and the subjects who will receive the data will use them as independent owners.
In some cases (not subject to the ordinary management of this site), the Authority may request news and information, for the purpose of controlling the processing of personal data. In these cases, the response is mandatory under penalty of administrative sanction.
RIGHTS OF THE INTERESTED PARTY
At any time, you may: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided for against the data controller, pursuant to Articles15-22 of the GDPR (link to the regulation); propose a complaint to the Guarantor (www.garanteprivacy.it); if the processing is based on consent, revoke this consent given, taking into account that the revocation of consent does not affect the lawfulness of the processing based on consent before revocation.
Disabling cookies Almost all browsers offer the possibility to manage and not enable cookies, in order to respect the preferences of users. In some browsers it is possible to set rules to manage cookies on a site-by-site basis, an option that offers more precise control over the user’s privacy; another function available on some browsers is the incognito mode, so that all cookies created in this mode are deleted after closing.
Consult the following instructions for managing cookies in these browsers:
• Internet Explorer / Edge
The data controller is WTS R&A STUDIO TRIBUTARIO.
Headquarters located at: Corso Re Umberto, 10 CAP 10121 Torino (TO)
Email address: firstname.lastname@example.org
The full list of data processors is available on request.