Privacy Policy
PRIVACY POLICY: WHY THIS NOTICE
This page describes how the website http://www.incomitaly.com/ (hereinafter the “Site”) is managed with regard to the processing of the personal data of the users who consult it, and therefore this notice constitutes information to the interested parties pursuant to the applicable privacy legislation set forth in Regulation EU 2016/679 “General Data Protection Regulation” or GDPR. In the sections of the Website where the user’s personal data are collected, a specific privacy policy is normally published, which must in any case be considered complementary to this privacy policy. This notice is provided only for the IN.CO.M. S.p.A. website and not for any other websites that may be consulted by the user via links.
THE DATA CONTROLLER
The data controller is IN.CO.M. S.p.A. Via Roma, 47 – 51018 Pieve a Nievole (PT) Tel +39 0572-7771 / Fax +39 0572-777442 – E-mail: privacy@incomitaly.com
WHICH DATA ARE PROCESSED
1) Navigation data: during their normal operation, the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and/or association with data held by third parties, allow users to be identified. This category of data includes IP addresses or the domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the site and/or to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not persist for longer than is strictly necessary to achieve its purpose.
2) Data provided voluntarily by the user: the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the communication itself. Specific information on the processing of personal data will be progressively reported and/or displayed on the pages of the site set up for particular services on request. In any case, the Data Controller shall proceed to process personal data only with the free and informed consent of the data subject, which shall be requested prior to subscribing to the website services.
OPTIONAL PROVISION OF DATA
Apart from what has been specified for browsing data, the user is free to provide the personal data indicated in the request forms eventually present on the website to IN.CO.M. S.p.A.. Failure to provide such data may make it impossible to obtain what has been requested.
METHODS AND TIMES OF DATA STORAGE
In accordance with the requirements of EU Regulation 2016/679 (GDPR) and the principle of data minimization, the information systems and computer programs used by the Data Controller are configured to minimize the use of personal data and / or identification, such data are processed only to the extent necessary to achieve the purposes set out in this Policy and any specific information relating to the services requested through the website. The data will be stored for the period of time strictly necessary to achieve the purposes concretely pursued. The criterion used to determine the storage period is based on compliance with the terms permitted by applicable laws and the principles of minimising processing, limiting storage and rational management of archives.
SECURITY OF PERSONAL DATA
The Data Controller is committed to protecting the security of the user’s personal data and complies with the security provisions set out in the applicable legislation in order to avoid data loss, illegitimate or unlawful use of data and unauthorised access to the same, with particular, but not exclusive, reference to Articles 25-32 of EU Regulation 2016/679 (GDPR).
WHO CAN ACCESS THE DATA
The staff of the Data Controller is authorised to process the user’s data. The Data may be communicated to: (i) institutions, authorities, public bodies for institutional purposes; (ii) professionals, self-employed collaborators, also in associated form, third parties and suppliers that the Data Controller uses to provide services of a commercial, professional and technical nature functional to the management of the Site and its functions (e.g. suppliers of IT services), to the pursuit of the purposes specified above and to the services requested by the user. These subjects will receive only the data necessary for the relative functions and will undertake to use them only for the purposes indicated above and to process them in compliance with the applicable privacy regulations. The subjects receiving the data will process them as Data Controllers, Data Processors or Authorised Processors, as the case may be, for the purposes indicated above and in compliance with the applicable privacy laws. With regard to the possible transfer of data to third countries, including countries that may not guarantee the same level of protection provided by the Privacy Regulations, the Data Controller informs you that the processing will in any case take place in accordance with one of the methods permitted by the Regulations, such as, for example, the user’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programmes for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
USERS’ RIGHTS
Users may at any time exercise the rights recognised by Articles 15-22 of EU Regulation 2016/679 (GDPR), including the right to obtain confirmation of the existence or otherwise of personal data concerning them, to verify the content, origin, accuracy, location (including with reference to any third countries), to request a copy, to request rectification and, in the cases provided for by current legislation, restriction of processing, cancellation, opposition for direct contact, direct marketing activities (also limited to certain means of communication). Users may also at any time withdraw their consent and/or report observations on specific uses of data regarding particular personal situations that are deemed incorrect or not justified by the existing relationship, or lodge a complaint with the Control Authority. For any request relating to the processing of personal data by the Data Controller, in order to exercise the rights recognised by the applicable legislation, as well as to know the updated list of subjects to which the data are accessible, the user may contact the Data Controller at the addresses indicated above.