INFORMATION ON THE PROCESSING OF PERSONAL DATA
This is a general disclosure made in compliance with art. 13 of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data, as well as on the free circulation of such data (hereinafter the “Regulation”) to all users who consult and / or register and, more generally, they interact with the services rendered through the Website of INSME – International Network for Small and Medium Enterprises, with registered office in Rome, Via Giosuè Carducci n. 4, VAT and C.F. n. 11795091005, (hereinafter the “Data Controller”).
The processing of personal data will be carried out using manual, computerized and telematic tools with logic strictly related to the purposes of the processing and, in any case, in order to guarantee the security and confidentiality of the data and to minimize the use of personal data and identification data; the data will be stored on servers located in Italy and will not be transferred to outside the European Union and / or disseminated.
In this statement we will explain the purposes and methods by which the Data Controller collects and processes your personal data, which categories of data are processed, which are the rights of users and how they can be exercised.
The information is provided exclusively for this Website, therefore INSME – International Network for Small and Medium Enterprises assumes no responsibility for the other websites that may be consulted through hyperlinks on the Website itself.
We remind you, in case of access via social network platforms, to consult the information provided by the platform operator.
1. Categories of personal data
a. Navigation data
The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
These data are not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website.
b. Data provided voluntarily by the user
Except as specified above with regard to navigation data, INSME – International Network for Small and Medium Enterprises will acquire any personal data provided by the user through the Website to access certain services (eg for registration to the Community or to the newsletter ), or to make requests via e-mail. By way of example, the Website will acquire name, surname and e-mail address.
Through the Website, the Data Controller will not acquire data of a sensitive nature or in any case belonging to the particular categories referred to in art. 9 of Regulation (EU) 2016/679 or data relating to criminal convictions or offenses.
c. Data acquired for the use of the services
The Data Controller may also acquire some personal data related to the registered user for the use of the services offered by INSME – International Network for Small and Medium Enterprises through the Website.
The personal data indicated above will be processed by the Data Controller exclusively for the purposes and within the limits indicated in the following paragraph.
2. Purpose and legal basis of the processing
a. For the provision of the requested services
The data indicated in paragraph 1 lett. b) will be processed by the Data Controller to allow it to be registered on the Website and to use the services specifically linked to it. The data will therefore be processed for the execution of the contract in place with the Data Controller.
The provision of such data is necessary.
In case of navigation on the Website, in the absence of registration on the Website, only the navigation data acquired through the operating system will be processed.
b. For marketing purposes
With your specific consent, INSME – International Network for Small and Medium Enterprises may process your data for sending commercial communications through the use of automated systems (e-mail, SMS, app notifications).
The data referred to in paragraph 1, lett. b) will be used for such purpose.
The consent given can be withdrawn at any time by writing to firstname.lastname@example.org .
c. For profiling purposes
Subject to specific consent, INSME – International Network for Small and Medium Enterprises will be able to process your data to understand your habits and interests and to offer you products and services you like.
For this purpose, the Data Controller may process the data referred to in paragraph 1, letter. b) and c).
The consent given can be withdrawn at any time by writing to email@example.com.
d. For the communication of your data to third parties for marketing purposes
Subject to specific consent, INSME – International Network for Small and Medium Enterprises may communicate the users’ data to third parties who may process them for sending their commercial communications through the use of automated systems ( e-mail, SMS, app notifications ) and traditional systems (paper mail).
The data referred to in paragraph 1, lett. b) will be used for such purpose.
The consent given is revocable at any time by writing to firstname.lastname@example.org.
3. Categories of subjects to whom personal data can be communicated and purposes of communication
The Data Controller may communicate, for the same purposes, some of the acquired personal data also to third parties, who will process such personal data as data processors. The list of data processors may be requested from the Data Controller at any time.
The list of data processors may be requested from the Data Controller by writing to email@example.com.
4. Period of data retention and duration of treatments
Your data will be processed for the duration of the subscription with the Data Controller; following termination, for any reason, of the subscription, the data will be stored for a period of 10 years exclusively for the protection of the rights of the Data Controller and for the fulfilment of legal obligations.
With reference to the processing for marketing purposes indicated in lett. c) of paragraph 2, we inform you that the data will be processed for the entire duration of the subscription with the Data Controller, subject to its previous revocation.
With reference to the data processed for profiling purposes, we inform you that the data will be processed for 12 months, except for its previous revocation, or for the different period that should be provided by law or by the provisions of the Privacy Authority, after which the data will be retained, if necessary, to pursue other purposes, or will be permanently deleted.
With reference to the communication of data to third parties for marketing purposes, we inform you that the data may be subject to communication until the possible withdrawal of your consent.
5. Rights of the data subjects
We inform you that, in compliance with current regulations, any user has the following rights:
– requesting and obtaining information about the existence of personal data in the availability of the Data Controller and access to such data;
– requesting the transfer to another holder for data processed with automated systems;
– requesting and obtaining the modification and / or correction of personal data the user considers them to be inaccurate or incomplete;
– requesting and obtaining the cancellation – and / or the limitation of processing – of personal data in the case of unnecessary data or information – or no longer necessary data or information – for the above purposes, after the retention period indicated in the paragraph above.
These requests may be addressed to the Data Controller by writing to INSME – International Network for Small and Medium Enterprises, Via Giosuè Carducci n. 4, Rome.
We inform you that the Data Controller has appointed a person responsible for the protection of personal data that can be contacted at firstname.lastname@example.org.
We also inform you that under the current regulations you can propose any complaints regarding the processing of your personal data to the Italian Privacy Authority (Garante per la protezione dei dati personali) for the protection of personal data.
6. Security and Confidentiality
The Data Controller is committed to taking appropriate technical, physical and organizational measures to protect personal data against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.