Last Updated: January 24, 2018
The data controller (“Controller”
) is UpSecurIT S.R.L., a limited liability company with its main headquarters registered in L’Aquila (Italy), via Saragat 1 – CAP 67100 , Tax Code and VAT no. IT02022340661.
The data Controller hereby intends to describe the processing of personal data and in particular:
a. The type of data processed and whether it’s mandatory or optional to conferm it.
b. The purposes and methods of personal data processing, concerning data either collected via the site or automatically collected and processed to provide a service;
c. The consequences of a refusal to provide personal data;
d. Categories of individuals or entities to whom personal data may be disclosed, in their capacity as data processors or data controllers, and information on personal data disclosure to third parties;
e. The users’ rights pursuant to article 7 of Legislative Decree 196/2003.
I. PURPOSES AND PROCESSING ARRANGEMENTS
The data Controller hereby informs that the data provided by users will be processed for the following purposes:
a. Allow to access and use the online platform and services (“Performance of Contract”);
b. For marketing purposes which may include e-mail messaging, market research using analytics tools to find and understand marketing trends and correlations, create aggregate statistics on Users (“Direct Marketing Purposes”);
Personal data will be processed using automated tools only for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are taken to prevent loss, illicit or incorrect and unauthorized access to data. The data Controller may transfer the personal data in Italy and abroad, within the European Union, in accordance with article 42 of Legislative Decree no. 196/2003 and outside the EU in compliance with article 43 of Legislative Decree no. 196/2003.
II. DISCLOSURE OF DATA TO THIRD PARTIES
The Data Controller may disclose personal data to third parties involved in the operation of the website (such as administrative and commercial personnel) or external parties (such as technical service providers, service providers for the delivery of communication services, mail carriers, hosting providers, IT companies, agencies) appointed, if necessary, as data processors. The complete and updated list of data processors can be requested at any time to the data Controller. Controller shall never pass users’ personal details to an external third party for marketing purposes without their explicit consent.
III. TYPE OF DATA COLLECTED AND CONSEQUENCES OF A RESUSAL TO PROVIDE DATA
a. Data disclosed by users
When users access or log-in on the platform, the information the data Controller collects may include name, surname, email address.
Disclosure of personal data is necessary for the purpose referred to in letter a) of section I “PURPOSES AND PROCESSING ARRANGEMENTS” (i.e. using the Platform and performance of Services). Failure to disclose personal data for the above purpose will prevent users from using the website and using the services.
Users are free to disclose personal data for marketing purposes as per letter b) of section I “PURPOSES AND PROCESSING ARRANGEMENTS”, and may withdraw their consent at any time by providing notice to the data Controller in accordance with paragraph “USER RIGHTS”. Refusal to confer personal data for such purposes will result in the impossibility for the data Controller to collect and process personal data to perform marketing activities as described under Section I letter b) but it will not affect the use of the website and its services.
b. Data automatically collected
When accessing the website, the data Controller may automatically collect some data, such as IP address, country of origin, browser and operating system, time spent on each page, the page response times, download errors, information on the interaction with the page. The data thus collected although is not used to identify individuals, it may, due to its characteristics, helps identify those users by associating the data with other information. The above data will be stored temporarily in compliance with applicable law.
V. USERS RIGHTS
Users are entitled to exercise their rights according to article 7 of the Personal Data Protection Code, hereto included for convenience of reference only. Any request shall be addressed to the data Controller by sending an e-mail to [email protected]
or a registered mail by post to:
Via Saragat 1
67100 L’Aquila, Italia
Section 7 (Right to Access Personal Data and Other Rights)
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her exists, regardless of it being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2); and e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. A data subject shall have the following rights: a) to obtain updating, rectification or, where interested therein, integration of the data; b) to obtain erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) to obtain certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part, a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.