Under Article 13 EU Regulation n. 2016/679 - GDPR
GDP Analytics s.r.l. in accordance with EU Regulation n. 2016/679, containing instructions to protect personal data processing of individual person and other entities, in behalf of its legal representative (CEO) Giovanni Battista Gardino, hereinafter referred to as DATA CONTROLLER
that the personal data you provide will be subjected to the above-mentioned Regulation as well as to the company confidentiality obligations.
Why this information
Policy and Privacy Standards used for protecting Personal Data are based on the following principles:
PRINCIPLE OF RESPONSIBILITY
The processing of Personal Data is handled over time by appropriate responsibilities identified within the company.
PRINCIPLE OF TRANSPARENCY
PRINCIPLE OF LEGITIMATE COLLECTION
Personal data is processed lawfully and fairly; Personal Data is stored for specific, explicit and legitimate purposes. The entire information is kept for the time necessary for the purposes of collection.
PRINCIPLE OF DATA USAGE
The purposes of Personal Data processing are disclosed to the parties at the time of collection. Any new operation, if unrelated to the stated purposes, are activated after a new disclosure and any possible request for authorization, when required by GDPR.
Personal Data is accurate and updated over time. It is organized and maintained so that the users have the opportunity to know, if they want, what kind of data has been collected and stored, as well as for quality control and possible correction, integration, deletion for violation of law, or opposition to the treatment and to exercise all other rights provided by GDPR at the addresses described in this page.
Personal Data is protected by IT infrastructures, organizational, logistical, procedural and technical security measures, against the risk of destruction or loss, even accidental, and unauthorized access or not allowed treatment. These measures are regularly updated according to technical progress, nature of the data and specific characteristics of the treatment, constantly monitored and checked over time.
Third parties carrying out support activities of any kind for the provision of GDP Analytics srl services, and for which processing of Personal Data is involved, are designated by the latter Responsible for processing the data and are contractually bound to meet the security and confidentiality measures of the treatment. The identity of these third parties has to be known to the users. With users authorization, if required by law, and in any case after adequate disclosure specifying all purposes, the data may be disclosed to third parties, public and private, unrelated to GDP Analytics srl, which will handle the data as independent Data Controller. GDP Analytics srl is not responsible for processing of Personal Data from third parties.
Data Protection Officer (DPO)
Object of Treatment
- identification data (biographical data, email address, …)
- genetic data (racial or ethnic origin, …)
- biometric data (physical, physiological and behavioural features that can be inferred from existing and owned documents)
- political opinions (if declarative obligations are available)
- religious and philosophical convictions (if declarative obligations are available)
- trade union membership (if declarative obligations are available)
Any other data acquired from our conferred mandate is referred to any details of our analysis.
Special data could be freely provided in the "Contact" page.
a. Navigation data
The information systems and software procedures used in the website acquire, during their normal operation, some Personal Information whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users, but by their nature could be used to identify users, through processing and associations with data held by third parties. Such category of data includes IP addresses or domain names of computers used by users in connecting to the website, the URI (Uniform Resource Identifier) of requested resources, time of request, the method used to submit the request to the server, the file size in response, the numerical code indicating the status of the response given by the server (OK, error, etc.) and other parameters denoting the operating system and computer environment. This data is only used to obtain anonymous statistical information about the website and to check its correct operation, to identify anomalies and / or abuse, and it is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical crimes against the website or third parties: except for this eventuality, data on web contacts will be removed after seven days.
b. Special categories of Personal Data
When using the form in "Contact" page, you may transfer Personal Data falling into the category of Special Categories of Personal Information as provided in art. 9 of the Regulation, literally the "[...] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and [...] genetic data, biometric data, [...], data concerning health or data concerning a natural person’s sex life or sexual orientation ". We recommend to only communicate such data when necessary. Indeed, we remind you that in case of transmission of special categories of Personal Data, without specific authorization in processing such data (event that however, allows you to send a curriculum vitae), GDP Analytics srl can not be responsible under any circumstances, nor will it receive any statement of objections, since in that case the treatment will be allowed as the data is made public by the user, in accordance with the art. 9 of the Regulation. We specify, however, the importance, as previously mentioned – to declare the explicit authorization to the processing of special categories of Personal Data, whenever you decide to share that information.
c. Data provided voluntarily by the person
When using certain services of the website it may happen processing of third parties Personal Data sent to GDP Analytics srl. Under these assumptions, you are the autonomous Data Controller, thus taking all the obligations and responsibilities of law. In this terms, it confers on the widest point indemnity with respect to any dispute, claim, request for compensation from processing data, etc. received by third parties whose Personal Data is treated through the use of the website in violation of the rules concerning data protection. In any event, if Personal Information of third parties is processed or submitted throughout the website, you guarantee from now – taking all responsibility - that this particular data treatment is based on an appropriate legal basis under Art. 6 of the Regulation which legitimize the processing of such information.
Purpose of personal data
Your data are necessary to carry out our planned activities and to perform administrative, accounting and tax tasks. In addition, your data can be used to ensure that no criminal actions are taken against the website.
Legal Basis and compulsory or optional nature of the treatment
The legal basis of Personal Data processing for the purposes described in section 3 (a-b) is the art. 6 (1) (b) of the Regulation as the treatments are necessary for the provision of services or for the detection of the users requests. The transfer of Personal Data for such purposes is optional, but in case of no transfer it may be impossible to activate the services provided by the website. The purposes described in section 3c represent a legitimate processing of Personal Data under Art. 6 (1) (c) of the Regulation. Once Personal Data is conferred, the treatment is indeed necessary to fulfill legal obligation to which GDP Analytics srl is subjected. All treatments aiming at sending direct mailing containing promotional material or direct sales or for the fulfillment of market research or for commercial communications related to products or services of GDP Analytics srl, GDP Analytics srl may use, without your authorization, the e-mail addresses and postal mail in accordance with and to the extent allowed by the Authority for the protection of personal data (19 June 2008); the legal basis of your data processing for such purposes is the art. 6.1.f) of the Regulation. However, under art. 21 of the Regulation, the user has the opportunity to reject such processing at any time, either initially or in subsequent communications, in an easy and even free of charge way by writing to the Controller, and to get a fast feedback confirming the interruption of such treatment (Article 15 of the Regulation).
Recipients of Personal Data
Personal Data may be shared, for the purposes described above, with:
- individuals who typically act as the responsible of the treatment ex art. 28 of the Regulation namely: i) people, companies or professional offices that provide assistance to GDP Analytics srl in accounting, administrative, legal, tax, financial and credit recovery relative to the provision of services; ii) entities for which it is compulsory to interact with for the provision of services (such as hosting providers) iii) people/entities delegated to carry out technical maintenance (including maintenance of network equipment and electronic communications networks); ("Target" collectively); the list of controllers who process data can be requested from the owner.
- persons, entities or authorities, autonomous controllers, for which it is required to communicate Personal Data in accordance with legal provisions or authorities;
- persons authorized by GDP Analytics srl to process Personal Data, ex art. 29 of the Regulation, necessary to carry out activities strictly related to the provision of services, which are committed to confidentiality or have adequate legal duty of confidentiality (eg. Employees of GDP Analytics srl)
Methods of storing and processing
The processing of Personal Data will be carried out automatically and / or manually, in accordance with Article 32 on the Regulation on security measures, by authorized persons, in accordance with Article 29 of the Regulation, which will act under the authority of the controller. Only authorized people can process your Personal Data.
Communication and distribution areas
Personal Data may be disclosed to third parties to fulfill legal obligations or in executing orders from legitimate public authorities. If necessary, in relation to particular services or products, Personal Data may be disclosed to third parties who perform, as independent data controllers, strictly connected functions for the provision of services or delivery of products. Without communication, these services and products may not be provided. Personal Data will not be disclosed, unless the requested service requires it.
Your personal data are stored on local servers at our legal address; it will never be transferred either in any of the EU Member States or in third countries outside the European Union.
Special Categories of Personal Data
In accordance with Articles 9 and 10 of the Regulation, it is possible to transfer data labeled as "special categories of Personal Data", i.e. data revealing "racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, biometric data intended to unambiguously identify the individual, the data related to personal health and sex life or sexual orientation".
Personal Data processed for the purposes specified above will be kept for the time strictly necessary to achieve those same purposes in accordance with the principles of minimization and limitation of retention ex art. 5.1.e) of the Regulation. In any case, the Controller will treat Personal Data as long as it is necessary to fulfill contractual and law obligations.
Under Articles 15 and 22 of the Regulation, at any time you can exercise the right to:
- Ask for the existence of your personal data;
- Get the information on the purpose of your Personal Data processing, categories of your Personal Data, receiver or group of receivers to whom your Personal Data has been or will be transferred to and, when possible, its storage duration;
- Get updates, adjustments and Personal Data deletion;
- Get limitations to your Personal Data processing;
- Ask for data portability, i.e. receive your personal information from a Data Controller, in a structured easy-to-read format, and transfer it to another controller without obstacles;
- Refuse to approve your data processing at any time even in case of direct marketing;
- Refuse to approve any automated decisional process related to physical persons, including profiling;
- Ask to the data processing controller the access to your personal data as well as asking for adjustments, deletions, limitation or to its processing rejection, beyond data portability;
- Revoke your approval at any time without undermining the lawfulness based on the consent before the revocation;
- Make a compliant to a supervisory authority.
How to exercise your rights
You can exercise your rights by sending a written request to GDP Analytics srl to our legal address or via the following e-mail: email@example.com