PRIVACY POLICY

Under Article 13 EU Regulation n. 2016/679 - GDPR

GDP Analytics s.r.l. in accordance with EU Regulation n. 2016/679, containing instructions to protect personal data processing of individual person and other entities, in behalf of its legal representative (CEO) Giovanni Battista Gardino, hereinafter referred to as DATA CONTROLLER

informs you

that the personal data you provide will be subjected to the above-mentioned Regulation as well as to the company confidentiality obligations.

Why this information

The following lines describe how the website is managed in terms of processing of users Personal Data. This privacy policy is also, under GDPR, addressed to those who interact with services directly provided by GDP Analytics srl. The information is made for the website by GDP Analytics srl as the Data Controller.

Policy and Privacy Standards used for protecting Personal Data are based on the following principles:

  1. PRINCIPLE OF RESPONSIBILITY

    The processing of Personal Data is handled over time by appropriate responsibilities identified within the company.

  2. PRINCIPLE OF TRANSPARENCY

    Personal Data is collected and further processed according to the principles of the adopted Privacy Policy, descibed in this page. By the time of data submission, it is provided to the user a synthetic but complete disclosure, in accordance with GDPR.

  3. PRINCIPLE OF LEGITIMATE COLLECTION

    Personal data is processed lawfully and fairly; Personal Data is stored for specific, explicit and legitimate purposes. The entire information is kept for the time necessary for the purposes of collection.

  4. PRINCIPLE OF DATA USAGE

    The purposes of Personal Data processing are disclosed to the parties at the time of collection. Any new operation, if unrelated to the stated purposes, are activated after a new disclosure and any possible request for authorization, when required by GDPR.

  5. VERIFICATION PRINCIPLE

    Personal Data is accurate and updated over time. It is organized and maintained so that the users have the opportunity to know, if they want, what kind of data has been collected and stored, as well as for quality control and possible correction, integration, deletion for violation of law, or opposition to the treatment and to exercise all other rights provided by GDPR at the addresses described in this page.

  6. SECURITY PRINCIPLE

    Personal Data is protected by IT infrastructures, organizational, logistical, procedural and technical security measures, against the risk of destruction or loss, even accidental, and unauthorized access or not allowed treatment. These measures are regularly updated according to technical progress, nature of the data and specific characteristics of the treatment, constantly monitored and checked over time.

Third parties carrying out support activities of any kind for the provision of GDP Analytics srl services, and for which processing of Personal Data is involved, are designated by the latter Responsible for processing the data and are contractually bound to meet the security and confidentiality measures of the treatment. The identity of these third parties has to be known to the users. With users authorization, if required by law, and in any case after adequate disclosure specifying all purposes, the data may be disclosed to third parties, public and private, unrelated to GDP Analytics srl, which will handle the data as independent Data Controller. GDP Analytics srl is not responsible for processing of Personal Data from third parties.

Data Controller

GDP Analytics srl is the Data Controller.

Data Processor

Giovanni Battista Gardino is the Data Processor.

Data Protection Officer (DPO)

Lawyer Mauro Sella is the Data Protection Officer.

Object of Treatment

Implicit Personal Data shall be as follows:

Any other data acquired from our conferred mandate is referred to any details of our analysis.

Special data could be freely provided in the "Contact" page.

a. Navigation data

The information systems and software procedures used in the website acquire, during their normal operation, some Personal Information whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users, but by their nature could be used to identify users, through processing and associations with data held by third parties. Such category of data includes IP addresses or domain names of computers used by users in connecting to the website, the URI (Uniform Resource Identifier) of requested resources, time of request, the method used to submit the request to the server, the file size in response, the numerical code indicating the status of the response given by the server (OK, error, etc.) and other parameters denoting the operating system and computer environment. This data is only used to obtain anonymous statistical information about the website and to check its correct operation, to identify anomalies and / or abuse, and it is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical crimes against the website or third parties: except for this eventuality, data on web contacts will be removed after seven days.

b. Special categories of Personal Data

When using the form in "Contact" page, you may transfer Personal Data falling into the category of Special Categories of Personal Information as provided in art. 9 of the Regulation, literally the "[...] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and [...] genetic data, biometric data, [...], data concerning health or data concerning a natural person’s sex life or sexual orientation ". We recommend to only communicate such data when necessary. Indeed, we remind you that in case of transmission of special categories of Personal Data, without specific authorization in processing such data (event that however, allows you to send a curriculum vitae), GDP Analytics srl can not be responsible under any circumstances, nor will it receive any statement of objections, since in that case the treatment will be allowed as the data is made public by the user, in accordance with the art. 9 of the Regulation. We specify, however, the importance, as previously mentioned – to declare the explicit authorization to the processing of special categories of Personal Data, whenever you decide to share that information.

c. Data provided voluntarily by the person

When using certain services of the website it may happen processing of third parties Personal Data sent to GDP Analytics srl. Under these assumptions, you are the autonomous Data Controller, thus taking all the obligations and responsibilities of law. In this terms, it confers on the widest point indemnity with respect to any dispute, claim, request for compensation from processing data, etc. received by third parties whose Personal Data is treated through the use of the website in violation of the rules concerning data protection. In any event, if Personal Information of third parties is processed or submitted throughout the website, you guarantee from now – taking all responsibility - that this particular data treatment is based on an appropriate legal basis under Art. 6 of the Regulation which legitimize the processing of such information.

Purpose of personal data

Your data are necessary to carry out our planned activities and to perform administrative, accounting and tax tasks. In addition, your data can be used to ensure that no criminal actions are taken against the website.

Legal Basis and compulsory or optional nature of the treatment

The legal basis of Personal Data processing for the purposes described in section 3 (a-b) is the art. 6 (1) (b) of the Regulation as the treatments are necessary for the provision of services or for the detection of the users requests. The transfer of Personal Data for such purposes is optional, but in case of no transfer it may be impossible to activate the services provided by the website. The purposes described in section 3c represent a legitimate processing of Personal Data under Art. 6 (1) (c) of the Regulation. Once Personal Data is conferred, the treatment is indeed necessary to fulfill legal obligation to which GDP Analytics srl is subjected. All treatments aiming at sending direct mailing containing promotional material or direct sales or for the fulfillment of market research or for commercial communications related to products or services of GDP Analytics srl, GDP Analytics srl may use, without your authorization, the e-mail addresses and postal mail in accordance with and to the extent allowed by the Authority for the protection of personal data (19 June 2008); the legal basis of your data processing for such purposes is the art. 6.1.f) of the Regulation. However, under art. 21 of the Regulation, the user has the opportunity to reject such processing at any time, either initially or in subsequent communications, in an easy and even free of charge way by writing to the Controller, and to get a fast feedback confirming the interruption of such treatment (Article 15 of the Regulation).

Recipients of Personal Data

Personal Data may be shared, for the purposes described above, with:

  1. individuals who typically act as the responsible of the treatment ex art. 28 of the Regulation namely: i) people, companies or professional offices that provide assistance to GDP Analytics srl in accounting, administrative, legal, tax, financial and credit recovery relative to the provision of services; ii) entities for which it is compulsory to interact with for the provision of services (such as hosting providers) iii) people/entities delegated to carry out technical maintenance (including maintenance of network equipment and electronic communications networks); ("Target" collectively); the list of controllers who process data can be requested from the owner.
  2. persons, entities or authorities, autonomous controllers, for which it is required to communicate Personal Data in accordance with legal provisions or authorities;
  3. persons authorized by GDP Analytics srl to process Personal Data, ex art. 29 of the Regulation, necessary to carry out activities strictly related to the provision of services, which are committed to confidentiality or have adequate legal duty of confidentiality (eg. Employees of GDP Analytics srl)

Methods of storing and processing

The processing of Personal Data will be carried out automatically and / or manually, in accordance with Article 32 on the Regulation on security measures, by authorized persons, in accordance with Article 29 of the Regulation, which will act under the authority of the controller. Only authorized people can process your Personal Data.

Communication and distribution areas

Personal Data may be disclosed to third parties to fulfill legal obligations or in executing orders from legitimate public authorities. If necessary, in relation to particular services or products, Personal Data may be disclosed to third parties who perform, as independent data controllers, strictly connected functions for the provision of services or delivery of products. Without communication, these services and products may not be provided. Personal Data will not be disclosed, unless the requested service requires it.

Transfer policy

Your personal data are stored on local servers at our legal address; it will never be transferred either in any of the EU Member States or in third countries outside the European Union.

Special Categories of Personal Data

In accordance with Articles 9 and 10 of the Regulation, it is possible to transfer data labeled as "special categories of Personal Data", i.e. data revealing "racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, biometric data intended to unambiguously identify the individual, the data related to personal health and sex life or sexual orientation".

Data retention

Personal Data processed for the purposes specified above will be kept for the time strictly necessary to achieve those same purposes in accordance with the principles of minimization and limitation of retention ex art. 5.1.e) of the Regulation. In any case, the Controller will treat Personal Data as long as it is necessary to fulfill contractual and law obligations.

Your rights

Under Articles 15 and 22 of the Regulation, at any time you can exercise the right to:

How to exercise your rights

You can exercise your rights by sending a written request to GDP Analytics srl to our legal address or via the following e-mail: gdp@pec.gdpanalytics.com

Changes

This privacy policy is made effective as of 10 November, 2018. GDP Analytics srl reserves the right to modify or simply update the content, in part or completely, even because of changes in the legislation. GDP Analytics srl will inform you of such changes as soon as it will be introduced and they will be binding once published on the website. GDP Analytics srl therefore invite you to visit regularly this section to know the most recent and updated version of the Privacy Policy in order to be always updated on data collection and use made by GDP Analytics srl.