The purpose of this document is to inform the natural person (hereinafter “Data Subject”) regarding the processing of his personal data (hereinafter “Personal Data”) collected by the data controller, SC IPAZIA PRODUCTION SRL, with registered office in Via Modena , 5, Rome (RM), Fiscal Code/VAT number 16062711003, e-mail address email@example.com , (hereinafter “Owner”), through the website www.ipazia-production.com (hereinafter “Application “).
- Categories of Personal Data processed
The Data Controller processes the following types of Personal Data provided voluntarily by the Data Subject:
- Contact details: name, surname, address, e-mail, telephone, images, authentication credentials, any further information sent by the interested party, etc.
- Tax and payment data: fiscal code, VAT number, credit card details, bank account details, etc.
- Data relating to the employment relationship: data entered in the curriculum vitae, data relating to the spouse or children, social security data, etc.
- Particular (sensitive) data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data intended to uniquely identify the natural person, data relating to health or life sexuality or sexual orientation, collected with the consent of the interested party. The interested party can revoke the consent at any time
- Judicial data: Personal Data relating to criminal convictions, crimes or related to security measures, collected with the consent of the interested party. The interested party can revoke the consent at any time.
The Data Controller processes the following types of Personal Data collected automatically:
- Technical data: Personal Data produced by the devices, applications, tools and protocols used, such as, for example, information on the device used, IP addresses, browser type, type of Internet provider (ISP). Such Personal Data may leave traces which, particularly when combined with unique identifiers and other information received from servers, may be used to create profiles of natural persons
- Navigation data and use of the Application: such as, for example, pages visited, number of clicks, actions performed, duration of sessions, etc.
- Data relating to the exact location of the interested party: for example, geolocation data that precisely identify the position of the interested party that can be collected via the satellite network (e.g. GPS) and other means, collected with the consent of the interested party. The interested party can revoke the consent at any time.
Failure by the interested party to provide Personal Data for which there is a legal or contractual obligation or if they constitute a necessary requirement for the conclusion of the contract with the Data Controller, will make it impossible for the Data Controller to establish or continue the relationship with the Interested.
The interested party who communicates the Personal Data of third parties to the Data Controller is directly and exclusively responsible for their origin, collection, treatment, communication or dissemination.
- Cookies and similar technologies
- Legal basis and purpose of the processing
The processing of Personal Data is necessary:
- for the execution of the contract with the interested party and precisely:
- fulfillment of any obligation deriving from the pre-contractual or contractual relationship with the interested party
- registration and authentication of the interested party:to allow the interested party to register on the Application, access and be identified also through external platforms
- support and contact with the interested party: to respond to requests from the interested party
- payment management: to manage payments by credit card, bank transfer or other instruments
- by legal obligation and precisely:
- the fulfillment of any obligation established by current regulations, laws and regulations, in particular, in tax and fiscal matters
- on the basis of the legitimate interest of the Data Controller, for:
- marketing purposes via e-mail of the owner’s products and/or servicesto directly sell the products or services of the Owner using the email provided by the interested party in the context of the sale of a product or service similar to the one being sold
- management, optimization and monitoring of the technical infrastructure: to identify and solve any technical problems, to improve the performance of the Application, to manage and organize information in a computer system (e.g. server, database, etc.)
- security and anti-fraud: to ensure the security of the Owner’s assets, infrastructures and networks
- statistics with anonymous data: to carry out statistical analyzes on aggregated and anonymous data to analyze the behavior of the interested party, to improve the products and/or services provided by the Data Controller and better meet the expectations of the interested party
- based on the consent of the interested party, for:
- profiling of the interested party for marketing purposes: to provide the Data Subject with information on the Data Controller’s products and/or services through automated processing aimed at collecting personal information with the aim of predicting or evaluating his preferences or behavior
- retargeting and remarketing: to reach the interested party with a personalized advertisement who has already visited or has shown interest in the products and/or services offered by the Application using his/her Personal Data. The interested party can opt-out by visiting the page of theNetwork Advertising Initiative
- marketing purposes of the Owner’s products and/or services: to send commercial and/or promotional information or materials, to carry out direct sales of products and/or services of the Data Controller or to carry out market research with automated and traditional methods
- marketing purposes of third party products and/or services: to send information or commercial and/or promotional materials from third parties, to carry out direct sales activities or to carry out market research of their products and/or services with automated and traditional methods
- communication of Personal Data for third party marketing purposes: to communicate Personal Data to third parties operating in the ICT consultancy & Training sector so that they can use them to send them commercial and/or promotional information or materials or to carry out direct sales of their products and/or services or to carry out market research with automated and traditional methods
- detection of the exact position of the interested party: to detect the presence of the interested party, to control access, times and the presence of the interested party in a specific place, etc.
Based on the legitimate interest of the Data Controller, the Application allows you to interact with external platforms or social networks whose processing of Personal Data is governed by the respective privacy policies to which please refer. The interactions and information acquired by this Application are in any case subject to the privacy settings that the interested party has chosen on these platforms or social networks. This information – in the absence of specific consent to processing for further purposes – is used for the sole purpose of allowing the use of the Application and providing the requested information and services.
The Personal Data of the interested party can also be used by the Data Controller to protect himself in court before the competent judicial offices.
- Processing methods and recipients of Personal Data
The processing of Personal Data is carried out using paper and IT tools with organizational methods and with logic strictly related to the purposes indicated and through the adoption of adequate security measures.
Personal Data is processed exclusively by:
- persons authorized by the Personal Data Controller who are committed to confidentiality or have an appropriate legal obligation of confidentiality;
- subjects who operate independently as separate data controllers or by subjects designated as data processors by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes referred to in this information (for example, commercial partners, consultants, IT companies , service providers, hosting providers);
- subjects or entities to which it is mandatory to communicate Personal Data by law or by order of the authorities.
The subjects listed above are required to use the appropriate safeguards to protect Personal Data and can only access those necessary to perform the tasks assigned to them.
Personal Data will not be disseminated indiscriminately in any way.
If necessary, Personal Data may be transferred to subjects located outside the territory of the European Economic Area (EEA). Whenever the Personal Data were to be transferred outside the EEA, the Data Controller will adopt all suitable and necessary contractual measures to guarantee an adequate level of protection of the Personal Data, including – among others – agreements based on the standard contractual arrangements for data transfers outside the EEA, approved by the European Commission. To request information on the specific guarantees adopted, the interested party can contact the Data Controller at the following e-mail address firstname.lastname@example.org .
- Fully automated decision making processes
The Data Controller uses fully automated decision-making processes that can produce legal effects for the interested party or significantly affect him and which operate according to these criteria: Data processing for the purpose of simplifying decision-making processes.
- Retention period of Personal Data
Personal Data will be kept for the period of time necessary to fulfill the purposes for which they were collected, in particular:
- for purposes relating to the execution of the contract between the Data Controller and the Data Subject, they will be kept for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of 10 years. In the case of judicial litigation, for the entire duration of the same, until the exhaustion of the terms of practicability of the appeal actions
- for purposes relating to the legitimate interest of the Data Controller, they will be kept until such interest is fulfilled
- for the fulfillment of a legal obligation, by order of an authority and for legal protection, they will be kept in compliance with the timescales established by said obligations, regulations and in any case until the limitation period established by the regulations in force is completed
- for purposes based on the consent of the interested party, they will be kept until the consent is revoked. For marketing purposes for a period not exceeding 24 months.
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow identification of the interested party.
- Rights of the interested party
Interested parties can exercise certain rights with reference to the Personal Data processed by the Data Controller. In particular, the interested party has the right to:
- be informed on the processing of their Personal Data
- withdraw consent at any time
- limit the processing of your Personal Data
- object to the processing of your Personal Data
- access your Personal Data
- verify and request the rectification of your Personal Data
- obtain the limitation of the processing of your Personal Data
- obtain the cancellation of their Personal Data
- transfer your Personal Data to another holder
- lodge a complaint with the supervisory authority for the protection of your Personal Data and/or take legal action.
To exercise their rights, the interested parties can send a request to the following e-mail address email@example.com . Requests will be taken over by the Data Controller immediately and processed as soon as possible, in any case within 30 days.
Last updated: 04/18/2023