Data controller Data controller is SICREATE GmbH
Purposes of processing The purposes of data processing are the following:
– Data analysis Data is processed to verify that the Website works properly. This type of data cannot be attributed to the single user and does not identify the user.
– Security Data is processed to maintain the Website secure (i.e. antispam filters, firewalls, virus detection) so that also users are protected from frauds and damages to the Website. This type of data is registered automatically and can include personal data (i.e. IP address) which may be used in compliance with laws and regulations to block activities that may damage the Website or other users, as well as criminal activities. This data, which is periodically deleted, will never be used to identify or track user’s preferences.
– Other activities Data may be sent to third parties who provide services that are material to the functioning of the Website. Our suppliers have access to data that they need to provide their services only and undertake to not use data for other purposes and commit to process data in compliance with applicable laws.
Categories of data The Website processes two categories of user’s data.
Data that is processed automatically While browsing the Website, the following data may be processed and stored as log files in the Website’s server: – Internet Protocol (IP) address; – browser type; – characteristics of the device that has been used to connect to the Website; – name of the Internet Service Provider (ISP); – date and time of the visit; – user’s webpage of entry and exit; – number of clicks. This data is processed for the sole purpose of data analysis in a form that does not identify the user. The IP address is processed for security reasons only and it is not matched with any other data.
Data that is provided on a voluntary basis The Website may also process data that is provided by users when they use the services on the Website, i.e. when they leave a comment or send a query. This data will only be used to provide the service that has been requested and includes: – name and surname; – email address; – any other data that is provided on a voluntary basis.
Where data is processed Data is processed at the data controller’s offices and at the data center of the web hosting service provider, which is IONOS. The web hosting service provider acts as data processor because he processes data on behalf of the data controller. IONOS is located in the EEA and operates in compliance with the European regulations ( https://www.ionos.it/terms-gtc/condizioni-generali-per-litalia/).
Data storage Data that is processed automatically by the Website during its operations will be stored as long as it is strictly necessary to carry out the activities that have been described above. After that time, data will be deleted or pseudonomised, unless there are other reasons to keep it. Data that is used for security (i.e. IP address and attempts to damage the Websites) will be stored for 30 days.
Transfer of data to third parties Data is not transferred to third parties, unless:
(I) there is a lwaful request from a court;
(II) the transfer is necessary to provide a specific service requested by the user; and
(III) we have to perform security checks on the Website or work on its optimisation.
Transfer of data outside the EU The Website may share some data with service providers located outside the EEA. In particular with Google, Facebook and Microsoft (LinkedIn) via the social plugins and Google Analytics. This type of transfer has been authorised by specific decisions of the European Union Commission (decision no. 1250/2016, Privacy Shield) and the Italian Commissioner for data protection, therefore no additional user’s consent is required for the transfer. The abovementioned companies warrant their adherence to the Privacy Shield.
Security measures Data is processed in a lawful and correct way and is protected with security measures that are aimed to prevent unauthorized accesses, publication, changes or unauthorized distruction of data. We commit to maintain security on data communication, by applying Secure Sockets Layer (SSL) software which encrypts information in transit. Data is processed by digital and/or online devices, with organisational and technical measures that are strictly related to the purposes of processing indicated above. Besides data processors, data may be processed by people that work on the Website or other service providers (i.e. technical suppliers, hosting providers).
Cookies Cookies are small text files that websites send to the user’s computer, where they are stored to be used by the said websites when the user visits them the next times. Third-party cookies are instead installed by a different website than the one that the user is visiting. This happens because every website may contain objects that may be located in different servers than the one that hosts the visited website (i.e. images, maps, sounds, links to external websited, etc.). Cookies are used for different purposes: digital authentication, session monitoring, recording of website settings, recording of preferences, etc. The website uses the following types of cookies:
Third-party cookies This Website uses third-party cookies (i.e. social plugin buttons) with the aim to offer additional services to the users, facilitate the use of the Website or provide personalised marketing messages. The Webiste does not have any control over these cookies that are fully managed by third parties and does not have access to the information collected by them. Details on the use of these cookies, on their purposes and on how they may be turned off are provided by the third parties directly at the pages indicated below. We remind that user’s tracking does not usually identify the user, unless he has subscribed to the third-party service and is logged in the service when using the social plugin. In this case, the user has already agreed on the processing of his data by giving his consent to the third party directly (i.e. Facebook). The Website uses the following third-party cookies:
– Facebook (https://www.facebook.com/about/privacy)
– Twitter (https://help.twitter.com/en/rules-and-policies/twitter-cookies and https://twitter.com/en/privacy)
– LinkedIn (https://www.linkedin.com/legal/privacy-policy)
– Pinterest (https://policy.pinterest.com/en/privacy-policy)
User’s rights on his data In compliance with the GDPR, the user may exercise the following rights according to and within the limits of the applicable law: – to object to all of part of the processing for legitimate reasons; – to demand confirmation as to whether or not personal data concerning him is being processed; – to know the source of data; – to obtain information on the logic, purposes of the processing and how processing is being done; – to demand un update, rectification, integration, deletion and pseudonymization of data; – to receive the personal data concerning him, which he has provided to the data controller, in a structured, commonly used and machine-readable format; – to lodge a complaint with a supervisory authority (i.e. the Italian Data Protection Commissioner – https://www.garanteprivacy.it/web/guest/home_en); – to exercise all other statutory rights. Requests may be addressed to the data controller.