Protection de la confidentialité

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

Concerned parties: users visiting the website www.edita.it of « Èdita srl »

WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter « Regulation » or « GDPR »), this page describes how personal data of users visiting the « Èdita srl » website, accessible electronically at the following address: www.edita.it, is processed. This information does not concern other websites, pages, or online services accessible via hyperlinks possibly published on this site but referring to external resources of the domain www.edita.it.

DATA CONTROLLER
Following the consultation of the site, data related to identified or identifiable natural persons may be processed. The data controller is « Èdita srl », with registered and operational headquarters in via Flaminia 138, VAT number: 02195340407.

TYPES OF DATA PROCESSED, PURPOSE OF PROCESSING, AND LEGAL BASIS

1)Browsing Data
Legal basis: « data processing necessary for website navigation » – contractual obligation – art. 6 par. 1 letter b) GDPR.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.

This category of data includes IP addresses or domain names of computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.

Such data, necessary for browsing the site and using the information contained therein, are also processed by the controller for the purpose of:

  • obtaining aggregated and anonymous statistical information regarding the use of the site (most visited pages, number of visitors per hour or day, geographical areas from which visitors come, etc.);
  • ensuring the correct usability of the content offered by the site;
  • preventing or countering any possible computer crimes, fraudulent use of the site’s features, including for the purpose of reconstructing security incidents and their traceability.

Data retention duration:
Browsing data, in compliance with the principles of lawfulness, purpose limitation, data minimization, pursuant to art. 5 of the GDPR, will be kept for a period not exceeding the technical purposes described above for which they are collected and processed, except for any need to ascertain crimes by the judicial authority.

2)Data Provided by the User
Legal basis: « data processing necessary to respond to user inquiries » – contractual obligation – art. 6 par. 1 letter b) GDPR.

The optional, explicit, and voluntary sending of messages to the contact addresses of « Èdita srl », private messages sent by users to institutional profiles/pages on social media (where this possibility is provided), as well as the completion and submission of forms on the sites of « EDITA S.R.L. », involve the acquisition of the sender’s contact data, necessary to reply, as well as all the personal data included in the same communications.
Specific information is published on the website pages set up for the provision of certain services, where necessary, the user’s consent is collected, informing from time to time about the purposes and the optionality of the provision.

Data retention duration:
The data provided by the user is kept for the time necessary to manage individual requests; any subsequent storage for statistical purposes involves the anonymization of such data (except for any need to ascertain crimes by the judicial authority).

3) Cookies and Other Tracking Systems
Use is made of:

  • technical cookies necessary for user navigation, facilitating the correct navigation of the site and the usability of the content by the user. Legal basis: « contract as they are functional and necessary ».
  • analytical cookies used to process aggregated statistical analyses on the use and interaction with the site by the user. With the user’s prior consent. Legal basis: « consent ».
  • profiling cookies allow collecting information about the preferences expressed by the user during navigation and processing reports intended for targeted advertising and marketing campaigns. Legal basis: « consent ».

Information on data processing, purpose, duration, and complete cookie management, including their consent and revocation, is available in the « Cookie Policy » document also at the bottom of the page.

4) Social Media Policy: Information about the processing of personal data carried out through the Social Media platforms used.

For information on the processing of personal data carried out by the managers of Social Media platforms, please refer to the information provided by them through their respective privacy policies. The Data Controller processes personal data provided by users through the pages of Social Media platforms dedicated to its corporate promotion and advertising purposes, to manage interactions with the same users (comments, public posts, messages, shares, etc.) in compliance with current data protection legislation and this information; where necessary, the user’s consent is collected, informing from time to time about the purposes and the optionality of the provision.
Personal or « sensitive » data entered in comments or public posts within the channels on social media may be removed.

The platforms used are:

 

DATA RECIPIENTS
Recipients of the data collected following the consultation of some of the services listed above are some subjects designated by the Data Controller pursuant to article 28 of the Regulation, as data processing managers, and other additional service providers in the field of web-agencies, digital communication, system assistance, and any other digital service providers for which the complete list can be requested by writing to privacy@edita.it.
Some data and information may be transmitted or acquired by subjects identified as independent data controllers; such data is related to cookies that are usually anonymized before sending, for statistical purposes. If a transfer to Extra EU countries is envisaged, the guarantee measures undertaken will be indicated, described in paragraph 6 of this document.

The personal data collected is also processed by the staff of « Èdita srl », who act based on specific instructions provided regarding the purposes and methods of the same processing.

DATA PROCESSING SECURITY
Personal data transmitted and stored for the time necessary for the stated purposes are protected by specific technical and organizational security measures referred to in art. 32 of the Regulation, capable of permanently guaranteeing confidentiality, integrity, availability, as well as the ability to promptly restore the availability and access of personal data in the event of a physical or technical incident, even in the face of risks of destruction, loss, alteration, unauthorized disclosure or access, accidentally or unlawfully, to transmitted, stored, or otherwise processed personal data.

TRANSFER OF PERSONAL DATA TO EXTRA EU COUNTRIES
The data controller does not transfer personal data to Extra EU countries. If there is a need, the interested parties will be previously informed, and guarantee measures will be adopted for the transfer to the recipients, which depending on the cases may be:

verification of the existence of adequacy decisions for the recipient country by the Commission, signing of standard contractual clauses, verification of the adoption of any additional measures in implementation of the EDPB recommendation 01/2020. In derogation from these guarantees, for data processing (in ref. of art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the interested party or consent to the transfer is verified.

RIGHTS OF THE INTERESTED PARTIES
Interested parties have the right to obtain from « EDITA S.R.L. », where provided for, access to their personal data, rectification, deletion of the same, limitation of processing concerning them, portability, or to oppose the processing and revoke consent (where used as a legal basis) in reference to articles 15 to 22 of the Regulation.
The request is submitted through the contact details of « Èdita srl », with registered and operational headquarters in via Flaminia 138.
To exercise their rights, it is also possible to use the model prepared and available on the website of the Data Protection Authority at this link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9038275

RIGHT TO COMPLAINT
Interested parties who believe that the processing of personal data referring to them carried out through this site takes place in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the same Regulation, or to take legal action (art. 79 of the Regulation). The model for filing a complaint is available on the website of the Data Protection Authority at this link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524