Processing Methods

The Data Controller adopts appropriate security measures aimed at preventing unauthorized access, disclosure, modification, or destruction of Personal Data.
 The processing is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.
In addition to the Data Controller, in some cases, other individuals involved in the organization (administrative, commercial, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, consulting agencies) may have access to the Data. These external parties may also be appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Legal Basis for Processing

The Data Controller processes Personal Data relating to the User when one of the following conditions is met:

– The User has given consent for one or more specific purposes; Note: In some jurisdictions, the Data Controller may be authorized to process Personal Data without the User’s consent or another legal basis specified below, until the User objects (“opt-out”) to such processing. However, this does not apply when the processing of Personal Data is governed by European data protection legislation.
– The processing is necessary for the performance of a contract with the User and/or for the implementation of pre-contractual measures.
– The processing is necessary to comply with a legal obligation to which the Data Controller is subject.
– The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
– The processing is necessary for the pursuit of the legitimate interests of the Data Controller or of third parties.

It is always possible to request the Data Controller to clarify the specific legal basis for each processing activity and, in particular, to specify whether the processing is based on law, provided for by a contract, or necessary for the conclusion of a contract.

Location

The Data is processed at the operational offices of the Data Controller and at any other location where the parties involved in the processing are situated. For further information, contact the Data Controller.

The User’s Personal Data may be transferred to a country different from the one in which the User is located. To obtain further information about the location of the processing, the User can refer to the section on the details of Personal Data processing.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or composed of two or more countries, such as the UN, as well as information on the security measures adopted by the Data Controller to protect the Data.
If any of the transfers described above take place, the User can refer to the relevant sections of this document or request information from the Data Controller by contacting them using the details provided at the beginning.

Retention Period

The Data is processed and retained for the period required to achieve the purposes for which it was collected.
Therefore:

Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the execution of that contract is complete.

Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until that interest is fulfilled. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When the processing is based on the User’s consent, the Data Controller may retain Personal Data for a longer period until such consent is withdrawn. In addition, the Data Controller may be required to retain Personal Data for a longer period to comply with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, once this period expires, the rights of access, deletion, rectification, and data portability can no longer be exercised.

Purposes of Processing the Collected Data

The User’s Data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Statistics, Remarketing and behavioral targeting, Management of support and contact requests, Performance testing of content and features (A/B testing), Contacting the User, Social features, Management of User databases, Tag management, Heat mapping and session recording, Hosting and backend infrastructure, Interaction with online survey platforms, Interaction with data collection platforms and other third parties, Infrastructure monitoring, and Contact management and message sending.
To obtain more detailed information about the purposes of the processing and the Personal Data specifically relevant for each purpose, the User can refer to the relevant sections of this document.

Details on the Processing of Personal Data

Personal Data is collected for the following purposes and through the following services:

Contact the User

Social Features

Contact management and sending messages

This type of service allows the management of a database of email contacts, phone contacts, or any other type of contacts, used to communicate with the User.
These services may also allow the collection of data regarding the date and time the messages are viewed by the User, as well as the User's interaction with them, such as information on clicks on links included in the messages.

Management of support and contact requests

This type of service allows the portal to manage support and contact requests received via email or through other tools, such as the contact form.
The Personal Data processed depends on the information provided by the User within the messages and on the tool used for communication (e.g., email address).

Hosting and Backend Infrastructure

This type of service functions to host Data and files that allow the portal to operate, enable their distribution, and provide a ready-to-use infrastructure to deliver specific functionalities of the portal.
Some of these services operate through servers geographically distributed in different locations, making it difficult to determine the exact place where Personal Data is stored.

Interaction with data collection platforms and other third parties

This type of service allows Users to interact with data collection platforms or other services directly from the portal's pages for the purpose of saving and reusing data.

If one of these services is installed, it is possible that, even if Users do not use the service, it still collects Usage Data related to the pages where it is installed.

Infrastructure Monitoring

This type of service allows the portal to monitor the usage and behavior of its components, in order to improve performance and functionality, carry out maintenance, or resolve issues.

The Personal Data processed depends on the characteristics and implementation methods of these services, which by their nature monitor the portal's activity.

Statistics

The services listed in this section allow the Data Controller to monitor and analyze traffic data and are used to track User behavior.

Google Analytics (Google Ireland Limited)

Google Analytics is a web analytics service provided by Google Ireland Limited. Google uses the Personal Data collected to track and analyze the use of the portal, compile reports, and share them with other services developed by Google.

Google may use Personal Data to contextualize and personalize ads within its advertising network.

Facebook Analytics for Apps (Facebook, Inc.)

Facebook Analytics for Apps is an analytics service provided by Facebook, Inc.
Personal Data collected: Usage Data and various types of Data as specified in the service's privacy policy.

Unique Device Identification

The portal may track Users by storing a unique identification code of their device, for statistical purposes or to save Users' preferences.

User Rights

Users can exercise certain rights regarding the Data processed by the Data Controller.
In particular, the User has the right to:

• Withdraw consent at any time. The User may withdraw consent to the processing of their Personal Data previously given.
• object to the processing of their Data. The User may object to the processing of their Data when it is carried out on a legal basis other than consent. Further details on the right to object are provided in the section below.
• access their Data. The User has the right to obtain information about the Data processed by the Data Controller, regarding certain aspects of the processing, and to receive a copy of the Data processed.verify and request
• rectification The User may verify the accuracy of their Data and request its updating or correction.
• obtain restriction of processing. "When certain conditions are met, the User may request the restriction of the processing of their Data. In such a case, the Data Controller will not process the Data for any purpose other than its storage.
• obtain the deletion or removal of their Personal Data. When certain conditions are met, the User may request the deletion of their Data by the Data Controller.
• receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without hindrance to another controller. This provision applies when the Data is processed using automated means and the processing is based on the User’s consent, on a contract to which the User is a party, or on contractual measures related to it.
• file a complaint. The User may lodge a complaint with the competent data protection supervisory authority or pursue legal action in court.

Details on the right to object

When Personal Data is processed in the public interest, in the exercise of public powers vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.
Users are informed that, if their Data is processed for direct marketing purposes, they may object to the processing without providing any reason. To find out whether the Data Controller processes data for direct marketing purposes, Users can refer to the relevant sections of this document.

How to exercise rights
To exercise their rights, Users may submit a request to the contact details of the Data Controller provided in this document. Requests are made free of charge and will be processed by the Data Controller as quickly as possible, in any case within one month.