PRIVACY POLICY PURSUANT TO REGULATION (EU) 2016/679 (GDPR) PROCESSING OF PERSONAL DATA
This policy is intended to allow users browsing our Website to know, even before accessing the various sections of the Website, how their personal data is processed through this Website. Users must read this policy before providing their personal data when registering on the Website. The information is provided in accordance with EU Regulation No. 679/2016 and subsequent national implementing regulations.
The INNEXA Alliance is an initiative developed and promoted by Exeo Lab Srl, which also operates and manages this website. For the purposes of data protection and privacy, Exeo Lab Srl acts as the Data Controller of all personal data collected through this website, in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Italian laws.
Browsing the Site and/or accessing certain sections of the Site and/or requesting information or services from users of the Site may involve the processing of personal data by Exeo Lab Srl (hereinafter the ‘Data Controller’), as Data Controller, which will be carried out in compliance with Legislative Decree 196/2003 ‘Personal Data Protection Code’ (hereinafter the ‘Code’) and European Regulation 2016/679. The terms and conditions under which users may consent to the transfer of rights to images, comments, catchphrases associated with the subject matter of the Site, material, content and any other information conceived by users and published by them on the Site, and consent to the use of any image that the user may have provided to the Data Controller, are set out below.
PURPOSE OF THE PROCESSING
According to the needs expressed from time to time by users accessing the various sections of the Website, the purposes of the processing of personal data, i.e. those provided directly by users by filling in online forms or through the use of social networks (see the following section ‘Nature and methods of provision of users’ personal data’) or those acquired automatically through browsing (see the following section ‘Categories of Personal Data subject to processing’) (hereinafter, ‘Personal Data’):
a) to provide and manage the various services offered; as well as to allow registration on the Site, which is necessary to access particular sections of the Site itself and to provide and manage the various services offered;
b) to allow users to publish Contributions directly on the Site, or on sites managed independently by third parties with whom the Data Controller may have entered into agreements to this effect, such as, by way of example and without limitation, social networks such as Facebook, Twitter, etc. (hereinafter ‘Social Networks’); the publication of Contributions may also take place together with the publication of the Contributions on the Site.has reached agreements to this effect, such as, by way of example and without limitation, social networks such as Facebook, Twitter, etc. (hereinafter ‘Social Networks’); the publication of Contributions may also take place together with a pseudonym (‘nickname’) chosen by the user when registering on the Site and, where applicable, with the image associated by the user with their nickname, for which:i) the user shall be solely responsible for any choice that prejudices the interests of third parties; ii) the user is not required to use personal data that allows third parties other than the Data Controller to identify them, but the user, through the Data Controller, may also disclose their personal data if they have included it in their nickname, as well as any photo they may have associated with their profile;
c) with the user’s consent and until such consent is revoked, carry out marketing activities such as sending promotional and advertising material from the Data Controller, including by email, MMS and SMS;
d) in compliance with legal requirements and in order to personalise the user experience on the Website and improve the services and products offered by the Data Controller to its customers or to send targeted advertising (by email, banners and dynamic content on the Website) based on users’ tastes and browsing habits, subject to the user’s consent and until such consent is revoked, to analyse consumption habits or choices and define the profile of data subjects using the information provided by them at the time of registration, or when completing questionnaires or based on actions taken or information provided while browsing the Website. These purposes will be carried out through the use of cookies, which should be considered as the set of activities for collecting and processing data relating to users of a service, in order to divide them into groups according to their behaviour. Where the user gives their specific consent, personal data may therefore be used to track the user’s ‘history’;
e) to respond to user requests regarding the Data Controller’s products, advertising or the Website (the ‘Contact Us’ section of the Website);
f) with the user’s consent, and until such consent is revoked, to carry out comparison and combination activities, for profiling purposes, of the user’s personal data present in various databases owned by or used by the Data Controller.
Registration of users on the Website is not required for the provision of certain services offered by the Data Controller (e.g., those referred to in paragraph e) above). However, in order to process any requests from users regarding these services, they will be asked to provide personal data, which will be processed only for the relevant purposes and for the time strictly necessary.
Methods of processing Personal Data will be processed by means of collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of the data.
Personal Data will be processed mainly in automated form but also in paper form, using logic strictly related to the aforementioned purposes, through databases, electronic platforms managed by the Data Controller or by third parties appointed for this purpose as data processors and/or integrated IT systems and/or websites owned or used by the Data Controller.
Where the user gives their consent, personal data will be made visible and stored in a computerised customer relationship management system, known as Customer Relationship Management (CRM), and may also be stored in one or more specific archives or databases of the company, which may be accessed by other associated companies. Since the CRM is a database for the shared management of the data contained therein, the updating, correction or deletion of any of the data provided will result in the updating of such data for all parties who are authorised to access it.
METHOD OF PROCESSING
Personal Data will be processed by means of collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of the data. Personal Data will be processed mainly in automated form but also in paper form, using methods strictly related to the aforementioned purposes, through databases, electronic platforms managed by the Data Controller or by third parties appointed for this purpose as data processors and/or integrated IT systems and/or websites owned or used by the Data Controller.
Where the user gives their consent, personal data will be made visible and stored in a computerised customer relationship management system, known as Customer Relationship Management (CRM), and may also be stored in one or more specific archives or databases of the company, which may be accessed by other associated companies. Therefore, since the CRM is a database for the shared management of the data contained therein, the updating, correction or deletion of any of the data provided will result in the updating of such data with respect to all persons authorised to access it.
PLACE OF PROCESSING
Personal Data is mainly processed at the Data Controller’s headquarters in Potenza, Via della Tecnica 24 Scala A, CAP 85100, and in the places where the Data Processors are located. For further information, please contact the Data Controller.
DATA PROCESSING AND STORAGE TIME
The Data Controller will process Personal Data for a period of time not exceeding that necessary to achieve the purposes for which the personal data are processed, or for a longer period, for purposes permitted by law, and in any case deleted without undue delay after 5 years from collection, without prejudice to the possibility for the data subject to modify and/or revoke their consent at any time.
The user may at any time delete their account or registration on the Site or request the interruption of processing or revoke their consent, in accordance with the procedures indicated in the personal profile section of the Site. Nature and methods of provision of users’ Personal Data The provision of personal data is optional, but for some personal data, provision is mandatory (i.e. necessary for those data fields marked with an asterisk or otherwise marked as mandatory) in order for the Data Controller to meet the user’s needs within the scope of the Site’s functionality.
Failure to provide, or partial or inaccurate provision of Personal Data marked with an asterisk, as it is necessary for the performance of the service requested, makes it impossible to perform the service; while failure to provide, or partial or inaccurate provision of optional Personal Data has no consequences.
Personal Data may be provided:
a) by filling in the appropriate fields in the various sections of the Website; or b) by browsing the Website or using cookies; or c) by automatic completion, thanks to the request of the data subject to a Social Network to which they are registered to communicate to the Data Controller some of the data that the data subject has already provided to the Social Network.
CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING
In addition to the Personal Data provided directly by users (such as name, surname, postal address, email address, password, age, date of birth, gender, image, profession, marital status, etc.), when connecting to the Website, the computer systems and software procedures used to operate the Site automatically and indirectly provide and/or acquire certain information that may constitute personal data, the transmission of which is implicit in the use of Internet communication protocols (such as, by way of example but not limited to, so-called ‘cookies’ (as better specified below), “IP” addresses, domain names of computers used by users connecting to the Site, the ‘URL’ addresses of the resources requested, the time of the request to the server, navigation on the Site).
USE OF COOKIES
Cookies are lines of text that act as computer markers sent by a server (in this case, that of this Site) to a user’s device (usually the Internet browser) when they access a given page of a website; cookies are automatically stored by the user’s browser and retransmitted to the server that generated them each time the user accesses the same Internet page. In this way, for example, cookies enable and/or facilitate access to certain Internet pages to improve the user’s browsing experience, or allow the storage of pages visited and other specific information, such as the most frequently visited pages, connection errors, etc.
Therefore, for an easier and more complete use of this Website, it would be advisable for the user to configure their browser to accept the receipt of these cookies. Browsers are often set to automatically accept cookies. However, users can change the default settings to disable or delete cookies (either on a case-by-case basis or once and for all), but this may result in some areas of the Site not functioning properly.
You can also check the methods and types of cookies stored on your browser by changing your browser’s cookie settings. Types and management of cookies used by our Site Our Site uses the following categories of cookies: a) Technical cookies or ‘technical cookies’:
i) Strictly necessary cookies: These are necessary for browsing a website and using its features, such as allowing correct display or access to restricted areas. Therefore, disabling these cookies does not allow these activities.
ii) Performance cookies: These collect information on the efficiency of a website’s responses to user requests in anonymous form, for the sole purpose of improving the functionality of the website; for example, which pages are most frequently visited by users, and whether there have been errors or slowdowns in the delivery of web pages.
iii) Functionality cookies:
a)These allow the website to remember the choices made by the user and reproduce them on subsequent visits in order to provide better and more personalised services: for example, they can be used to offer content similar to that previously requested by the user.
b) Analytics cookies This website also uses Google Analytics cookies, a web analytics service provided by Google.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google, which will use this information for the purpose of tracking and examining your use of the website visited, compiling reports on activities carried out on the website and providing other services relating to activities and Internet usage. The data generated by Google Analytics is stored by Google as indicated in the Policy available at the following link. You can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on your browser. To disable Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout
c) Cookies for targeted advertising or ‘targeting cookies’: These are profiling cookies used to offer users advertising that is potentially relevant to their interests, as detected during browsing. They are used, for example, to limit the number of times a given advertisement is displayed or to determine the effectiveness of a campaign based on the frequency with which the advertisement is displayed.
These cookies may also be administered by third parties, including on behalf of advertisers and advertising agencies. Third-party profiling cookies may also allow the Data Controller to understand which websites of the Data Controller or third parties the user has visited.
The user can accept or reject these cookies by expressing their consent (‘opt in’) before they are administered, continuing to browse after the cookie use notice has been displayed and closed. How to enable or disable cookies on your browser: The user can block the acceptance of cookies by their browser. However, this may make some features or pages of the Site less efficient or prevent access to them.
Below are the methods offered by the main browsers to block the acceptance of browsing cookies:
CATEGORIES OF SUBJECTS WHO MAY BECOME AWARE OF USERS’ PERSONAL DATA
Personal Data may be disclosed to employees or collaborators of the Data Controller who, operating under the direct authority of the latter, process data and are appointed as internal data processors or persons in charge of processing pursuant to Articles 29 and 30 of the Code or system administrators and who will receive adequate operating instructions from the Data Controller in this regard; the same shall apply – under the responsibility of the Data Processors appointed by the Data Controller – to the employees or collaborators of the Data Processors.
Personal Data may also be disclosed to external Data Processors of the Data Controller, such as third-party companies or other entities (e.g., entities entrusted with assistance, communication, marketing, advertising, promotions and sales of products and/or services, advertisers, advertising agencies, IT service providers, website managers, electronic platform managers, partners, credit institutions, professional firms) who carry out outsourced activities on behalf of the Data Controller.
Scope of communication or dissemination of users’ Personal Data Personal Data will not be disclosed to third parties or disseminated, except in the latter case where the user has entered personal data in their nickname or has also provided their own image.
MINORS
The Sites do not contain any information intended directly for minors. Minors must not provide personal information or data to the Data Controller without the consent of their parents or guardians. Therefore, the Data Controller invites all those who exercise parental responsibility over minors to inform them about the safe and responsible use of the Internet and the Web and to implement any procedures indicated from time to time in relation to initiatives in which the Data Controller intends to process the data of minors.
DATA CONTROLLER AND DATA PROCESSORS
The data controller is Exeo Lab Srl with registered office in Via della Tecnica 24 Scala A, 85100 Potenza.
USERS’ RIGHTS
As data subjects, users have the rights set out in Article 7 of the Italian Privacy Code and subsequent amendments and additions as introduced pursuant to EU Regulation 2016/679 (GDPR): in particular, they have the right to obtain from the Data Controller confirmation of the existence or otherwise of Personal Data concerning them and its communication in an intelligible form; they may also request to know the origin of the Personal Data; the purposes and methods of processing; they may also obtain the updating, rectification or integration of the Personal Data.
They may also, at any time, withdraw their consent, delete their account and/or cease to be registered on the Site, requesting the interruption of the processing, deletion, transformation into anonymous form or blocking of the Personal Data processed. They may object, in whole or in part, to the processing:
a) on legitimate grounds, to the processing of Personal Data concerning them;
b) for the purpose of sending advertising material or for carrying out market research or commercial communication. In this regard, they may decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication. Users also have the rights referred to in Articles 16-21 of European Regulation 2016/679 (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object).
Finally, users may lodge a complaint with the Data Protection Authority where necessary, or contact it to request information on the exercise of their rights under European Regulation 2016/679. ‘Article 7 Italian Privacy Code – Right of access to personal data and other rights’ .
1. The data subject has the right to obtain confirmation of the existence or otherwise of personal data concerning him/her, even if not yet recorded, and its communication in an intelligible form.
2. The data subject has the right to obtain information on:
a) the origin of the personal data;
b) the purposes and methods of processing;
c) the logic applied in the case of processing carried out with the aid of electronic instruments;
d) the identification details of the data controller, data processors and designated representative pursuant to Article 5, paragraph 2;
e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, data processors or persons in charge of processing.
3. The data subject has the right to obtain:
a) the updating, rectification or, when interested, integration of the data;
b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this proves impossible or involves a manifestly disproportionate effort compared to the right being protected.
4. The data subject has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication. How to exercise your rights and find out who the Data Controllers are You can exercise your rights under Article 7 of the Code at any time by sending an email or letter by post to the Data Controller.
Furthermore, if the user has given their consent, they may object to the processing for the purposes referred to in letter c) by sending an email to the user’s email address, clicking on a specific ‘link’ in each email message. T
ransfer of rights to Contributions and consent to the use of images By registering on the Website, the user:
A) declares that:i) all rights to the Contributions published on the Site when participating in the Initiative belong to the user,
ii) the user remains solely responsible for any damage or action that the Data Controller may suffer as a result of the publication of the Contributions;
iii) the Contributions published by the user do not contain material that could hinder their publication, e.g. obscene, racist, defamatory, blasphemous, paedographic, and are original, i.e. they do not infringe the intellectual and industrial property rights of third parties, nor any copyright, trademark, distinctive sign, patent, etc.;
B) authorises the Owner to carry out any checks on the admissibility of the Contributions, with the aim of excluding those that contain material that may be considered harmful to decorum, personal dignity or that are offensive, defamatory, obscene, indecent, abusive or incite hatred, violence or dangerous behaviour or that violate or incite violation of laws or regulations;
C) grants the Owner, free of charge and definitively, all rights to publish and use the Contributions for commercial or marketing purposes relating to the Owner’s products, on the websites owned by the Owner, for the time strictly necessary for the service requested and in any case no later than 5 years from the date of provision of the same, after which the data will be deleted;
D) grants the Owner consent to use any image provided (in any of the contexts referred to in point C) above), and for the entire duration of the Website, in accordance with Article 96 of the Copyright Law.
