Agorà21 with registered office in Vicolo Dorf, 12, 39040 Luson BZ, Italy, as autonomous data controller intends to inform you of the manner in which Agorà21 collects, uses and discloses your personal data through the website (“website”) and related services (“services”), in compliance with all applicable laws and regulations regarding data protection and with particular reference to (i) PERSONAL DATA PROTECTION CODE (Legislative Decree No. 196 of 30 June 2003); (ii) Regulation (EU) No. 679 of 27 April 2016 (the so-called General Data Protection Regulation or “GDPR”), in force as of 25 May 2018; and (iii) any additional laws, ordinances, regulations or provisions of national and European data protection authorities – hereinafter collectively referred to as “Applicable Data Protection Legislation”.
1) WHAT AND TO WHOM DOES THIS POLICY REFER?
2) WHAT TYPE OF PERSONAL DATA DO WE COLLECT?
Company collects (1) data that you have voluntarily shared with Company (2) activity data collected when you access and interact with the Site or Services and (3) other information. More specifically, the company collects the following personal data:
Data that you have voluntarily shared with the Company. We may collect your personal information (such as your first name, last name, email, phone number, etc.) if you submit a request using the contact form available on the site or if you wish to benefit from the services we provide;
Activity data. During your access to or interaction with the site, we may collect certain information about your visits. For example, to enable you to connect to the Site or services, our servers receive and record information about the visitor’s computer, device and browser, including, potentially, IP address, browser type and other software and hardware information. If you are accessing us from a mobile or other device, we may collect the unique identifier assigned to it, geolocation data, or other information about your operations with that device.
Information from other sources. The information we collect may be supplemented with information from other sources, such as publicly and commercially available information.
If the information collected from and about you does not identify you as a specific individual (e.g., raw, aggregate, or anonymous data), directly or indirectly, it may be used for any purpose or shared with third parties to the extent permitted by applicable data protection law.
3)WE DO NOT COLLECT
Special categories of personal data. We expressly request that you do not send us or disclose on or through the Site, the Services or otherwise any information included in special categories of personal data (such as social security numbers, information regarding racial or ethnic origin, political opinions, religious or other beliefs, health, criminal history or trade union membership).
4)WHY DO WE COLLECT PERSONAL DATA?
We process personal data collected from you and about you in order to:
(a) enable you to use the site and services;
b) evaluate and improve our services and their features;
c) improve your experience when browsing the site and using the Services;
d) provide customer support and respond to requests;
e) comply with legal obligations (including providing the Services); or respond to requests from public and government authorities;
g)with your optional consent, to send you promotional and marketing communications by automated means (sms, mms, email, unmanned telephone calls, etc.) and non-automated means (operator-assisted telephone calls or paper mail);
h)with your optional consent, to understand your personal preferences and choices, in order to always provide you with the services you prefer.
5)HOW LONG DO WE KEEP PERSONAL DATA?
The company will process your personal data for a period of time that does not exceed the fulfilment of the purposes set out in paragraph 3 above. In any case, the following retention periods apply:
a)data collected for the purposes set out in paragraph 3, letters a) to d) shall be kept for the period strictly necessary to enable the user to use the website or services;
b)the data collected for the purposes set out in paragraph 3, letter e) are kept for ten (10) years in order to respond to requests from data subjects and comply with applicable laws and regulations, also in relation to the services
c)the data collected for the purposes referred to in paragraph 3(f) shall be kept for the period strictly necessary to pursue the Company’s legitimate interests;
d)the data collected for the purposes referred to in paragraph 3, letters g) and h) are kept for the period strictly necessary to fulfil the purposes for which they were originally collected and, in any case, for no longer than 5 years;
6)HOW ARE PERSONAL DATA PROCESSED?
For the purposes indicated above, data are processed by electronic and manual means, and are protected by adequate security measures. In this regard, although the company applies appropriate administrative, technical, physical and personnel measures to safeguard the data in its possession from loss, theft, unauthorised use, disclosure and modification, it cannot guarantee the exclusion of all possible computer risks.
7)WHO HAS ACCESS TO PERSONAL DATA?
The data acquired during browsing may be known and processed within the Agorà21 company by the personnel in charge of processing, to the extent that this is necessary for the performance of their duties, carrying out only the operations necessary for their execution.
In the event of an express request and in the circumstances authorised by law, the data may be communicated by Agorà21 to the Public Security Authorities and Police Forces. No navigation data is disseminated in any way.
8)IS PERSONAL DATA TRANSFERRED ABROAD?
Personal data may be transferred to countries within or outside the European Economic Area (EEA).
The European Commission has recognised the adequacy of the protection of personal data in accordance with EEA standards in a number of non-EEA countries. The full list of these countries is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
Please note that adequate safeguards are in place for the protection of data when transferring to countries outside the EEA and such transfers are in accordance with the requirements and obligations of the applicable Data Protection Legislation.
We do not transfer personal data to countries outside the European Economic Area.
9)WHAT RIGHTS CAN BE ASSERTED IN RELATION TO PERSONAL DATA?
The User has and/or may exercise the following rights at any time, free of charge:
(a)right to be informed of the purposes and methods of processing;
b)right of access
c)the right to obtain a copy of the data held abroad and information on where they are kept
d)right to request updating, rectification or integration of data
e)the right to request cancellation, anonymisation or blocking of the data;
f)the right to object to the processing, in whole or in part, even if it is carried out by means of automated decision-making, including profiling;
(g)right to withdraw consent to data processing freely and at any time;
(h)right to contact the Data Protection Officer, if applicable
(i)right to lodge a complaint with the competent national data protection authority or judicial authorities.
In addition to the rights listed above, from 25 May 2018 the User may also exercise the following rights, following the full applicability of Regulation (EU) No. 679 of 27 April 2016:
a)right to data portability (i.e. to receive an electronic copy of the personal data concerning him/her, for possible transfer to the User or to another data controller);
b)right to restrict processing.
If you have any doubts, comments or complaints in relation to the collection or methods of use of your personal data, please do not hesitate to contact us at firstname.lastname@example.org.
10)MODIFICATIONS AND UPDATES