The Data Controller, as better defined below, considers the privacy of its Users to be of fundamental importance and guarantees that the Processing of Personal Data is carried out in compliance with the privacy legislation in force, and in particular with European Regulation no. 2016/679 and with the national legislation on the protection of personal data, Legislative Decree 196/2003 to the extent still in force and with the relevant national legislation for the adaptation of Legislative Decree 101/2018 on the protection of personal data. To this end, the Data Controller has adopted the following Privacy Policy in order to regulate and inform the Users of the Website of the methods and purposes of the Processing of the Personal Data of the Users themselves. The User is kindly requested to read this document each time he/she connects to the Site, as it may be subject to revisions, additions and/or modifications, caused by regulatory requirements and/or modifications and/or additions to the functionality of the Site itself. Data Controller: Recipient AMERICAN BAR DI ARMENIA BRUNO VAT number: 00929370880 Fiscal code: RMNBRN70D18Z133L VIA DUCA DEGLI ABRUZZI, 19 97014 ISPICA (RG) Usage data; info@brunosiciliantastes.com TYPES OF DATA COLLECTED Among the Personal Data collected by the current website, as well as by all the landing pages connected and/or related to it (hereinafter for brevity the “Site”), independently or through third parties, to whose privacy policy we refer, there are: e-mail, personal data of various nature as better specified below, cookies and usage data. Full details on each type of data collected are provided in the dedicated sections of this privacy policy, or through specific information texts displayed before the data are collected. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the Site. Unless otherwise specified, all Data requested by the Site is mandatory. If the User refuses to communicate them, it may be impossible to provide the Service. In cases where some Data is indicated as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or on its operation. Users who have doubts about which Data are mandatory are invited to contact the Owner. Any use of Cookies by the Site or by the owners of third-party services used by the Site, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through the Site and guarantees that he/she has the right to communicate or disseminate them, freeing the Owner from any liability towards him/herself and third parties. METHOD AND PLACE OF PROCESSING OF COLLECTED DATA The Owner adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The Processing is carried out using computer and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the organization of the Data Controller and/or in the management of the Site may have access to the Data (by way of example and not limited to: administrative, commercial, marketing, legal, system administrators, etc.) or external parties (by way of example and not limited to: accountants, external lawyers, third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies and/or, providers of address management and email sending services, etc.) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Processors may always be requested from the Data Controller. LEGAL BASIS FOR THE PROCESSING The Data Controller lawfully processes Personal Data relating to the User if one of the following conditions exists: the Data Subject has given consent to the processing of his/her Personal Data for one or more specific purposes, pursuant to GDPR, art. 6, paragraph 1, letter a). Note: in some jurisdictions the Data Controller may be allowed to process Personal Data without the User’s consent or without another of the legal bases specified below, until the User objects (“opt-out”) to such Processing. However, this does not apply if the Processing of Personal Data is regulated by European data protection legislation; the Processing is necessary for the performance of a contract with the User and/or for the execution of pre-contractual measures, pursuant to art. 6, paragraph 1, letter b) of the so-called GDPR 2016/679; the Processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject, pursuant to GDPR, art. 6, paragraph 1, letter c); Processing is necessary to protect the vital interests of the data subject or of another natural person, pursuant to GDPR, art. 6, paragraph 1, letter d); Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, pursuant to art. 6, paragraph 1, letter e) of the GDPR; Processing of Personal Data is necessary for the purposes of the legitimate interests pursued by the Controller or by third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a minor, all pursuant to GDPR, art. 6, paragraph 1, letter f). Pursuant to art. 6 of the GDPR, the Personal Data acquired through the Site without the consent of the Interested Party will be processed by the Data Controller for the management and maintenance of the Site, to allow the use of the Services, to satisfy the requests of the Users, to allow effective communication with the customers, to fulfill the obligations established by law, regulations, community legislation or by orders of the Authorities or in any case for purposes connected to the activities and functions of the Data Controller or finally to prevent or discover fraudulent activities or abuses to the detriment of the Data Controller through the Site. It is always possible to ask the Owner to clarify the specific legal basis of each Treatment and, in particular, to specify whether the Treatment is based on the law, provided for by a contract, or necessary to conclude a contract. PLACE OF PROCESSING OF PERSONAL DATA The Data is processed at the registered office and/or operational headquarters of the Data Controller and/or in any other place where the parties involved in the Processing are located and/or at the Offices of the Data Controller and/or at other subjects or IT systems/servers of other subjects specifically designated as (external) Data Processors. For further information, the User is invited to contact the Owner. The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of Processing, the User can consult the relevant section of this information. The User has the right to obtain information regarding the legal basis of the transfer of Data outside the European Union or to an international organization governed by public international law or consisting of two or more countries (such as the UN), as well as regarding the security measures adopted by the Owner to protect the Data. If one of the transfers described above takes place, the User can refer to the respective sections of this document or ask the Owner for information (as specified in the section “CONTACT INFORMATION”). RETENTION PERIOD The Data is processed and stored for the time required by the purposes for which it was collected. The User can obtain further information regarding the retention period of the individual Personal Data processed by contacting the Data Controller (as specified in the “CONTACT INFORMATION” section). At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of such period, the right of access, cancellation, rectification and the right to data portability, opposition, limitation of the processing of the same, can no longer be exercised. PURPOSE OF THE PROCESSING OF COLLECTED DATA User Data is collected to allow the Owner to provide its Services, as well as for the following purposes: Contacting the User Statistics Displaying content from external platforms / third parties Managing contacts and sending messages and / or newsletters Interaction with external data collection platforms and other third parties Behavioral targeting and remarketing Interaction with online quiz platforms Registration and authentication Platform services To obtain further detailed information on the purposes of the Processing and on the Personal Data specifically relevant for each purpose, the User can refer to the following section of this document. DETAILS ON THE PROCESSING OF PERSONAL DATA To verify the methods of Processing of Personal Data according to the purposes pursued, the User can consult the specific section below. Contacting the User: In order to contact the User, the Data Controller may use the Personal Data collected through the following tools: – Contact form; Mailing list or sending newsletters (if the User has subscribed to the relevant service). Personal data: name; surname; email address, telephone number, gender, date of birth, Data regarding the skin, Data on products purchased/for which the User is interested, Cookies, Usage data, other types of Data. The Google invisible reCaptcha service is active for the contact form (see the specific section below). Statistics The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior. These purposes are pursued through the following tools: -Google Analytics with anonymized IP; Google Analytics is a web analytics service provided by Google for statistical purposes to understand how visitors interact with the Site, compile reports and share them with other services developed by Google. Google Analytics may use a set of cookies to collect information and generate statistics on the use of the Site, without providing personal information on individual visitors to Google. The User’s IP address is anonymized. Anonymization works by shortening the IP address of Users within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google’s servers and shortened within the United States. Please note, however, that the data may also be processed outside the EEA. The User is also informed that from 16 July 2020 Google no longer bases the Processing of Users’ Personal Data on the EU-US Privacy Shield to transfer data from the European Economic Area and the United Kingdom to the United States; from 30 September 2020, more precisely, Google has updated its rules on the Processing of Personal Data and uses the standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission itself with respect to certain countries, as the case may be, for transfers of data from the EEA to the United States and other countries. As for the use of cookies by Google Analytics, the User is invited, in any case, to carefully consult the relevant privacy policy and cookie policy, as well as the paragraph of this Cookie Policy “How can I give or withdraw consent to the installation of Cookies?” through the browser settings and the section of this Policy relating to the Privacy Shield. Google Tag Manager This Site uses Google Tag Manager. Google Tag Manager is a solution managed by Google LLC that allows you to manage the tags of managed websites using a specific interface. Google Tag Manager is a tag management system for managing JavaScript and HTML tags used for tracking and analysis on websites. Tags are small pieces of code that are used, among other things, to measure traffic and visitor behavior, to understand the effect of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not record Personal Data. This tool allows the activation of other tags that can, in turn, record Data in certain circumstances. For further information on the privacy policy of Google Tag Manager, the User is asked to consult the following link https://policies.google.com/privacy?hl=en , while for the terms of use https://www.google.com/analytics/tag-manager/use-policy/ and for the answers on the privacy of Google Tag Manager https://support.google.com/tagmanager/answer/7207086 . Personal Data: Usage Data; other Data. Displaying content from external platforms / third parties This type of service allows you to view content hosted on external platforms directly from the pages of the Site and interact with them. In the event that a service of this type is installed, it is possible that, even in the event of non-use in concrete, it collects traffic data relating to the pages on which it is installed. These purposes are pursued by means of: Facebook, Facebook Widget; The Site contains buttons for redirecting or sharing to the Facebook social platform, and to the individual social network pages attributable to the Data Controller. Facebook shares information globally, both internally with Facebook Companies and externally with its partners and people you connect and share with around the world. Information controlled by Facebook may be transferred or transmitted to, or stored and processed in, the United States or other countries outside the EEA. According to its policy, Facebook may use cookies to show ads and make suggestions for businesses and other organizations to people who might be interested in their products, services, or causes; to measure the performance of advertising campaigns of businesses that use Facebook Products; to show and measure ads across different browsers and devices used by the same person; to provide statistical data about people who use Facebook Products; to provide information about people who interact with ads, advertisers’ websites and apps; and to enable functionality that allows Facebook to provide its Products. Furthermore, when visiting the Site, the Facebook Pixel cookie may be installed, which allows the Data Controller to monitor conversions that occur on the Site as a result of the advertisements that are running on Facebook. The information collected through cookies may be shared with organizations outside of Facebook, such as advertisers and/or advertising networks for the publication of advertisements and for measuring the effectiveness of advertising campaigns. We also inform you that as of July 16, 2020, Facebook no longer bases the Processing of Users’ Personal Data on the EU-US Privacy Shield to transfer data from the European Economic Area and the United Kingdom to the United States; but uses standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission regarding certain countries, as applicable, for transfers of data from the EEA to the United States and other countries. In relation to the Privacy Shield, the User is referred to reading the relevant paragraph in the cookie policy. In this case the following Personal Data are processed: Cookies; Usage Data; other types of Data. For more information on the installation and use of cookies by Facebook, please read the relevant cookie policy carefully. Finally, please read the privacy policy of the service carefully to obtain detailed information on the collection and transfer of Personal Data, on the rights of the User and on how to configure the privacy settings in a satisfactory manner. Instagram, Instagram Widget The Site contains buttons for redirecting or sharing to the Instagram social platform, owned by Facebook, and to the individual pages of the social network attributable to the Data Controller. Facebook/Instagram shares information globally, both internally with Facebook/Instagram Companies and externally with partners and people you connect with. Based on what is indicated in the relevant policies, Instagram uses cookies, pixels, local storage technologies and other similar technologies to show the User content relevant to offer the service and for reasons related to its use, as well as to collect information relating to the use of Instagram by the User. Instagram may also use said technologies to remember the choices made by the User (e.g. User name, language or geographical area in which the User is located) and personalize the Service to offer better features and content. Instagram and its advertising partners may use these technologies to show the User ads relevant to his interests. These technologies remember the visits of the User’s device and may also be able to monitor the browsing activities of the device on sites and services other than Instagram. This information may be shared with organizations outside of Instagram, such as advertisers and/or advertising networks for the publication of ads and for measuring the effectiveness of advertising campaigns. The information controlled by Facebook/Instagram may be transferred and/or transmitted and/or stored and/or processed in the United States or in other countries outside the User’s country of residence or in any case outside the EEA for the purposes described by the legislation referred to in the following links: Facebook Terms; Instagram Terms. The User is also informed that from 16 July 2020 Facebook/Instagram no longer bases the Processing of Personal Data of Users on the EU-US Privacy Shield (EU-US Privacy Shield) to transfer data from the European Economic Area and the United Kingdom to the United States; but uses standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission regarding certain countries, as the case may be, for transfers of data from the EEA to the United States and other countries. In relation to the Privacy Shield, the User is referred to reading the relevant paragraph in the Cookie Policy. In this case the following Personal Data are processed: Cookies; Usage Data; other types of Data. As regards the management of cookies installed by Instagram and the relative deactivation methods, the User is invited to carefully consult, in addition to the relative privacy policy of the service, also the cookie policy, for detailed information on the collection and transfer of Personal Data, on the User’s rights and on how to configure the privacy settings in a satisfactory manner. Finally, as regards the conditions of use of the Instagram service, the User is invited to consult the said conditions. Google Maps Google Maps is a map viewing service managed by Google LLC or by Google Ireland Limited, depending on the location from which the Site is viewed, which allows the Site to integrate such content within its pages. Personal Data: Cookies; Usage Data; other types of Data. In relation to the methods of processing of personal data and the place of processing, the User is invited to carefully consult the relevant Privacy Policy. The data may be processed outside the EEA. The User is also informed that from 16 July 2020 Google no longer bases the Processing of Users’ Personal Data on the EU-US Privacy Shield to transfer data from the European Economic Area and the United Kingdom to the United States; from 30 September 2020, more precisely, Google has updated its rules on the Processing of Personal Data and uses the standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission itself with respect to certain countries, as the case may be, for transfers of data from the EEA to the United States and other countries. As for the use of cookies by Google Analytics, the User is invited, in any case, to carefully consult the relevant privacy policy and cookie policy, as well as the paragraph of this Cookie Policy “How can I give or withdraw consent to the installation of Cookies?” through the browser settings and the section of this Policy relating to the Privacy Shield. Contact management and sending messages and/or newsletters This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services may also allow us to collect data relating to the date and time the messages are viewed by the User, as well as the User’s interaction with them (e.g., detection of the use of links inserted in messages). This purpose is pursued through the following tool: MailChimp For the purpose of sending the newsletter, this Website uses the third-party service MailChimp, which analyses and classifies requests via the contact form on the Website (see: https://mailchimp.com/legal/data-processing-addendum/) Mailchimp is a software company based in the United States that provides in particular tools for social media marketing, content management, web analytics, landing pages, customer support and search engine optimization. Therefore, by filling out the relevant form and providing the relevant consent, the User’s email address is automatically added to a contact list (managed via Mailchimp) to which email messages may be sent containing a periodic newsletter on the initiatives and activities of the Data Controller, including, by way of example, any awareness-raising and/or fundraising and/or marketing campaigns and/or any extraordinary newsletters for general or urgent information, including of a commercial and promotional nature. By accepting this Privacy Policy, the User expressly consents to the Data Controller communicating and/or transferring such data to the email address management service. If the User does not want MailChimp to process his/her Data, we recommend that the User contact us in another way (e.g. by e-mail) instead of using the contact form. OPT-OUT: If the User does not want . to collect his/her Data, the User can prevent the storage of Cookies at any time using the settings of his/her browser. In addition to what is indicated in this point of the Privacy Policy, please refer to the MailChimp privacy and cookie policy and to these links: https://mailchimp.com/legal/. The User is informed that the Data collected in this way may also be used by the Owner for profiling purposes (direct marketing) in order to suggest to the User the products most suited to his/her interests. Personal Data: first name and last name, email address, telephone number, gender, date of birth, Skin data, Data on products purchased/in which the User is interested, Cookies; Usage data; other types of Data. Interaction with data collection platforms and other third parties This type of service allows Users to interact with data collection platforms or other services directly from the pages of the Site for the purpose of saving and reusing data. If one of these services is installed, it is possible that, even if the Users do not use the service, it collects Usage Data relating to the pages on which it is installed. Instruments: Google invisible reCaptcha reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is mostly used when filling out contact forms to ensure that specific actions on the internet are performed by humans and not bots. Classic captchas work with small tasks that are easy for humans to solve, but provide considerable difficulty for machines. With reCAPTCHA, the User no longer has to actively solve puzzles. The tool uses modern risk techniques to distinguish people from bots. The only thing the User has to do is check the text field “I am not a robot”. However, with Invisible reCAPTCHA even this is no longer necessary. reCAPTCHA, integrates a JavaScript element into the source text, after which the tool runs in the background and analyzes the behavior of the User. The software calculates a so-called captcha score from the User’s actions. Google uses this score to calculate the probability that the User is a human, before entering the captcha. reCAPTCHA and Captcha in general are used whenever bots could manipulate or abuse certain actions (such as registrations, surveys, etc.). By using reCAPTCHA, data is transmitted to Google to determine whether the user is really human. reCAPTCHA thus ensures the security of our website and, consequently, also of the user himself. IP addresses and other data required by Google for its reCAPTCHA service may be sent to Google, whose servers may be located in the USA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in the User’s browser. Then reCAPTCHA sets an additional cookie in the User’s browser and takes a snapshot of the browser window. The IP address that your browser transmits to Google is generally not merged with other Google data from other company services. However, the data will be merged if the User is logged in to the Google account while using the reCAPTCHA plug-in. If you want to prevent your data and behavior from being transmitted to Google, you must log out of Google completely and delete all Google cookies before visiting our website or using the reCAPTCHA software. Typically, data is automatically sent to Google as soon as you visit our website. To delete this data, you must contact Google Support at https://support.google.com/?hl=en-GB&tid=111401120 . If you use our website, you agree that Google LLC and its representatives automatically collect, process and use data. You can find more information about reCAPTCHA on the Google Developers page at https://developers.google.com/recaptcha/. For more information, please read Google’s Privacy Policy and Terms of Service carefully. Personal Data: Cookies; Usage Data; other types of Data., Google Tag Manager This Site uses Google Tag Manager. Google Tag Manager is a solution managed by Google LLC that allows you to manage the tags of managed websites using a specific interface. Google Tag Manager is a tag management system for managing JavaScript and HTML tags used for tracking and analysis on websites. Tags are small pieces of code that are used, among other things, to measure traffic and visitor behavior, to understand the effect of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not record Personal Data. This tool allows the activation of other tags that can, in turn, record Data in certain circumstances. For further information on the privacy policy of Google Tag Manager, the User is asked to consult the following link https://policies.google.com/privacy?hl=en , while for the terms of use https://www.google.com/analytics/tag-manager/use-policy/ and for the answers on the privacy of Google Tag Manager https://support.google.com/tagmanager/answer/7207086 . Personal Data: Usage Data; other Data. Behavioral targeting and remarketing This type of service allows this Site and its partners to inform, optimize and prepare advertisements based on the past use of this Site by the User. This activity is facilitated by tracking Usage Data and using trackers to collect information that is then transferred to partners who manage the remarketing and behavioral targeting activity. Some services offer a remarketing option based on email address lists. Facebook and Instagram Remarketing Facebook (and Instagram) remarketing is a remarketing and behavioral targeting service provided by Facebook Inc. With the help of the Facebook pixel (or equivalent functions for transferring event data or contact information via interfaces or other software in the apps) Facebook (/Instagram) is able to frame the visitors of this Site online services as a target group for the presentation of advertisements. Therefore, this Site uses the remarketing function “Custom Audiences” of Facebook Inc.: this allows Users of the Site to display interest-based advertisements (“Facebook Ads” or “Instagram Ads”) when they browse the social networks Facebook or Instagram or other websites that use this process. In this way, advertisements that are of interest to the User are shown in order to make online offers more interesting for him/her. The use of Custom Audience causes the User’s browser to automatically establish a direct connection to the Facebook/Instagram server. The data collected is processed by Facebook Inc. in the United States. This Site has no control over the scope of the Data collected and the further use of the aforementioned Data by Facebook Inc.: please therefore carefully read the relevant Facebook Privacy Policy and the Instagram Privacy Policy. The User can obtain more information about Facebook behavioral advertising by visiting this page: https://www.facebook.com/help/164968693837950 To opt out of Facebook interest-based ads, please follow these instructions: https://www.facebook.com/help/568137493302217 Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. To opt out of Facebook and other participating companies through the Digital Advertising Alliance in the United States http://www.aboutads.info/choices/ , the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ , or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/ , or disable it using your mobile device settings. Disabling the “Facebook Custom Audiences” function is available for users logged in at https://www.facebook.com/settings/?tab=ads# . Personal Data: Usage Data; email, Cookies, other types of Data. Registration and Authentication Tools: -WordPress.com To register for the reserved area and authenticate when accessing, this Site uses the WordPress platform. For more information on the processing of Data by WordPress, the User is invited to read the relevant privacy policy. Personal data: various types of data. Platform Services The Site was created using the WordPress.com platform. The User is invited to view the relevant privacy policy. Personal Data: various types of Data. PRIVACY SHIELD The Privacy Shield, or “privacy shield” between the EU and the US, is a self-certification mechanism for companies established in the US that intend to receive Personal Data from the European Union. It was also deemed adequate by the European Commission in 2016. In particular, the companies undertake to respect the principles contained therein and to provide the interested parties (i.e. all the subjects whose Personal Data have been transferred from the European Union) with adequate protection tools, under penalty of elimination from the list of certified companies (“Privacy Shield List”) by the US Department of Commerce and possible sanctions by the Federal Trade Commission. However, with Decision 2016/1250 of 16 July 2020 on the adequacy of the protection offered by the EU-US Privacy Shield regime – the so-called “Schrems II Judgment”, the Court of Justice of the European Union (CJEU) has however stated that the Privacy Shield does not offer an adequate level of protection for Personal Data transferred from the EU to a company established in the United States. With the same ruling, the European Court of Justice confirmed decision 2010/87, deeming the standard contractual clauses for the transfer of personal data from the EU to a non-EU country to be valid. The User is invited to consult the FAQs relating to the Schrems II ruling and its effects prepared by the European Data Protection Board (EDPB), the website www.privacyshield.gov and the website of the Italian Data Protection Authority to better understand the issue. COMMUNICATION AND DATA TRANSFER The Owner specifies that the utmost care and confidentiality in the Processing of Data is one of its fundamental values. User Data may be disclosed to third parties. The Data Controller may use, to the extent necessary to provide the services, Data Processors and service providers for the Processing of Data, such as, for example, authentication, hosting and maintenance services, data analysis services, email messaging services, delivery services, payment transaction management, solvency, address and email control. Some of the Data Controllers/service providers referred to in the previous sections are located outside the European Union (EU)/European Economic Area (EEA). In any case, the User’s Personal Data will be shared with countries outside the EU/EEA, provided that: the country in question is considered a safe third country; the Data Controller/service provider in question has adhered to the European Commission’s standard contracts relating to the transfer of Personal Data to third countries; the Data Controller/service provider in question is certified according to art. 40 of the GDPR or the Data Controller/service provider in question has a set of approved binding corporate rules. It is possible that the User’s Personal Data may be communicated or shared in order to comply with a legal obligation or the indications of a Court/Judicial Authority or any other competent body or in order to enforce or apply the Privacy Policy of the Site and/or other agreements or to protect the rights or safety of the Data Controller, the Data Processors, service providers and/or other third parties or for fraud protection or credit risk reduction. It is also possible that the User’s Personal Data, and in particular the email, are communicated or shared with companies and/or third parties with whom the Data Controller collaborates and/or has entered into agreements if the Users have signed up to the newsletter, expressly consenting with the so-called “point and click” method to the transfer of said Data to companies and/or third parties for the purposes indicated in the relevant consent, including marketing purposes also through Profiling. USER RIGHTS The User may exercise, with reference to the Data processed by the Owner, the following rights: right to withdraw consent at any time. The User may withdraw consent previously given to the processing of his/her Personal Data (see GDPR, art. 7); right of access. The User has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him/her are being processed, and, where that is the case, access to his/her Personal Data and receive all the information on them (including the purposes of the processing), as well as a copy of the aforementioned Data (see GDPR, art. 15); right to rectification of his/her Personal Data. The User has the right to obtain from the Data Controller without undue delay the rectification of inaccurate Personal Data concerning him/her. Taking into account the purposes of the processing, the data subject has the right to have incomplete Personal Data completed, including by means of providing a supplementary statement (see GDPR, art. 16); right to erasure (“right to be forgotten”). The User shall have the right to obtain from the Data Controller the erasure of Personal Data concerning him or her without undue delay in the following cases: if the Personal Data are no longer necessary or the User withdraws consent on which the processing is based and there is no other legal ground for the processing or if the User objects to the processing or the Personal Data have been unlawfully processed or if they have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject or if the Personal Data have been collected in relation to the offer of information society services (see GDPR, art. 17); right to restriction of processing. The User has the right to obtain from the Data Controller the restriction of processing in the following cases: if the accuracy of the Personal Data is contested by the User or if the processing is unlawful and the interested party opposes the erasure of the Personal Data and requests the restriction of their use or if the User who has opposed the processing is awaiting verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the User (see GDPR, art. 18); right to data portability. The User has the right to receive the Personal Data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without hindrance from the Data Controller to whom the personal data were provided (see GDPR, art. 20); right to object to the processing of Personal Data. The User may object at any time to the processing of personal data concerning him or her (when carried out on a legal basis other than consent). In particular, if the Personal Data are processed for direct marketing purposes, the User has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling to the extent that it is related to such direct marketing (see GDPR, art. 21); right to lodge a complaint with the competent supervisory authority. The User may lodge a complaint with the competent data protection supervisory authority (in Italy: www.garanteprivacy.it) and before the competent courts of the Member States (see GDPR, art. 77 et seq.). How to exercise your rights To exercise their rights as indicated above, Users, without paying any charges or fees (except as provided for in art. 12 paragraph 5 of the GDPR), may address a request to the contact details of the Owner present in the “CONTACTS” section: Cookie Policy The Site uses Cookies. To learn more and to view the detailed information, the User can consult the Cookie Policy. More information about Treatment Defense in court The User’s Personal Data may be used by the Owner in court or in the preparatory stages of its possible establishment for the defense against abuse in the use of the Site or related Services by the User. The User declares to be aware that the Owner may be obliged to reveal / communicate the Data by order of the public Authorities. Specific information Upon request of the User, in addition to the information contained in this Privacy Policy, the Site may provide additional and contextual information regarding specific Services or the collection and processing of Personal Data. System logs and maintenance For needs related to operation and maintenance, the Site and any third-party services used by it may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address. Information not contained in this Privacy Policy Further information in relation to the Processing of Personal Data may be requested at any time from the Data Controller as specified in the “CONTACT INFORMATION” section. Changes to this Privacy Policy The Data Controller reserves the right to modify or update this Privacy Policy at any time. The User is invited to consult this page regularly to ensure that he/she is always familiar with the latest version of this Privacy Policy (see “Last update date” at the end of this page). If the changes concern the processing of Personal Data whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary. DEFINITIONS AND LEGAL REFERENCES “Cookie” o “Cookies” Small portion(s) of data stored within the User’s device. “Personal Data” or “Data” or “Personal Data” or “Data” Any information relating to a Data Subject. “Sensitive and/or special data” Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. “Usage Data” This information is collected automatically through the Site and/or by third-party applications integrated into the Site, including: the IP addresses or domain names of the computers used by the User who connects to the Site, the URI (Uniform Resource Identifier) ​​addresses, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example, the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages visited, the parameters relating to the operating system and the IT environment of the User. “Interested Party” or “Interested Parties” The identified or identifiable natural person to whom the Personal Data refers. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Profiling” Any form of automated processing of Personal Data consisting of the use of such Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. “Service” The service(s) provided by the Site as defined in the relevant terms (if any) on this site/application. “Data Controller” or “Owner” The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its designation may be established by Union or Member State law. The Data Controller, as better identified above, unless otherwise specified, is the owner of the Site. “Processing” or “Data Processing” Any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, erasure or destruction. “European Union” or “EU” Unless otherwise specified, any reference to the European Union contained in this document shall be deemed to extend to all current member states of the European Union and the European Economic Area (EEA). “User” or “Users” The individual or individuals who use/use the Site and who, unless otherwise specified, coincide with the Interested Party. Legal references This privacy policy is drawn up on the basis of the legislation in force on the matter, and in particular by the provisions of articles 13 and 14 of Regulation (EU) 2016/679 (so-called GDPR), by the relevant adaptation legislation Legislative Decree 101/2018, and within the limits of what is still applicable by Legislative Decree 196/2003. Last updated: 04/11/2024