The Data Controller, aware of the importance of guaranteeing the security of information of a personal nature, provides the information necessary to make the user (hereinafter referred to as ‘User‘ or ‘Data Subject‘) aware of the characteristics and methods of the processing of his/her personal data.

1. Data controller

Who determines the purposes and means of the processing of the User’s personal data?

ADDIT S.R.L., with registered office in 41123 Modena (MO), via V. Alfieri, 28, tax code and VAT no. 03167710361, in the person of its legal representative pro tempore, in the capacity of Data Controller (hereinafter referred to as “Controller“).

2. Object of processing

What personal data is processed through the website?

The User’s personal data collected during the use of the website, as well as during the use of the website’s features and services, may be processed.

In particular, the Controller may process

• personal data, the transmission of which is connected with the use of Internet communication protocols (browsing data, e.g. page accesses, amount of data transferred, status message upon access, session ID numbers, IP addresses, URL addresses, location data, display language, coordinated universal time, etc.);
• common personal data (e.g. personal data, such as first name and surname; contact data, such as e-mail address) and other personal information provided by the User or, in any case, acquired by the Controller.

3. Purpose of processing

What are the purposes of processing personal data?

The User’s personal data collected during the use of the website, as well as during the use of its features and services, may be processed for the following purposes:

• purposes related to the provision of the web pages, functionalities and services of the website: processing of personal data (browsing data), necessary to enable the provision of the web pages, functionalities and services of the website, as well as to obtain statistical information on the use of the web pages and to check their correct functioning;
• Purposes connected with responding to the User’s reports, questions or requests: processing of personal data (e.g. personal details, such as name and surname; contact details, such as e-mail address and telephone number), necessary in order to respond to the User’s reports, questions and/or requests;
• purposes related to the sending of periodical information updates (newsletters): processing of personal data (e.g. personal details, such as name and surname; contact details, such as e-mail address and telephone number), necessary for sending periodical information updates by e-mail, SMS and/or WhatsApp to the User who has expressly requested them by subscribing to the mailing list;
• Purposes connected with the protection of rights and the management of the security of the web service: the processing of the User’s personal data necessary for the protection of the rights, including in litigation, of the Controller, as well as to enable the management of the security of the web service.

4. Legal bases for processing

What are the grounds for processing personal data?

The legal bases justifying the processing of the User’s personal data collected during the use of the website, as well as during the use of the features and services of the same website, are:

• for the purpose related to the provision of the web pages, functionalities and services of the website: the performance of a contract to which the User is a party or the performance of pre-contractual measures taken at the User’s request pursuant to Art. 6(1)(b) GDPR (the User’s choice to use and benefit from the functionalities and services of the website);
• for the purpose related to responding to the User’s reports, questions or requests: the performance of a contract to which the User is a party or the performance of pre-contractual measures taken at the User’s request pursuant to Article 6(1)(b) GDPR (the User’s choice to send reports, questions or requests to the Controller);
• for purposes related to the sending of periodic information updates (newsletters): the performance of a contract to which the User is a party or the execution of pre-contractual measures taken at the User’s request pursuant to Article 6(1)(b) GDPR (the User’s choice to request, by subscribing to the mailing list, to receive periodic information updates/newsletters via e-mail, SMS and/or WhatsApp);
• for purposes related to the protection of rights and the management of the security of the web service: the pursuit of the legitimate interest of the Controller pursuant to Article 6(1)(f) GDPR (protection of rights and management of the security of the web service).

5. Nature of conferment

What is the nature of providing personal data?

The provision of personal data processed is:

• for the purpose related to the provision of the web pages, functionalities and services of the website: necessary to enable the provision of the web pages, functionalities and services of the website. Personal data are acquired automatically during the User’s web navigation by the computer systems and software procedures used to operate the website;
• for the purpose of responding to the User’s reports, questions or requests: this is necessary in order to enable the User to respond to the reports, questions or requests made by the User; failure to provide such information may therefore make it impossible for the User to receive replies to reports, questions and/or requests sent to the Controller;
• for purposes related to the sending of periodic information updates (newsletters): necessary to allow the User to subscribe to the mailing list for the receipt via e-mail, SMS and/or WhatsApp of periodic information updates/newsletters; failure to provide such information may make it impossible for the User to subscribe to the aforementioned mailing list and, consequently, to receive the relative messages. The User can subscribe to the mailing list by filling in the appropriate form with the required data (name, surname, e-mail, telephone number) and the Data Controller will process the information transmitted in order to activate the sending of the relative messages. The User may at any time request deactivation of this service;
  *** Translated with www.DeepL.com/Translator (free version) ***
• for purposes related to the protection of rights and the management of the security of the web service: due to the exercise of the legitimate interest of the Controller to be able to protect its rights, including in litigation, as well as to be able to enable the management of the security of the web service.

6. Storage period

How long are personal data stored?

The User’s personal data will be stored:

• for the purpose related to the provision of the web pages, functionalities and services of the website: in accordance with the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are kept for a few days, unless they are extended in connection with specific requests, for example by the judicial authorities or other public authorities;
• for the purpose of responding to the User’s reports, questions or requests: in accordance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are kept, depending on the subject and type of messages, for the time necessary to respond to the User’s reports, questions and/or requests;
• for purposes connected with the sending of periodic information updates (newsletters): in accordance with the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are stored for the duration of the period of subscription to the newsletter;
• for purposes related to the protection of rights and the management of the security of the web service: in accordance with the law, for a period not exceeding that necessary for the pursuit of this purpose.

7. Treatment modes

How are personal data processed?

The processing of personal data is carried out with the use of electronic tools.

The processing of personal data shall be based on the principles of lawfulness, correctness, transparency, purpose limitation, minimisation, accuracy, storage limitation, integrity and confidentiality and shall be carried out by means of computerised procedures (and, residually, by manual or paper means) suitable to guarantee their security and confidentiality, also by using appropriate procedures to avoid the risk of destruction, loss, modification, unauthorised disclosure, unauthorised access to the personal data transmitted, stored or, in any case, processed.

8. Access, communication, dissemination

Who has access to personal data? Can personal data be disclosed to third parties or disseminated?

Personal data may be made accessible to employees or collaborators, expressly instructed and authorised to process them, who are employed by or under the direct authority of the Controller.

Personal data may also be processed by third parties carrying out activities on behalf of the Data Controller (and to workers or collaborators, expressly instructed and authorised to process data, who work in the employ or under the direct authority of the same third parties), who can prove that they have adopted technical and organisational measures to guarantee data security. These third parties, expressly designated as data processors, are given adequate operating instructions.

The personal data processed may not be disclosed to other specific persons, except in the cases provided for by law, such as to judicial authorities or other public authorities.

The data processed may not be disclosed to unspecified persons.

9. Data Transfer

Where are personal data stored?

Personal data are stored in Italy or, in any case, within the European Union and the European Economic Area.

Any transfer to third countries, not belonging to the European Union or the European Economic Area, may only take place to those countries that guarantee an adequate level of protection of personal data, by means of methods that comply with the legislation on the protection of personal data.

10. Cookies and other tracking tools

What cookies and/or other tracking tools are used and what function do they perform?

The website uses cookies and/or other tracking tools to ensure the provision of the website’s functions and/or services, as well as to improve its operation.

What are cookies?

Cookies are small text fragments, usually consisting of letters and/or numbers, which are sent by the website visited and stored by the Internet browsing software (browser) installed on the device (personal computer, smartphone, tablet, etc.) used by the User for browsing. The cookies are then transmitted back to the website on the User’s next visit.

The information encoded in cookies may include personal data, such as an IP address, user name or e-mail address, but may also contain non-personal data, such as language settings or information on the type of device a person is using to browse the website.

Cookies can therefore perform important and diverse functions, including tracking sessions, storing information about specific configurations of users accessing the server or facilitating the enjoyment of online content. They can, for instance, be used to keep track of the items in an online shopping cart or the information used to fill in a computer form. If, on the one hand, it is through cookies that it is possible to allow web pages to load faster, as well as to route information on a network – in line, therefore, with fulfilments strictly related to the very operation of websites -, again through cookies it is also possible to convey behavioural advertising and then measure the effectiveness of the advertising message, i.e. to conform the type and modalities of the services rendered to the user’s behaviour.

The same result can also be achieved through the use of other tracking tools, which allow processing similar to that carried out through cookies. These tracking tools include fingerprinting, i.e. that technique which makes it possible to identify the device used by the user by collecting all or some of the information relating to the specific configuration of the device itself adopted by the user. This technique can be used to achieve the same purposes of profiling also aimed at displaying personalised behavioural advertising and analysing and monitoring the behaviour of website visitors, i.e. to conform the type and manner of services rendered to the user’s behaviour. Henceforth, these other tracking tools will also be included in the definition of cookies.

How are cookies classified?

Cookies can be classified according to the:

• purposes (technical, analytical or profiling cookies);
• origin (first-party or third-party cookies);
• duration (session cookies or persistent cookies).

Depending on their purpose, cookies are divided into technical cookies, analytical cookies and profiling cookies.

Technical cookies are those used for the sole purpose of carrying out the transmission of a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the user to provide such service. Technical cookies are indispensable for the proper functioning of a website and are used to manage various services related to the website itself (such as a login or access to reserved functions on the sites). The duration of the cookies is strictly limited to the working session or they can be used for a longer period of time in order to remember the user’s choices. Deactivation of strictly necessary cookies may affect the user and browsing experience of the website. The use of technical cookies does not require the user’s prior consent.

Analytical cookies are cookies used to collect information on the use of the website. In particular, they are useful to statistically analyse the accesses or visits to the website itself and to allow to improve its structure, navigation logics and contents. The information collected is used to perform statistical analyses in order to improve the use of the website and possibly to make the content more interesting and relevant to the User’s wishes. For the use of analytical cookies, since they are not necessary for the functioning of the website, the prior acquisition of the User’s consent is required. However, analytical cookies that adopt minimisation measures that reduce the identifying power of the data (e.g. anonymisation through the masking of portions of the IP address of the User browsing the website), can be equated with technical cookies and the prior acquisition of the User’s consent is not required for their use.

Profiling cookies are used to track the User’s navigation, analyse his behaviour and create profiles of his tastes, habits or choices, etc. In this way it is possible, for example, to transmit targeted advertising messages in relation to the user’s interests and in line with the preferences expressed by the user when surfing online. The use of profiling cookies requires the prior consent of the user.

Depending on their origin, cookies are distinguished into first-party and third-party cookies.

First-party cookies are installed directly by the website the user is visiting, while third-party cookies are installed by a domain other than the one the user is visiting, e.g. in the case where the website incorporates elements from other sites, such as images, social media and social network plug-ins or advertisements, or in the case of widgets and other interconnection tools with external sites and functionalities.

For third-party cookies installed via the website, the obligations regarding the protection of personal data (e.g. provision of information and acquisition of consent for the use of cookies) apply to the third party and it is possible to object to their use directly on the web pages of the third party.

Depending on their duration, cookies are distinguished into session cookies and persistent cookies.

Cookies that expire at the end of a browser session (normally when a user closes their browser) are called session cookies and are useful, for example, to store a user’s purchase order, or for security purposes, such as when accessing their internet banking or webmail account.

Cookies that, on the other hand, are stored for a longer period of time (between sessions, even after closing the browser) are called persistent cookies and are useful, for example, to remember user preferences or to propose targeted advertising.

To find out what cookies and/or other tracking tools are used by the website, what functions they perform and how you manage your preferences in relation to them, read the website’s specific cookie policy.

11. Rights of data subjects

What are the rights granted to the data subject?

Pursuant to Art. 15 et seq. of the GDPR, the User has the right to:

• obtain from the Controller confirmation as to whether or not personal data relating to him are being processed and, if so, access to the personal data and other related information, including by receiving a copy thereof (right of access);
• obtain from the Controller the rectification of inaccurate personal data and/or the integration of incomplete personal data concerning him/her (right of rectification);
• in the cases provided for, obtain from the Data Controller the deletion of personal data (right to erasure);
• in the cases provided for, obtain from the Controller the restriction of the processing of all or part of the personal data processed by the Controller (right of restriction of processing);
• in the event that the processing is based on consent or on the performance of the performance of a contract to which the User is party and is carried out in an automated manner, to request and receive from the Controller, in a customary electronic format, the personal data concerning him/her, as well as, if technically feasible, the transmission to another Controller (right to portability);
• withdraw, at any time, any consent that may have been given with regard to the processing of personal data (right to withdraw consent);
• in the cases provided for, object, in whole or in part, to the processing of personal data (right to object);
• in the cases provided for, not be subjected to a decision based solely on automated processing.

If the User considers that the processing of data is in violation of the data protection legislation, he/she has the right to lodge a complaint with the Data Protection Authority or, in the cases provided for, to take legal action.

12. Exercise of rights

How can the data subject exercise his/her rights?

The User may exercise his/her rights at any time by contacting the Controller at the following addresses:

ADDIT S.R.L.

41123 Modena (MO)

via V. Alfieri, 28

e-mail: ced@addit.it

PEC: additsrl@pec.addit.it

Should it become necessary as a result of any regulatory changes or as a result of the evolution of certain services of the website or of the technologies used to deliver them, it may be necessary to update this policy.

It will be the responsibility of the Controller to notify the User of any significant changes. However, the User is invited to visit this page periodically to check that nothing has changed.