The following document is developed by Progenia S.p.A , Data Controller according to Legislative Decree 196/2003 and subsequent amendments and EU Regulation 679/2016. This document is to inform you on all aspects of the Progenia S.p.A. management and processing of website users’ personal data.
Processing of your personal data is based on the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality. Your personal data will therefore be treated according to the legal provisions of the applicable law and the obligations of confidentiality it establishes.
1. DATA CONTROLLER
The Personal Data Controller of the website is Progenia S.p.A., based in Piazza Strozzi, 1 – 50123 Florence – Italy.
2. The company Planet s.r.l. has been designated as third party data processor being in charge of the maintenance of the technological part of the site.
3. PERSONAL DATA PROCESSED
Personal Data is intended as any information relating to an identified or identifiable individual with particular reference to an identifier such as name, identification number, location data, online identifier or to one or more features of his or her physical, physiological, mental, economic, cultural or social identity.
The following is the list of Personal Data collected by the site:
a. Navigation data
The website system collects determined Personal Data and the transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with you, but by its very nature could, through processing and association with data held by third parties, allow your identification. These include IP addresses or domain names of the devices used to connect to the Site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (success, error, etc..) and other parameters relating to your operating system and computer environment.
This specific data is used to obtain anonymous statistical information on the use of the Site and monitor its correct functioning; to allow – given the structure of the used systems – the correct provision of the various functions you request, for security and liability reasons in the event of hypothetical computer crimes against the Site or third parties. Such data is deleted after 7 days.
b. Data provided on a voluntary basis
Through the Site you have the voluntary option of providing Personal Data such as name and email address in order to subscribe to the newsletter or in order to contact us. In these cases specific and further information on the processing of your data is available in the relevant areas.
c. Cookies and related technologies
4. PURPOSES, LEGAL SETTING AND MANDATORY OR OPTIONAL NATURE OF PROCESSING
The Personal Data you provide through the Site will be processed by Progenia S.p.A. for the following purposes:
a) any purposes related to the fulfillment of a contract you are a party of or the fulfillment of pre-contractual measures you request (e.g. a request for contact via the contact form)
b) any purposes related to statistical researches/analyses on aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring the functioning of the Website, measuring traffic and evaluating usability and interest;
c) any purposes related to the performance of a legal obligation
d) any purposes necessary for verifying, exercising or defending legal rights, or whenever judicial authorities exercise their judicial functions;
The legal basis for processing Personal Data for purposes included in point (a) is the fulfillment of a service or response to requests that do not require consent under the applicable law.
Providing your Personal Data for the purposes listed above is optional, but failure to do so may make it impossible to fulfill a request or a legal obligation to which the owner is subject.
5. DATA DISCLOSURE TO THIRD PARTIES
Your Personal Data may be disclosed to persons authorized by Progenia S.p.A. to provide services offered by the site and these persons are specifically appointed by the Data Controller as Data Processor.
6. PLACE OF DATA PROCESSING
Personal Data will not be transferred outside the European Economic Area.
7. LENGTH OF DATA PROCESSING
Progenia S.p.A. will process your Personal Data only for the time strictly necessary to fulfill purposes listed in point 4.
7. DATA SUBJECTS’ RIGHTS
As a data subject, you have the rights referred to in Art. 7 Privacy Code and articles 15 et seq. of the GDPR, and more specifically the right to:
a) obtain confirmation from the data controller as to whether or not personal data is being processed and, if so, obtain access to such personal data and to the following information: purposes of processing; categories of personal data treated; recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular if recipients are in third countries or international organizations; where possible, the planned duration of personal data processing or, if that is not possible, the criteria used to determine that period; when data is not collected from the data subject, any and all available information as to its origin; the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information on the logic used, as well as the importance and the expected consequences of such processing for the data subject.
(b) obtain from the controller the correction of inaccurate personal data without unjustified delay. Taking into account the purposes of the processing, the person concerned has the right to obtain the integration of incomplete personal data, also by providing a supplementary statement.
(c) obtain from the data controller the cancellation of personal data, without unjustified delay, for any of the following reasons: a) personal data is no longer necessary for the purposes they were collected for. b) subject withdraws consent on which the processing is based pursuant Article 6 paragraph 1 letter (a) or Article 9 paragraph 2 article (a) and if there is no other legal basis for processing; (c) subject objects to the processing pursuant to Article 21 paragraph1 and there are no overriding legitimate grounds for the processing, or objects to the processing pursuant to Article 21 paragraph 2; d) personal data has been unlawfully processed. (e) personal data must be deleted in order to fulfill a legal obligation under a law of the EU or of the Member State to which the data controller is subject; (f) personal data was collected in connection with the provision of information society services as referred to in Article 8 paragraph 1.
(d) obtain from the data controller the restriction of processing where one of the following applies: a) the data subject objects the accuracy of the personal data for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the data subject opposes the cancellation of personal data and instead requests that its use be limited; c) although the data controller no longer needs the data for the purposes of processing, the personal data is necessary for the data subject to ascertain, exercise or defend a right in court; d) the data subject has opposed processing in accordance to Article 21paragraph 1, during verification of prevalence of legitimate reasons of the data controller over those of the data subject.
(e) receive in a structured format, commonly used and machine-readable, the subject’s personal data relating to provided to the data controller and have such data transmitted to another data controller without delay by the data controller to whom he/she has provided the data, when: a) the processing is based on a contract; b) the processing is carried out by automated means. While exercising this right regarding data portability, the data subject is entitled to obtain the direct transmission of personal data from one data controller to another, if technically possible.
(f) object at any time on grounds of his or her unique situation to the processing of the subject’s personal data pursuant to Article 6 paragraph 1 letters (e) or (f), including profiling on the basis of those provisions. Should personal data be processed for the purposes of direct marketing, the data subject is entitled to object at any time to the processing of his or her personal data carried out for such purposes, including profiling when related to such direct marketing.
(g) the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the subject or significantly affects the subject in equal manner.
(h) the right to submit a complaint with a supervising authority
All requests are to be submitted to the following email: firstname.lastname@example.org