1 • Introduction
2 • Sources of the Data and Purposes of Processing
2.1 Navigation Data
The I.T. systems responsible for the correct operation of the Site acquire some of your personal data during the course of their operation; the transmission of this is implicit in the use of the Internet communication protocols. This information is not collected for the purpose of identifying you, however it could be used to this end if, for example, it were combined with information held by third parties. This category of data includes the IP address and domain name of your computer, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to issue the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, and other parameters concerning your operating system. We use these data only to obtain anonymous statistical information on use of the Site and to check it is operating correctly. We delete data collected in this manner immediately after processing. These data could be used to determine responsibility in the event of computer crimes carried out against the Services.
2.2 Registration Information and other Information Provided by the User
Using our Site does not require the creation of a personal account. However, the use of certain Services (e.g. newsletter, contact us) will require the transmission of personal data, for which dedicated information notices are supplied. Please read the dedicated information notices published on the corresponding pages so as to be aware of the purposes of such data gathering, whether providing the information is obligatory, and to which parties it may be transmitted or communicated.
If you should collect, process and communicate to us information relating to third parties, you must do so pursuant to the provisions of applicable Data Protection Legislation, therefore providing said third parties with prior information on the processing, and where required obtain free and express consent before performing such operations.
2.3 Purposes of the Processing
Providing the information specified above is necessary to allow you to use our Services, and to allow us to respond to your requests for information or requests for free activation of certain Services. Your refusal would prevent you from using our services and prevent us from responding to your requests.
2.4 Lawful Basis for Processing
We will process your personal data only where one of the lawful bases outlined in the current legislation is present, more specifically legitimate interest on the part of Tapematic, with particular reference to the ordinary management and maintenance of the site.
3 • Data Processing and Storage Methods
We will process your data both on hardcopy and through the use of electronic tools, but always in compliance with the security requirements specified by applicable legislation, with particular but not exclusive reference to Annex B of Italian Legislative Decree 196/2003 (minimum security measures set forth in the Italian Data Protection Act Technical Specifications). Our security measures include contractual tools from any contractor (e.g. supplier of services) or agent in order to guarantee the security and confidentiality of your personal data pursuant to the provisions of the Data Protection Legislation.
Your personal data will be retained for the time strictly necessary to achieve the ends for which they were gathered and to comply with applicable legal and regulatory requirements. The data will be permanently deleted or anonymised when the purposes indicated above have been achieved, except in cases where Tapematic is required to archive them for a further period in order to comply with legal or regulatory requirements.
With particular reference to legal protection of our rights, we inform you that we have adopted a retention period of ten years for personal data, which runs from the date on which the account was closed, based on the ten-year limitation period laid out in article 2946 of the Italian Civil Code.
4 • Scope of Communication
4.1 Internal and External Communication of Personal Data
4.2 Transfer of Data Abroad
We may send your personal data out of Italy to established third-party recipients within the European Union. This transfer is not subject to limitations inasmuch as any EU country guarantees an appropriate level of data protection. For the purposes described above we may also, however, send your data to third (non-EU) countries which do not guarantee the same level of data protection. Nevertheless, such transfers to third countries shall always be performed in accordance with the provisions of the Data Protection Legislation, in other words subject to obtaining your consent, where necessary, or through the adoption of any other measure necessary to guarantee the security of the data being transferred. These measures include possible contractual agreements based on the so-called standard contractual clauses, as drafted by the European Commission.
5 • Rights of the Data Subject
You may exercise the rights provided to you by the Data Protection Legislation at any time; you may thus, for example, access your data, check their content, origin and accuracy, request updates, additions, modifications or deletions to the data, oppose the processing or request that this be limited, or make portability requests. To exercise these rights, please contact us using the details in section 6.
6 • Data Controller and Data Protection Officer
The Site and the Services are managed by Tapematic Spa, Via Vimercate 42, 20876 Ornago (MB), Italy, email: firstname.lastname@example.org, which acts as Data Controller.