Information document pursuant to and for the purposes of Article 13 Regulation (EU) 2016/679 (GDPR)
Last update 24/03/2021
This is an informative report made pursuant to art. 13 of the EU Regulation 2016/679 (General Data Protection Regulation, also known as GDPR). This legislation provides that anyone who processes personal data is required to inform the data subject about what data is processed and about certain qualifying elements of the processing, which must always be carried out fairly, lawfully and transparently, protecting the confidentiality of the data and the rights of the data subject.
We describe the management modalities of this website, with reference to the processing of personal data of the users who consult it and of those who interact with the web service of the company Ifin Sistemi Srl a socio unico (“Ifin Sistemi” or “Owner” in the following) accessible by electronic means at the following address: https://trustedchain.it/
PERSONAL DATA CONTROLLER
The owner of the treatment of personal data is: Ifin Sistemi Srl a socio unico, Registered office in via Giacomo Medici 9/a, 35138 Padova (PD) – Italy – CF and VAT number 01071920282 – PEC: email@example.com – e-mail : firstname.lastname@example.org – Tel. +39 049 5001500, Fax +39 049 5001692, in the person of the pro-tempore legal representative.
DATA PROTECTION OFFICER
The Data Controller has appointed its own Data Protection Officer (DPO) pursuant to Article 37 of EU Regulation 2016/679. The latter is the point of contact for those who wish to receive information on the processing of their data. He can be contacted at the registered office of Ifin Sistemi, or at the e-mail address email@example.com
WHAT PERSONAL DATA WE PROCESS
Computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet. This category of data includes: IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources reqEUsted, the time of the reqEUst, the method used to submit the reqEUst to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. These data, necessary for the use of web services, are also processed in order to:
- obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or daily, geographical areas of origin, etc.);
- to check the correct functioning of the services offered.
Data provided voluntarily by users/visitors
The optional, explicit and voluntary sending of messages to the contact addresses of Ifin Sistemi, as well as the completion and submission of any forms on the site of Trustedchain, the sending of private messages sent by users to institutional profiles/pages on social media (where this possibility is provided), involve the acquisition of contact data of the sender, necessary to respond, and all personal data included in communications.
Specific privacy policies
Specific privacy policies will be present on the pages of the Site in relation to particular services or processing of data provided.
Cookies and other tracking systems
PURPOSE OF THE PROCESSING, LEGAL BASIS, PERIOD OF DATA RETENTION AND NATURE OF DATA PROVISION
- Navigation on the web site.
- LEGAL BASIS: Pursuit of the legitimate interests of the data controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail (Art. 6, lett.f) and recital 47 of the GDPR): processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail, taking into account the reasonable expectations of the data subject based on his/her relationship with the data controller. Activities strictly necessary for the operation of the site and the provision of the browsing service.
- NATURE OF PROVISION OF DATA: with the exception of that specified for navigation data (which are necessary in order to allow navigation of the website), the user is free to provide personal data.
- Eventual compilation of a special form of data collection for contacts.
- LEGAL BASIS: based on the execution of pre-contractual measures also adopted at the reqEUst of the interested party (art. 6, paragraph 1, letter b of the GDPR).
- DATA STORAGE PERIOD: 1 year.
- NATURE OF PROVISION OF DATA: the provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide data marked with the symbol *, will make it impossible to obtain what was reqEUsted or to use the services of the Owner.
- Register for courses/webinars by filling out the appropriate form.
- LEGAL BASIS: execution of a contract to which the interested party is a party or the execution of pre-contractual measures taken at the reqEUst of the same (art. 6, paragraph 1, lett. b GDPR), fulfillment of legal obligations (art. 6, paragraph 1, lett. c GDPR).
- DATA STORAGE PERIOD: The data provided will be stored for the duration of the course/webinar and for the next 10 years for administrative purposes.
- NATURE OF PROVISION OF DATA: the provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide the data marked with the symbol *, will make it impossible to obtain what is reqEUsted or to use the services of the Owner.
- Direct marketing.
In case the person concerned fills in dedicated forms for data collection, in specific areas with the purpose of direct marketing: subject to consent and until his opposition for direct marketing activities of the Data Controller, market research, direct sales, surveys of the degree of satisfaction, sending newsletters and promotional, commercial and advertising material or inherent events and initiatives, by the Data Controller by automated means of e-mail, telefax, SMS or other messages, as well as by telephone calls through an operator (not automated) and paper mail and other informative material.
- LEGAL BASIS: Consent (art. 6 par. 1 lett. a) of the GDPR): the data subject has given consent to the processing of their personal data.
- DATA STORAGE PERIOD: until the revocation of consent by the data subject.
- NATURE OF PROVISION OF DATA: the conferment of data is optional and in the absence of the same, your data will not be processed for the pursuit of the purposes B). Any denial will not affect the usability of the purposes A).
WHO THE RECIPIENTS OF THE DATA ARE
The data of a personal nature provided will be shared with subjects, who will process the data as data processors (art. 28 of EU Reg. 2016/679) and/or as natural persons acting under the authority of the Data Controller and Data Processor (art. 29 of EU Reg. 2016/679), for the purposes listed above. In particular, the data will be shared with:
- subjects that provide the management of the website, such as Net Banana sas di Ongarello Roberto & C.
- third parties who collaborate with the Data Controller for direct marketing activities;
- subjects that provide Webinar platforms, in order to use the service related to the chosen online event/training;
- competent Authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon reqEUst.
The subjects belonging to the above categories act as Data Processors,or operate completely independently as separate Data Controllers. The list of data processors is constantly updated and available by writing to firstname.lastname@example.org or at the registered office of Ifin Sistemi.
TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU
Personal data will not be transferred to non-EU countries.
The Data Controller does not use decision-making processes based on automatic processing, including profiling.
WHAT ARE THE RIGHTS OF THE DATA SUBJECT
The data subject has the right to request from Ifin Sistemi access to personal data and the rectification, or cancellation thereof, or the limitation of processing concerning him or her, or to object to their processing, in addition to the right to exercise the right to data portability, when possible, pursuant to Articles 15 to 22 of EU Regulation 206/679 (GDPR).
HOW TO EXERCISE RIGHTS
As a data subject, you may at any time exercise your rights using one of the following methods:
- by sending an e-mail to the Data Protection Officer at email@example.com
- by writing directly to the Data Controller: Ifin Sistemi Srl – Data Protection Manager, via Giacomo Medici 9/a, 35138 Padova (PD).
To stop receiving automated direct marketing communications (e.g. e-mail), simply write an e-mail at any time to firstname.lastname@example.org with the subject “cancellation from automated”.
To stop receiving traditional direct marketing communications (telephone calls with operator and paper mail), simply write an e-mail at any time to email@example.com with the subject “unsubscribe from traditional”.
RIGHT OF COMPLAINT
The data subject has the right to complain to the Guarantor for the protection of personal data, as a supervisory authority, based in Piazza Venezia n.11, 00187 Rome. Read the following link for further information in this regard.