Privacy Policy

Information provided pursuant to Art.13 of EU Regulation 2016/679 (hereinafter the GDPR) and Art.13 of Italian Legislative Decree no. 196/2003, the “Data Protection Code” (hereinafter the Code).

1.GENERAL INFORMATION

Data subjects are hereby informed of the following general details, valid for all aspects of processing:

  • all the data of those data subjects with whom we interact is processed in a lawful, correct and transparent way, in compliance with the general principles set forth in Art.5 of the GDPR and Art.11 of the Code;
  • specific security measures have been taken to prevent any loss of data, any unlawful or improper use, and any unauthorised access, pursuant to Art.32 of the GDPR and Art. 31 of the Code.

References and the data subject’s rights

The Controller, in terms of processing personal data, is this Company, in the person of the legal representative pro-tempore. In order to ensure an adequate support to data subjects, the Controller has appointed a DPO, to whom data subjects may refer (contact details: Gregorio Galli – +39 0523.010250 – info@gallidataservice.com ) in order to exercise their rights as set forth in articles 15-21 of the GDPR and Art.7 of the Code (right to access, rectify and delete data, right to restrict processing, right to data portability and the right to oppose processing), as well as to revoke any consent previously granted; in the event that there is no response to a data subject’s request, a data subject may lodge a complaint with the supervisory authority duly appointed with regard to protecting personal data (GDPR – Art.13(2)(d)).

2. PROCESSING DATA CONNECTED TO THE FUNCTIONING OF THIS SITE 

Browsing data

The information systems and software procedures used to operate this site acquire, as part of their normal operation, certain personal data the transmission of which is implicit in the use of internet communication protocols. This involves information which is not collected in order to be associated to an identified data subject but which could, given its nature, through processing and association with data held by third parties, allow a data subject to be identified. This category of data includes the IP address or the domain name of the computer or device used by the user to access the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the numeric code indicating the status of the response given by the server (OK, error, etc.) and other parameters related to the user’s operating system and computer environment.

Purpose and legal basis for processing

(GDPR-Art.13(1)(c))

This data is only used to obtain statistical information on how the site is used and to check that it is functioning correctly. Data may be used to ascertain responsibility in the event of a supposed computer crime against the site (the Controller’s legitimate interests).
Communication scope

(GDPR-Art.13(1)(e) and (f))

Data may be processed exclusively by internal personnel, regularly authorised and trained to process such data (GDPR-Art.29) or, potentially, by personnel responsible for maintaining the web platform (appointed in this case as external processors). Data will not be communicated to any other party, nor disclosed or transferred to a country outside of the EU. Only in the event of an investigation will this data be made available to a competent authority.
Data retention period

(GDPR-Art.13(2)(a))

Data is normally held for short periods of time, with the exception of a possible extension as a result of an investigation.
Providing data

(GDPR-Art.13(2)(f))

Data is not provided by the data subject but is acquired automatically by the site’s technological systems.

Cookies

About cookies: Cookies are small fragments of text (letters and/or numbers) that enable a web server to store information on the client (the browser) to be re-used during the course of the same browsing session on the site (session cookies) or thereafter, even days after visiting the site (persistent cookies). Cookies are stored, based on the user’s preferences, by each individual browser on the specific device used (computer, tablet, smartphone). Similar technologies such as, for example, web beacons, transparent GIFs and all forms of local storage introduced by HTML5, are used to collect information on the user’s behaviour and how the services are used. Below, we will simply use the term “cookie” to refer to cookies and every other similar technology.

Possible first-party types of cookie and ways of managing preferences

CATEGORY PURPOSE MANAGING PREFERENCES
Browsing or session techniques To ensure normal browsing and use of the site Through the main browsers, you can:

  • Disable all (or some) types of cookie from being set as a default
  • View the analytical list of the cookies used
  • Delete all or some of the cookies which have been set

For information on the settings for each individual browser, see the specific paragraph. Note that if cookies are disabled or deleted, it might compromise your ability to browse the site.

Analytical techniques To collect information on the number of visitors and the pages viewed
Functional techniques To allow the site to be browsed on the basis of a series of selected criteria
Profiling To create profiles related to the user in order to send him/her advertising messages which are in line with his/her preferences

The site may contain links to third-party sites and third-party cookies; for more information, view the privacy policy related to any such connected sites.

Managing preferences through the main browsers

The user may decide to accept, or otherwise, cookies through his/her browser settings (note that, by default, almost every web browser is set to automatically accept all cookies). Settings can be modified and defined in a specific way for the various websites and web applications. Furthermore, the best browsers allow you to set different settings for “proprietary” cookies and “third-party” cookies. Generally, cookies can be configured from the “Preferences”, “Tools” or “Options” menu.

Given below are links to guides on how to manage cookies in the main browsers:

Internet Explorer: http://support.microsoft.com/kb/278835

Internet Explorer [versione mobile]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings

Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647

Safari: http://docs.info.apple.com/article.html?path=Safari/5.0/en/9277.html

Safari [versione mobile]: http://support.apple.com/kb/HT1677

Firefox: http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies

Android: http://support.google.com/mobile/bin/answer.py?hl=en&answer=169022

Opera: http://help.opera.com/opera/Windows/1781/it/controlPages.html#manageCookies

Further information

Specific services

The site may contain data collection forms aimed at ensuring that the person browsing the site has access to certain services/features (e.g.: information requests, registrations, etc.).

Purpose and legal basis for processing

(GDPR-Art.13, comma 1, lett.c)

Identifying and contact details may be required in order to be able to respond to the data subject. Sending a request is subject to the data subject’s specific, freely given and informed consent (GDPR-Art.6(1)(a))
Communication scope

(GDPR-Art.13, comma 1, lett.e,f)

Data is processed exclusively by personnel regularly authorised and trained to process such data (GDPR-Art.29) or, potentially, by personnel responsible for maintaining the web platform or for providing the service (appointed in this case as external processors). Data will not be disclosed or transferred to a country outside of the EU.
Data retention period

(GDPR-Art.13, comma 2, lett.a)

Data will be stored for the time needed to achieve the purpose or purposes for which it was collected
Providing data

(GDPR-Art.13, comma 2, lett.f)

Providing data marked as mandatory is needed in order to be able to obtain a response, whilst the optional fields are designed to provide staff with further useful information to facilitate contact.

Data supplied voluntarily by users

The optional, explicit and voluntary sending of an email and/or a letter through the postal system to one or more of the addresses indicated on this site leads to the subsequent acquisition of the sender’s address, which is needed in order to respond to his/her request. Any other personal data given in the email or letter will also be acquired. If the sender sends his/her CV to apply for a position or for our records, he/she remains solely responsible for the relevance and accuracy of the data sent. Note that any CV that does not include authorisation for the data therein to be processed will be deleted immediately.

3. PROCESSING DATA CONNECTED TO RELATIONSHIPS ESTABLISHED WITH CLIENTS AND SUPPLIERS

3.1 The subject of the processing

The company processes identifying personal data of clients/suppliers (for example, first name, last name, company name, contact and tax details, address, telephone number, email address, bank and payment details) and their operational contacts (first name, last name and contact details). Such data is acquired and used within the scope of carrying out the services provided.

3.2 Purpose and legal basis for processing

Data is processed:

  • to conclude contractual/professional relationships/dealings;
  • to fulfil pre-contractual, contractual and tax obligations deriving from existing relationships as well as to manage the necessary communications connected to such relationships;
  • to fulfil an obligation required by law, regulation, EU legislation or upon the order of a recognised Authority
  • to exercise the Controller’s legitimate interests as well as the Controller’s rights (for example, the right to defend itself in a court of law, to protect itself against creditors, ordinary internal needs related to operations, management and accounting).

If the aforementioned data is not provided in full, the Controller will not be able to establish a relationship with the data subject. The aforementioned purposes represent, pursuant to Art.6(b), (c) and (f) the suitable legal basis for the data to be lawfully processed. Should there ever be an intention to process data for different purposes, the data subject will be asked for his/her specific consent.

3.3 Methods used to process data

Processing personal data is done using those operational means indicated in Art. 4(2) of the GDPR and, specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, extraction, alignment, use, combination, block, dissemination, erasure or destruction of the data. Personal data is subject to processing both on paper and electronically and/or with automated means. The Controller will process personal data for the time needed to achieve the purposes for which the data was collected and as related to any legal obligation.

3.4 Processing scope

Data is processed by internal personnel regularly authorised and trained pursuant to Art.29 of the GDPR. It is also possible to request the communication scope of the personal data, obtaining precise details about any external party that operates as an autonomous Processor or Controller (consultants, technicians, banking institutes, couriers, etc.).

4. UPDATES TO THE POLICY

Note that this advisory note may be updated following a periodic review, as well as in relation to applicable legislation and case law. In the event of any significant changes, an appropriate message or communication will be given, within a reasonable time, on the site’s home page. We recommend, however, that this policy be reviewed periodically.

This site requires the use of certain categories of cookies for several reasons. To get more information on the categories of cookies used and limit their use, see the cookie policy.