Why this notice
This page describes the methods for managing the IRTEC S.p.A. website with regards to handling the personal data of the "users" who browse it.
This information is provided also pursuant to art. 13 of Law Decree 196/2003 (Law on Personal Data Protection) to those interacting with the Web services of IRTEC S.p.A. starting from the address: firstname.lastname@example.org
The information is only provided for this website and not for any other Websites browsed by the user via suitable links.
The information is also inspired by Recommendation no. 2/2001 that the European Authorities for personal data protection, gathered in the Group established by art. 29 of directive no. 95/46/EC, adopted on 17 May 2001 to identify some minimum requirements for collecting personal data on-line, specifically, the methods, timing and nature of the information that the data controllers must provide to users when the latter connect to web pages, regardless of the purposes of the connection.
Place of data handling
Data handling connected to the web services of this website take place at the above mentioned premises of IRTEC S.p.A. and are only handled by the personnel of the offices in charge of processing, or any persons charged with occasional maintenance operations. No data arising from the web service is communicated or disclosed, except as specified below.
The personal data provided by users who send requests for sending information material (newsletter, replies to queries etc.) are only used to perform the requested service and are disclosed to third parties only if required for that purpose.
Type of processed data
The information systems and software procedures for operating this website acquire during their normal operation certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated to identified concerned individuals, but by its own nature it might make it possible to identify users, through processing and associations with data held by third parties.
This category of data includes IP address or domain names of the computers the users connect to the website with, URI (Uniform Resource Identifier) notation addresses of the required resources, time of the request, method used in submitting the request to the server, size of the file obtained in reply, numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operative system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information about site use and to check its correct operation and are deleted immediately after processing. The data might be used to ascertain responsibility in case of hypothetical computer crimes against the website: except for this possibility, the web contact data do not currently persist longer than seven days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mail to the addresses listed on this site involves subsequent acquisition of the sender's address, required to respond to requests, as well as any other personal data included in the message.
Specific summary information will be progressively included or displayed on the website pages dedicated to special services on demand.
Users who voluntarily register with the newsletter in order to receive all general information issued by IRTEC S.p.A. may view the suitable privacy information by clicking on the special link "Information on this group".
The provision of data is compulsory for reasons of normal business and administrative practice and failure to provide them might involve the breach of contract and/or the relationship and/or contact as well as the inability to fulfil the request.
No user personal data is acquired by the website on purpose.
In compliance with the General Provision of the Privacy Guarantor no. 229 of 8 May 2014, it is noted hereby that no cookies are used for transmission of information of a personal character, nor are so called persistent cookies of any kind used, i.e. systems for profiling and/or tracking users [s.c. profiling cookies – art. 1, lett.b)].
The use of so called session/technical cookies (that are not stored persistently on the user's computer and disappear when the browser is closed) is strictly limited to transmission of session identifiers (consisting of casual numbers generated by the server) required to permit safe and efficient website browsing.
The so called session/technical cookies used in this website prevent making use of other computer techniques potentially detrimental to the privacy of users' browsing and do not allow the user's identification data to be acquired.
This website also uses cookie analytics used directly by the manager exclusively to collect information, in aggregated form, on the number of users and on how they visit the website.
The processing undergone by the required or acquired personal data, either prior to the initiation of any contact and/or business, cooperation or employment relation, has the purpose of complying with statutory and contractual obligations and verifying correct compliance with these obligations by IRTEC S.p.A. for it to best exercise its institutional activities.
Pursuant to article 13 of the Code and art. 3 of the Privacy Code of Ethics, the following information is therefore provided.
Processing that may be effected by the Law Firm, also in compliance with General Authorisation no. 4/2014, with General Authorisation no. 7/2014 and with the Authorisation to processing judicial data and sensitive information related to the mediation activity aimed at reconciliation of civil and commercial disputes of 21 April 2011:
- shall be carried out via computer system and/or by collecting paper documentation and pursues the specific aims set out in the letter of appointment and/or in the information provided at the establishment of the professional relationship, as well as for compliance with the prescribed tax fulfilments, related to accounting and tax declarations as well as any fulfilments set out by AML regulations (Law Decree 21 November 2007, no. 231 and subsequent application and implementation regulations - Ministerial Decree 16 April 2010);
- the provision of data is mandatory and any failure to do so may make it impossible to perform the mandate;
- the data may/shall be disclosed to the Authorities for sole AML purposes and Judiciary Administrations in general;
- the data may be disclosed both nationally and internationally, in the EU as well as in other countries, for the same purposes;
- in compliance with the general Provision of 28.11.2008 of the Guarantor, the data may be disclosed to the System Administrator;
- the data shall not be disclosed to other third parties, unless by obtaining your prior and explicit consent.
The data shall be processed using methods and instruments to guarantee confidentiality and shall be carried out through electronic or automated means (network computer not accessible to the public and/or through cloud computing services contractually guaranteed) and via non automated means (paper archives), both equipped with adequate safety measures, such as personalised passwords with exclusive access, personal ID code and control over archive access.
The Data Controller
Data Controller is the Legal Representative, namely Mr. Andrea Rinati, located in (MO) via G. Mameli, 12/14 – 41014 Castelvetro di Modena, ph. 059/790500, fax. 059/790746, email: email@example.com – certified email firstname.lastname@example.org
Rights of the persons concerned
The persons who the personal data refer to have the right at any time to obtain confirmation of the existence or otherwise of such data and to know their content and origin, verify accuracy or request its integration or updating, or correction (articles 7, 8, 9 and 10 of Law Decree no. 196/2003 reproduced below for your convenience).
Pursuant to these articles, one has the right to request cancellation, transformation into anonymous form or blocking the data handled in breach of the law, as well as to object to their handling in any case, for legitimate reasons.
Requests must be sent to the Data Controller by writing to the following email address: email@example.com.
This privacy information may be automatically checked by the most recent browsers that implement the P3P standard ("Platform for Privacy Preferences Project") put forth by the World Wide Web Consortium www.w3c.org.
Every effort shall be made to make the features of this website as interoperable as possible with the mechanisms of automatic privacy control available in some products used by the users.
Art.7 - Right to access personal data and other rights
- The person concerned has the right to obtain confirmation of the existence of personal data concerning them, even if not yet registered, and their communication in intelligible form.
- The person concerned has the right to obtain information:
- on the origin of personal data;
- on the aims and methods of processing;
- on the logic applied in case of processing with the aid of electronic devices;
- on the identification details of the controller, managers and appointed representative pursuant to article 5, subparagraph 2;
- on the entities or categories of entities to whom the personal data may be disclosed or who might become aware of them in their position of appointed representative within the State, managers or agents.
- The person concerned has the right to obtain:
- updating, rectification or, where interested therein, integration of the data;
- the cancellation, anonymisation or blocking of data processed unlawfully, including data that need not be stored for the purposes for which the data were collected or subsequently processed;
- certification that the operations as per letters a) and b) have been notified, also as regards their content, to those to whom the data was communicated or disclosed, except where this fulfilment should prove impossible or involves the use of means disproportionate to the protected right.
- The person concerned has the right to object, wholly or in part:
- for legitimate reasons to the processing of personal data concerning them, albeit pertinent for the purposes of collection;
- to the processing of personal data for purposes of sending advertising materials or direct sales or for carrying out market surveys or commercial communication.
Art.8 - Exercising the rights
- The rights as per article 7 are exercised via a request sent with no formalities to the controller or manager, also via an agent, which is adequately acknowledged without delay.
- The rights under article 7 may not be exercised with a request to the owner or manager or an action under Article 145, if the processing of personal data is carried out:
- based on the provisions of Law Decree 3 May 1991, no. 143, transposed, with amendments, into law of 5 July 1991, no. 197, as amended, concerning money laundering;
- based on the provisions of Law Decree 31 December 1991, no. 419, transposed, with amendments, into law of 18 February 1992, no. 172, as amended, concerning support for victims of extortion;
- by parliamentary investigation committees set up pursuant to article 82 of the Constitution;
- by a public body other than government-owned companies, according to an express provision of law, exclusively for purposes related to monetary and currency policy, the payment system, control of brokers and credit and financial markets as well as the protection of their stability;
- pursuant to article 24, subparagraph 1, letter f), limited to the period during which it might result in an actual and concrete detriment for the performance of defensive investigations or the exercise of legal claim;
- by providers of electronic communication services available to the public concerning incoming phone calls, unless this might result in an actual and concrete detriment for the performance of defensive investigations pursuant to the Law of 7 December 2000, no. 397;
- for reasons of justice, at judicial authorities at all levels and degrees or the Supreme Judicial Council or other self-governing bodies or the Ministry of Justice;
- pursuant to article 53, without prejudice to the provisions of law of 1 April 1981, no. 121.
- The Guarantor, also acting on a report by the person concerned, in the cases under sub-paragraph 2, letters a), b), d), e) and f), takes action in the manners as per articles 157, 158 and 159 and, in the cases as per letters c), g) and h) of the same sub-paragraph, takes action in the manner set forth by article 160.
- The exercise of the rights under article 7, when not concerning objective data, may take place unless it concerns rectification of or additions to personal evaluation data relating to opinions or other subjective estimations, as well as the indication of conducts to be implemented or decisions being taken by the data controller.
Art.9 - Methods for exercising
- The request to the controller or manager may even be sent by registered letter, fax or email. The Guarantor may identify other suitable system with regards to new technological solutions. When concerning the exercise of the rights under article 7, sub-paragraphs 1 and 2, the request may also be expressed in speaking, in which case it is synthetically noted down by the agent or manager.
- In exercising the rights under article 7 the person concerned may grant a written proxy to individuals, institutions, associations or organisations. The person concerned may also be assisted by a trusted person.
- The rights under article 7 referring to the personal data of deceased persons may be exercised by those acting in their own interest, or to protect the person concerned or for family reasons deserving protection.
- The identity of the person concerned is verified on the basis of suitable assessment elements, also via deeds or available documents or by showing or attaching a copy of an ID document. The person acting on behalf of the person concerned exhibits or attaches a copy of the proxy, or of the delegation signed in the presence of an agent or signed and submitted with a non-authenticated photocopy of an ID document of the person concerned. If the person concerned is a legal person, entity or association, the request is filed by the physical person entitled under the respective statutes or regulations.
- The request pursuant to Article 7, sub-paragraphs 1 and 2 is formulated freely and without constriction and may be renewed, unless there are justified reasons, after no less than ninety days.
Art.10 - Acknowledgement to the person concerned
- To assure the actual exercise of the rights pursuant to Article 7, the data controller shall implement suitable measures, specifically aimed at:
- to facilitate access to personal data by the person concerned, also through the use of appropriate computer software supporting accurate selection of the data concerning individual identified or identifiable persons concerned;
- simplify the procedures and reduce the delay for the response to the applicant, even within offices or services dealing with public relations.
- The data are extracted by the manager or agents and may be communicated to the requesting party also verbally, or displayed by electronic means, provided that in such cases the data are easily understood, also in view of the quality and quantity of the information. If requested, transposition of the data on paper or magnetic media, or electronic transmission are provided.
- Unless the request concerns either a specific processing or specific personal data or categories of personal data, the response to the person concerned includes all personal data concerning them as processed by the controller. If the request is made to a health professional or a health agency the provision of Article 84, sub-paragraph 1 is complied with.
- When the data retrieval is especially difficult, the response to the request by the person concerned may also consist in producing or delivering copy of records and documents containing the personal data requested.
- The right to obtain communication in an intelligible form of the data does not apply to personal data relating to third parties, unless breaking down the processed data or eliminating certain elements makes the personal data relating to the person concerned incomprehensible.
- Data communication is effected in intelligible form also by using legible handwriting. In case of communication of codes or abbreviations, the parameters for understanding their meaning are supplied, also by means of the appointed persons.
- When, following the request as per article 7, sub-paragraphs 1 and 2, letters a), b) and c) the existence of data concerning the person involved is not confirmed, a fee not exceeding the costs actually incurred for the search made in the specific case may be requested.
- The fee referred to in sub-paragraph 7 may not in any case exceed the amount determined by the Guarantor with general provision, which may define it as a flat rate in relation to the case where the data are processed by electronic means and the response is provided verbally. With the same provision the Guarantor may provide for the fee to be charged if the personal data are contained on special media whose reproduction is specifically required, or when a significant use of resources takes place by one or more controllers, in relation to the complexity or extent of the requests and the existence of data concerning the person involved is confirmed.
- The fee referred to in sub-paragraphs 7 and 8 may also be paid by postal or bank transfer, or by debit or credit card, where possible upon receiving the relevant response and in any case within fifteen days of said response.