The methods of managing the website in relation to the processing of personal data of users who, as data subjects, consult it are described below.
The information provided below, pursuant to art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter also only GDPR) and of the national legislation on the protection of personal data, is given to those who interact with Lascod S.p.A. starting from the address: www.lascod.it
HOLDER OF THE TREATMENT
The holder of personal data is Lascod S.p.A., based in Sesto Fiorentino (FI), via Longo 18.
The contact details of Lascod S.p.A. are: the Legal Specialist, who can be contacted at the following address: email@example.com.
RESPONSIBLE FOR DATA PROTECTION
The Data Protection Officer is the Data Protection Officer of Lascod S.p.A., to which the user can direct all questions or requests for information, provided that the conditions exist, using the email firstname.lastname@example.org.
PERSONS AUTHORIZED TO PERSONAL DATA PROCESSING
The processing of personal data of users of the site is handled exclusively by personnel authorized to process by the owner or managers of the treatment.
The interested party can know the identity and contact details of the data processors, by sending a specific request by e-mail to the addresses indicated above.
The user is free to provide or not the personal data requested.
The types of personal data collected and processed are those necessary for the provision of the services provided and the activities carried out. Therefore, if these data were not provided, the services or activities that require them cannot be provided.
In compliance with art. 13 of the GDPR, at the time of the possible provision of data to the interested party, an information is provided indicating the owner and the data processors and the related contact data, the purposes and methods of the treatments, the mandatory or optional nature of the provision of the data, the consequences of the failure to provide, the subjects or categories of subjects to whom the personal data may be communicated and the scope of dissemination of the data, the retention period of the data and the rights recognized to the interested party by the GDPR (right to withdraw consent, to propose a complaint to the Guarantor for the protection of personal data, access, integration, updating, correction, cancellation for violation of the law, opposition to treatment, limitation, portability, etc.).
The individual is asked to give informed consent, free, expressed in specific form and documented in the form provided by GDPR and national legislation on protection of personal data, when requested by them. If personal data transfers take place in stages, they will be provided additions to the information already made previously and required, if any, new consents to treatment arranged by GDPR and national legislation on protection of personal data.
PURPOSE AND METHODS OF TREATMENT (INCLUDING PROFILING) AND SAFETY MEASURES.
The personal data collected are generally processed to enable site navigation, to provide the services and activities required to improve the quality of services. With the express consent of the user, the processing of his personal data directly by Lascod S.p.A. for marketing purposes it may subsequently take place, in compliance with the reference legislation, with the use of remote communication techniques such as telephone, even without operator, e-mail, etc.
The provision of data for this purpose is optional and the processing requires the consent of the interested party. The consent given for sending commercial and promotional communications through automated tools also extends to traditional contact methods. In any case, the user can verify, revoke or confirm his choices with a request by email to the address email@example.com.
The data processing is done with electronic and computer systems, according to logic strictly related to the aforementioned purposes and, anyway, in such a way as to ensure the security and confidentiality of the data. Secure tools are used to protect personal data from undue disclosure, alteration or misuse, through the use of protected data networks, industry standard firewalls and password protection. The protections activated against personal data are intended, in particular, to minimize the risks of destruction or loss, even accidental, of data, of unauthorized access or of treatment not allowed or not in accordance with the purposes of the collection. These security measures meet the requirements indicated in art. 32 of the GDPR.
With the express consent of the user, data analysis activities are carried out with electronic tools in order to conduct analyzes in view of a potential selective marketing according to the user profile, in order to offer targeted offers. Consent to profiling is expressed with an explicit user option on a screen, which contains the information text in which the main elements of the treatment are summarized. The user can, subsequently, always verify, revoke or confirm his choices with a request via email to the address firstname.lastname@example.org.
Failure to consent to profiling activities would make it impossible to improve the marketing offer in order to make it conform to users’ interests.
The profiling of users takes place through the use of identifiers (authentication credentials, etc.) which are necessary to bring back certain identified or identifiable subjects to certain classes of segmentation of personal data, also through crossings of the personal data collected in providing the service. The treatment, being carried out with the aid of electronic tools to define the profile of the interested party, is subject to an impact assessment on data protection pursuant to art. 35 and 36 of the GDPR. The interested party always has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way, according to the provisions of art. 22 of the GDPR.
The software used to operate the site, in addition to allowing using cookies to perform profiling activities above, may also acquire, during their normal operation, some personal data relating to navigation, whose transmission is implicit in the protocols of Internet communication, in order to check the correct functioning of the site and obtain information on its use. The layout (LOG) of the connections / navigations made is kept in accordance with the provisions of the law to respond to any requests from the judicial authority or other legitimate public body for ascertaining any liability in the event of computer crimes.
DATA PROVIDED BY THE USER
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. These personal data will be used for the sole purpose of carrying out the service or provision requested.
In addition to those freely provided by the user, the following data will be collected in connection with and in relation to navigation:
- IP address
- file consulted
- access date and time
- browser and operating system used
COMMUNICATION OF DATA
Personal data may be disclosed to third parties to fulfill legal obligations, or to comply with orders from legitimate public authorities or to assert or defend a right in court.
If necessary in relation to particular services or products requested, it may be necessary that personal data must be communicated to third parties who could perform, as independent data controllers, functions strictly connected and instrumental to the provision of these services or to the provision of said products. Without the communication, necessary for the execution of the services, these services and products could not be provided.
With the consent of the interested parties, if required by law, and in any case subject to adequate information specifying the various purposes, personal data may possibly be disclosed to third parties, public and private, unrelated to Lascod SpA, who will treat them as autonomous owners of the treatment. Of the processing of personal data carried out by said third parties Lascod S.p.A. is in no way responsible.
Personal data will not be disclosed, unless the requested service requires publication of the name.
Again within the aforementioned purposes, the data could also be transferred outside the EU, in compliance with the adequacy decisions or in compliance with the appropriate or appropriate guarantees adopted by the EU Commission or in any case in compliance with what is otherwise provided for by the current provisions: to obtain a copy of these data or the place where they were made available, write to email@example.com
The GDPR articles 15-22 grant the interested party a series of rights that can be exercised towards the data controller concerning him/her.
In particular, he/she is granted the right of access to personal data, of rectification or cancellation of the same, of obtaining the limitation of the treatment or the opposition to the same and portability.
The right of access to data can be exercised at reasonable intervals, in order to have correct and constant information on the treatment and to verify its lawfulness.
The right to erasure concerns personal data processed in violation of the law or in the other cases provided for by art. 17 of the GDPR.
The interested party can obtain from the data controller the limitation of the processing for the period necessary for the verification of the personal data whose accuracy it disputes, or when the processing is illegal, preferring the limitation on the cancellation of the data, or if he needs to have available such data for the assessment, exercise or defense of a right in court, even if the owner no longer needs it for processing purposes, or for the period necessary to verify the possible prevalence of legitimate reasons of the owner with respect to the interested party and for whom the latter opposed the treatment. In case of limitation, personal data will be processed only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest of the European Union or of a Member State. In any case, the interested party will be informed by the owner before he proceeds to revoke this limitation.
For reasons connected to his situation, the interested party has the right to object to the processing of data necessary for the execution of a task of public interest or connected to the exercise of public powers with which the data controller is invested, or for the pursuit of the legitimate interest of the owner. The owner will refrain from further processing such data, unless it demonstrates the existence of binding legitimate reasons that prevail over those of the interested party. The latter may object to the processing at any time when personal data are processed for direct marketing purposes, including profiling. The right to object to the processing of data for marketing purposes carried out with automated contact methods extends to traditional ones, without prejudice to the possibility of the interested party to exercise this right in whole or in part, that is, by opposing, for example, the only sending promotional communications made through automated tools.
The interested party has the right to data portability (the possibility of receiving the data provided and possibly transmitting it to another data controller) in cases where it is allowed by the GDPR (art. 20).
The interested party has the right not to be subjected to a decision based exclusively on automated processing, including profiling. Exceptionally, this type of treatment is possible if authorized by Union or Member State law to which the owner is subject, or if permitted by him or if necessary for contractual purposes. In the last two cases, the interested party still has the right to obtain human intervention from the owner, to express his opinion and to contest the decision. With the consent of the interested party and appropriate measures to protect rights, freedoms and legitimate interests, this type of treatment can also concern particular personal data.
For the exercise of these rights, the interested party can contact the contacts indicated above.
Personal data are processed with automated tools for the time strictly necessary in relation to the purposes of collection and fulfillment of the purpose, after which they are usually anonymized and/or deleted. In particular:
- for the information requested, the deadline is the one necessary for the documentation of the activities carried out for the purpose of the feedback, which is indicated in 18 months;
- for processing for marketing purposes and for profiling purposes, the data retention period is 24 months from the data collection or from the last activity of the interested party.
Without prejudice to the right of the interested party to always ask for the cancellation and / or anonymization of his / her data, at the time indicated for the storage of the data, Lascod S.p.A. you can ask the interested party by e-mail to express their expressed desire to further store the data (possibly updating them) for a further two-year period. In the absence of express consent to the conservation, the data will be deleted or made anonymous.
On this site Lascod S.p.A. uses so-called “cookies” in order to allow easy use, in compliance with the reference legislation, in particular with provision no. 229 of 8 May 2014 of the Guarantor Authority for the protection of personal data.
Cookies are small text files containing information that, sent to your browser, remain stored on the hard disk of your computer, mobile phone or other device. From your browser settings you can choose to receive a notification every time a cookie is sent to you. The notification message, in particular, will ask you whether or not you wish to accept the cookie. However, we specify that some of the functions or services available on our website cannot be used properly if you have disabled the sending of cookies.
Cookies are used for different purposes: execution of IT authentication, session monitoring, storage of information on specific configurations regarding users accessing the server, storage of preferences, etc.
The information collected with cookies is also collected to increase the security and / or improve the functionality of the site, avoid the repeated insertion of data, facilitate navigation and enhance the content.
Here are some examples of cookies that can be used on the pages of our website:
a) Strictly necessary cookies. Fundamental cookies to navigate our website and use its functions, without which the services you have requested (e.g. saving your job request, adding products to the shopping cart or starting the payment procedure) cannot be supported.
b) Performance / analytical cookies. Cookies that collect data on how visitors use our websites, including the country of access. These data allow us to identify and quantify the number of visitors and to monitor their browsing while using the site. All data collected by these cookies are presented in aggregate form and are therefore not collected to trace the visitor’s identity.
c) Functionality cookies. Cookies used to recognize a user with each access to our website. In this way it is possible to customize the contents according to the user’s preferences (for example, call him by name at the time of access and keep the choice of language or geographical area memorized).
WEBSITES AND THIRD PARTY SERVICES
To comply with current legislation, you will see a message requesting consent to send cookies to your device on our website. After confirming your consent, you will no longer see this message appear on the next visit. If you or another user who uses your PC wants to withdraw your consent later, you can do so by changing the settings of the browser used. To find out more about cookies, visit www.allaboutcookies.org.