PRIVACY POLICY
1. Introduction
Welcome to our website (hereinafter the “Site“). When you view our Site or use its services (hereinafter the “Services“), we collect information and personal data relating to you. For this reason, pursuant to the (EU) General Data Protection Regulation no. 2016/679 (“GDPR”) and to the national applicable legislation (together, “Data Protection Legislation“), we have created this document (hereinafter “Privacy Policy“) in order to describe the personal data we collect, the purposes and method of processing of these data, and the safety methods we adopt to protect it.
2. Data Source and Purposes of Processing
Navigation Data
The I.T. systems responsible for the correct operation of the Site acquire some of your personal data during the course of their operation; the transmission of this is implicit in the use of the Internet communication protocols. This information is not collected for the purposes of identifying you, however it may be if, for example, it were combined with information held by third parties. This category of data includes the IP address and domain of your computer or other devices you may use, the addresses of the requested resources in URI (Uniform Research Identifier) notation, , the time of the request, the method used to issue the request to the server, the size of the file obtained in response to the request, the numerical code indicating the status of the response (success, error, etc.) given by the server, and other parameters concerning your operating system.
We use these data for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning. We delete data collected in this manner immediately after processing. The data could be used to determine responsibility in case of computer crimes committed against the Services.
Registration Information and other Information Provided by the User
Using our Site does not require the creation of a personal account. However, the use of certain Services (e.g. newsletter, “MyAgedi” reserved area) will require the transmission of personal data, subject to appropriate dedicated information and to your expressed consent. We invite you to read the information notices specifically published on their corresponding pages so as to be aware of the purposes of the collection of data, whether the provision of data is mandatory, and the subjects to whom they may be transmitted or communicated.
Should you collect, process and communicate to us information related to third parties, you must do so pursuant to the applicable provisions of Data Protection Legislation, therefore providing said third parties with prior notice on the processing of their information and, where required, obtain free and express consent before performing such operations.
Purposes of the Processing
The provision of the above-mentioned information is necessary to allow you to use our Services, and to allow us to respond to your requests for information and/or activation of certain Services. Your refusal would prevent you from using our Services and prevent us from responding to your requests.
Lawful Basis for Processing
We will process your personal data only in the presence of one of the legal conditions required by current legislation, and specifically the legitimate interest of Agedi, with particular reference to the ordinary management and maintenance of the Site.
3. Data Processing and Storage Methods
We will process your data both on hardcopy and through electronic tools, but always in compliance with the security requirements specified by applicable legislation, with particular but not exclusive reference to Annex B of Italian Legislative Decree 196/2003 (minimum-security measures set forth in the Italian Data Protection Act Technical Specifications). Our security measures include contractual tools from any contractor (e.g. supplier of services) in order to guarantee the security and confidentiality of your personal data pursuant to the provisions of the Data Protection Legislation.
Your personal data are kept for the time strictly necessary to pursue the purposes for which they are collected and for the fulfillment of the applicable legal and regulatory obligations. The data will be permanently deleted or anonymised when the purposes indicated above have been achieved, except in cases where Agedi is required to archive them for a further period in order to comply with legal or regulatory requirements.
With particular reference to the legal protection of our rights, we specify that we adopt a retention period of personal data equal to ten years starting from the closure of the account, based on the ten-year limitation period referred to in art. 2946 of the Italian civil code.
4. Scope of Communication
Internal and External Communication of Personal Data
Your personal data may be processed internally by the persons in charge of the following functions:: IT, administration & accounting, sales, marketing & communication, operations, executive board, HR, legal. Your data may be also transmitted to the following categories of external parties: (professional and technical) providers of services and legitimate recipients in accordance with relevant laws.
Transfer of Data abroad
We may send your personal data to established third-party recipients within the European Union or European Economic Area. This transfer is not subject to limitations as any EU or EEA country guarantees an appropriate level of data protection. Your personal data may also be transferred to non-EU countries such as the Principality of Monaco whose level of data protection is acknowledged appropriate by European Commission. Your personal data may also be transferred to the Countries outside the European Union or the European Economic Area (so called Third Countries) when the European Commission decided that the Third Country ensures an adequate level of protection of personal data or, otherwise, in case of other appropriate safeguards, namely when the suppliers of UniCredit located in the Third Country ensure contractually a level of personal data protection appropriate to that of the European Union (e.g. through the signing of the standard contractual clauses provided by the European Commission) including enforceable and effective data subject’s rights.
Rights of the Data Subject
You may exercise the rights provided to you by the Data Protection Legislation at any time; for example you may your data, check their content, origin and accuracy, request updates, additions, modifications or deletions to the data, oppose the processing or request that this be limited, or make portability requests. To exercise these rights, please contact us using the details in section 5.
5. Data Controller
The Site and the Services are managed by Agedi Italia S.r.l., via Cerva 22, Milano, Italy, pec: agedi@legalmail.it, which acts as Data Controller.