The Data Controller
After consulting this site, certain data may be retained relating to identified or identifiable persons. The data controller in relation to the processing of such data is IPM Italia srl, with registered office in via Stradella 13, 20129 Milano (MI), Italy.
Place of data processing
Data processing associated with the web services is carried out exclusively by the technical personnel of the data processing department or by other specifically appointed technicians responsible for occasional maintenance operations. No data deriving from the web service are disclosed or diffused.
Aims and legal basis of data processing
The personal data supplied by users who send requests or intend to use the services or products offered via the site or to receive further specific contents are used exclusively in order to provide a fitting response to the requests or to conduct the service or action requested, and they are communicated to third parties exclusively if such action is necessary to achieve said aims. The legal basis for data processing lies in the need to reply to the requests of data subjects or to carry out the activities set down in agreements entered into with data subjects.
With the express permission of the user, the data may be used for commercial communication activities in relation to other products or services offered by the data controller. The legal basis for this form of data processing is the freely expressed consent provided by the data subject.
Apart from the foregoing cases, user navigation data are stored for the time strictly necessary to manage the data processing activities within the limits allowed by law.
Types of data processed
During normal operation, the computer systems and software procedures used for functioning of the site acquire certain personal data though the use of Internet communication protocols. Although this information is not collected in order to link it to identified data subjects, due to its nature it may allow users to be identified by means of processing and cross referencing with data held by third parties. This category of data includes IP addresses or domain names of the computers used by visitors to the site, addresses of the requested resources in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters concerning the user’s operating system and IT environment. These data are used exclusively to retrieve anonymous statistical information concerning the use of the site and to check its correct operation, and they are deleted after processing. The data may be used to establish the identity of perpetrators of any actions classified as computer crimes committed with the intention of harming website.
Data supplied voluntarily by the user
The optional, explicit and voluntary transmission of emails to the addresses provided on this site results in the subsequent acquirement of the sender’s email address, which is needed in order to answer requests, and also any other personal data supplied in the email. Specific summary privacy statements will be progressively included or displayed on the pages of the site provided to manage special optional services.
Cookies are text files that are saved on the hard disk of the user’s computer only once authorisation has been granted. Cookies are used to streamline web traffic analysis or to signal when a specific site is visited, and they allow web applications to send information to individual users. No personal data of users is acquired by the site in relation to the foregoing aspects. Cookies are not used to send information of a personal nature, and no so-called ‘persistent cookies’ or any type of user tracking systems are employed. The use of so-called ‘session cookies’ is strictly limited to the transmission of session identification data (composed of random numbers generated by the sever) necessary to allow safe and efficient navigation and use of the site. The session cookies used on the site eliminate the need to adopt alternative IT techniques that could impact negatively on the confidential nature of users’ navigation activities and they do not allow the acquisition of users’ personal data..
Optional conferment of data
Apart from the matters specified in relation to navigation data, the decision to supply personal data to request the services offered by the data controller is at the discretion of the user. Refusal to provide data may make it impossible to comply with requests.
Methods of processing and data retention times
Personal data are processed with automated systems for the time strictly necessary to achieve the aims for which they were collected. Specific security measures are implemented to prevent loss of data, illicit or unfair use of data, and unauthorised access to data.
Rights of data subjects
Within the limitations and under the conditions set down by the law, the data controller is required to respond to the requests of data subjects in relation to their data. In particular, under statutory legislation:
1. Data subjects have the right to require the data controller to confirm whether or not their personal data are being processed and, if so, to access their personal data and obtain the following information:
• the aims of data processing;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in other countries or international organisations;
• whenever possible, the planned period of retention of their data or, if not possible, the criteria employed to define such a period;
• the existence of the data subject’s right to request that the data controller rectify or erase his or her data or restrict the processing thereof, or to object to processing;
• the right to lodge a complaint before their competent data protection authority;
• if the data have not been collected directly from the data subject, all available information concerning their origin;
• the existence of any automated decision-making process, including profiling
2. The data subject is entitled to ask the data controller to rectify his or her data without unjustified delay. Taking into account the aims of data processing, the data subject is entitled to demand the integration of any incomplete personal data, also supplying a supplementary declaration.
3. The data subject has the right to ask the data controller to erase his or her data without unjustified delay and the data controller is obliged to erase the data without unjustified delay, within the limits and cases defined in statutory legislation. The data controller informs each recipient to which the personal data are transmitted of any rectifications or erasure or restriction of processing, within the limits and in the forms set down in statutory legislation.
4. Data subjects have the right to obtain from the controller restriction of processing of their data.
5. Data subjects have the right to receive the personal data they have provided to a controller in a structured, commonly used, machine-readable and interoperable format, and to transmit them to another controller without any impediment by the data controller to which the data were provided.
To exercise the above rights, the data subject must submit a request c/o the following contact points, which can also be used to contact the IMP Italia srl Data Protection Officer.
Requests must be addressed to the Data Controller by sending an email to firstname.lastname@example.org or by sending a registered letter to IPM Italia s.r.l. – Via Premuda 2, 20900 Monza, (MB) Italy. This contact method can be used to contact the data processing officer, if appointed by the Data Controller.