Informative note on privacy

INFORMATION NOTE

pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) 

 

Dear User, Immsi S.p.A. welcomes you to our website www.immsi.it(the “Website”) and invites you to pay attention to the following information (the “Information Note”), issued pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data, as well as on the free movement of such data (“GDPR”).

This document describes how to manage the Website in relation to the processing of your personal data by the Data Controller, as defined below. Furthermore, it is specified that the Information Note only concerns the Website, therefore any website that you may redirect to from the Website is excluded..

1. WHO IS THE DATA CONTROLLER AND THE DPO?

The Data Controller is Immsi S.p.A., with registered office in Piazza Vilfredo Pareto, 3 - 46100 Mantova(the “Data Controller”). It is possible to contact the Data Controller at the telephone number 0376/2541, or by writing to its registered office.

The Data Protection Officer (“DPO”) appointed by the Data Controller pursuant to Articles 37 et seq of the GDPR is Immsi Audit S.p.A. (in the person of the Managing Director Maurizio Strozzi). You can contact the DPO at the telephone number 0376/24641, by ordinary mail at Piazza Vilfredo Pareto, 3 - 46100 Mantova, or by sending an e-mail to privacy@immsi.it.

The updated list of the Data Processors and staff involved in processing is kept at the registered office of the Data Controller.

2. WHAT IS THE PERSONAL DATA? WHAT ARE THE PURPOSES OF THE PROCESSING OF YOUR DATA?

“Personal Data” means information suitable for identifying a physical person directly or indirectly, in this case you as you are browsing on the Website (“Data”).

During their normal operation, the computer systems and software procedures used to operate this Website acquire some personal data whose transmission to the Data Controller is implicit in the use of internet communication protocols.

This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through its processing and association with data held by third parties, allow users to be identified.

This category includes IP addresses, or domain names, of the computers used to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the timestamp of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (successful, error etc.), and other parameters pertaining to the user’s operating system and IT environment.

Your data may be collected and processed in order to carry out any activity concerning the management and administration of the Website.

In any case, we are committed to ensuring that the information collected and used is appropriate to the purposes described and that this does not lead to an invasion of your personal sphere.

Apart from that specified for browsing data, the user is free to provide personal data contained in the appropriate electronic request forms, in the sections of the Website prepared for particular services on request.
The request for sending e-mails to the addresses indicated in the appropriate section of the Immsi S.p.A. Web Site involves the acquisition of some personal data of the applicant necessary to respond to requests.
Specific summary information will be progressively shown or displayed on the website pages dedicated to any particular service requested.         

Immsi S.p.A. does not allow minors of under 16 years of age to supply personal data.

3. WHAT METHODS WILL HAVE BEEN USED TO PROCESS YOUR PERSONAL DATA?

The processing of your personal data shall take place in compliance with the provisions of the GDPR, by means of physical, computerised and telematic tools, with logic strictly related to the purposes indicated and, in any case, with suitable methods to guarantee security and confidentiality in compliance with to the provisions foreseen by Article 32 of the GDPR. Your personal data will not be transferred to third parties outside the European Union and will not be disseminated.

4. WHERE DO WE TRANSFER YOUR DATA?

The server farm in which the Website is located is situated in Milan.

Your data are not transferred to third-party companies located outside the European Economic Area. Should this transfer be necessary, we will take care to ensure that the recipients of your data have adopted appropriate security measures to guarantee their protection.

5. HOW LONG DO WE RETAIN YOUR DATA?

We process your data for the time strictly necessary to achieve the purposes indicated in paragraph 2 above.  

We reserve the right to retain log data for a longer period, in order to be able to manage any crimes committed against the Website (e.g. hacking activities).

 6. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT REGARDING PROCESSING?

In relation to the processing described in this Information Note, you may exercise the rights listed in this section, set out in Articles 15 to 21 of the GDPR. In particular:  

  • Management of your data – Right of access – Article 15 of the GDPR: the right to obtain confirmation from the Data Controller about whether or not personal data processing is underway concerning you and, if so, to obtain access to your personal data - including a copy thereof - and the communication of the following information:

a)   purpose of the processing;

b)   categories of personal data processed;

c)   recipients or categories of recipients to whom personal data have been or will be communicated;

d)   data retention period or the criteria used to determine it;

e)   the existence of the right to ask the Data Controller to rectify or delete personal data, or limit the processing of personal data concerning the data subject, or the right to object to such processing;

f)    the right to lodge a complaint with the competent authority;

g)   the origin of the personal data, if these were not collected directly;

h)   the existence of any automated decision-making processes, including profiling.

 

  • Rectification of inaccurate or incomplete information – Right of rectification – Article 16 of the GDPR: the right to obtain, without undue delay, the correction of inaccurate personal data concerning you or the integration of incomplete personal data.
  • Cancellation – Right to cancel – Article 17 of the GDPR: the right to obtain, without undue delay, the correction of inaccurate personal data concerning, whenever:

a)   the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;

b)   you have revoked your consent and there is no other legal basis for the processing;

c)   you have objected strictly to the processing of personal data;

d)   the data were unlawfully processed;

e)   the data must be deleted to comply with a legal obligation;

f)    the personal data have been collected in relation to the provision of information society services referred to in Article 8 (1) of the GDPR.

g)   If you no longer wish for us to use your information, you may request the deletion of your personal data. We inform you that if you request the deletion of your personal data, we may store and use your personal data to the extent that this is necessary to comply with legal obligations or to perform a task carried out in the public interest or for the exercise of a public authority attributed to the Data Controller, or for the assessment, exercise or defence of a right in court. By way of example, we may retain some of your personal data for tax, legal and audit obligations.

  • Limitation of processing – Right to limitation of processing – Article 18 of the GDPR: right to obtain the limitation of processing from the Data Controller, if:

a)   you dispute the accuracy of personal data for the period necessary for the Data Controller to verify the accuracy of such personal data;

b)   the processing is illegal and you are opposed to the cancellation of personal data and ask instead that its use be limited;

c)  although the Data Controller no longer needs it for processing purposes, the personal data are necessary for you to ascertain, exercise or defend a right in court;

d)   you have objected to the processing pursuant to Article 21, paragraph 1 of the GDPR pending verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to yours.

 

  • Access to data and portability – Right to data portability – Article 20 of the GDPR: the right to receive, in a structured format which is commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transfer them to another Data Controller without impediments, if the processing is based on consent and is performed with automated means. Furthermore, the right to ensure that your personal data is transferred directly by the Data Controller to another Data Controller if this is technically feasible.
  • Complaints – to file a complaint with the competent Authority regarding personal data, sending the complaint to: Piazza di Monte Citorio no. 121 - 00186 Rome; email: protocollo@pec.gpdp.it.

The above rights may be exercised against the Data Controller by contacting the references indicated in the previous point 1. The Data Controller shall handle your request and provide you, without undue delay and, in any case, no later than one month after receipt of the request, with information relating to the action taken regarding your request.

The exercise of your rights as a data subject is free of charge under Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, including due to their repetitiveness, the Data Controller may charge a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.

Finally, we inform you that the Data Controller may request additional information necessary to confirm the identity of the data subject.

  

Cookie Policy

As part of its privacy policy, Immsi SpA intends to provide detailed information regarding, specifically, the cookie policy.

What are cookies?

In general, a cookie is a small amount of data (text file), which may contain a single anonymous ID code and which is usually sent from a web server of the website visited on the user’s terminal (computer, notebook, tablet, smartphone), to the web browsing software (browser) of the website visitor, to be subsequently re-sent to the visited website upon the subsequent visit. The cookie is then read again and identified only by the website which has sent it whenever the user visit that website. When surfing the web, users may also receive on their terminal cookies which are then sent from other websites or web servers (the so-called “third parties”), which may contain some elements (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the website the user is visiting.

Cookies may be used for various purposes: monitoring sessions, storing information on specific settings regarding the users who access the server, carrying out authentication processes, etc.

It is possible to define and classify them in various ways. A possible distinction is between the two macro-categories of “technical” and “profiling” cookies.

1. Technical cookies.

Technical cookies are those cookies used for the sole purpose of “carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide said service” and their use does not require the User’s consent as detailed in Section 122, par. 1, of the Privacy Code.

They are not used for additional purposes and are normally installed directly by the website owner or manager. They may be classified as follows:

a) browsing or session cookies: they ensure the normal website surfing experience and website use (enabling, for example, purchase or the authentication to access restricted areas of the website);

b) analytics cookies, similar to technical cookies when used directly by the website manager to collect information in aggregate form on the number of users and on their ways of surfing the website;

c) functionality cookies, which enable users to surf the website based on a set of selected criteria (for example the language and the products selected for purchase) in order to improve the service provided.

2. Profiling cookies

Profiling cookies are aimed at creating user profiles and are used to send advertising messages in line with the preferences shown by the user during their navigation on the web. Italian and European rules and regulations provide that web users must be adequately informed on the use of such cookies and express their valid consent.

3. Third-party cookies

These enable the website to remember the user data throughout the visit time, or for the following visits, and thus they enable the user to surf the pages efficiently, interact with social networks, and use third party services.

Cookies may be set on the websites which have contents in our website (third-party cookies).

Any browser may be set to accept all cookies, to reject them all or to receive a notice at the time of receipt.

It is also possible to delete the cookies which have been stored on one’s computer. In the following websites it is possible to find information on the cookie settings of the most widespread browsers:

 

The user may also use the following tools to customise the cookies in his/her browser. De-activating some cookies may limit the website functions.

Save for the clarifications provided below, we hereby specify that if it were decided to block cookies completely, some services provided by Immsi SpA which mandatorily require cookies may be unavailable; most of the services provided through Immsi SpA’s website do not require the acceptance of cookies.

How Immsi SpA uses cookies.

Immsi SpA uses exclusively technical cookies (including also analytics cookies).

Immsi SpA therefore uses cookies exclusively for purposes technically essential to the provision of services through its website.

As a matter of fact, Immsi SpA normally uses cookies in order to:

  • track records of navigation sessions on its website in anonymous form
  • avoid that opinion surveys or pop-up windows, if any, are brought to the attention of the user more than once
  • calculate user reactions to special offers, if any, in anonymous form

However, cookies are not used for profiling purposes.

Cookie of third parties

Immsi SpA authorises prospective customer service providers to send their cookies to the website visitor’s computer. The ways to use its cookies by partner companies and/or subsidiaries of the Immsi SpA’s Group are governed by the relevant privacy procedures, and not in accordance with Immsi SpA’s specific operations.

Amendments to this cookie policy

At Immsi SpA’s discretion, the contents of this document may be amended in future, for example in those cases in which should Immsi SpA decide to add or remove options or characteristics of its own services and products, or should Immsi SpA decide to rely on new content providers.

Below is a list of the cookies used in this website, divided by category:

First party cookies
Nome tecnico Categoria Scopo Durata
cookie-agreed,
privacycookie  
Technical functionality cookie It tracks record of the fact that a user has accepted or rejected the use of the various types of website’s cookies 3 months to 1 year
has_js Technical session cookie It helps the website to verify the browser’s javascript functionalities session
SESS<xyx> Technical session cookie Due to the CMS, for anonymous users, it helps to manage each session 1 month
SESSxxxID Technical session cookie Only for authenticated users (it prevents multiple logins for the same user on a browser session) 1 week
session_api_session Technical session cookie It generates a casual number when one starts to use the website (it is essential to enable the website to work properly) 1 month
Third party cookies
Provider  Nome tecnico  Categoria  Scopo  Durata 
Google Analytics  __utma Technical analytical  and session cookie  These cookies collect data on the user’s behaviour. This information is used to fill in reports for statistical analyses and to improve the website. All the data are collected in anonymous form. Session or from 6 months to 2 years 
__utmb More info at Google Cookie Usage 
__utmc  
__utmt  
__utmz   
Brightcove.com BC_BANDWIDTH Technical functionality cookie Brightcove is a video streaming service that hosts this site’s videos. It uses the Bandwidth cookie to measure the connection speed and supply the proper video format. This cookie is not used for tracking purposes Session
sIFR fonts sifrFetch Technical functionality cookie sIFR fonts is a feature that replace text fonts with other ones based on the Adobe Flash technologie, to increase the look and feel of the website. This cookie is used to determine if the browser supports Flash and its fonts Session

 

Resources

For further info:

http://www.allaboutcookies.org/

http://www.youronlinechoices.eu/

http://cookiepedia.co.uk/