In compliance with the obligations arising from national legislation (Legislative Decree no. 196 of 30 June 2003, Personal Data Protection Code) and European law (European Data Protection Regulation no. 679/2016, GDPR) and subsequent amendments, this website respects and protects the privacy of visitors and users, making every possible and proportionate effort not to infringe the rights of users.
Legal basis for data processing
The provision of data and thus consent to the collection and processing of data is optional; the User may withhold consent and may revoke a consent already provided at any time (by sending an e-mail to firstname.lastname@example.org with the subject: Cancellation).
As of 25 May 2018 (the date of entry into force of the GDPR), this website will process some of the data based on the data controller’s legitimate interests.
Data collected and purposes
Like all websites, this site also uses log files to store information collected automatically during user visits. Information collected could be as follows:
- Internet Protocol (IP) address;
- browser type and parameters of the device used to connect to the website;
- name of the internet service provider (ISP);
- date and time of visit;
- the visitor’s source (referral) and exit web pages;
- possibly the number of clicks.
This information is processed in an automated form and collected in aggregate form only for the purpose of verifying the proper functioning of the website and for security reasons (as of 25 May 2018, this information will be processed based on the legitimate interests of the owner).
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with the relevant laws in force, to block attempts to damage the website itself or to cause damage to other users, or in any case harmful or criminal activities. This data is never used for user identification or profiling but only for the purpose of protecting the website and its users (as of 25 May 2018, this information will be processed according to the owner’s legitimate interests).
Sending emails (optional, explicit and voluntary) to any addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the website pages set up for particular services on request.
The data collected by the website during its operation are used exclusively for the purposes mentioned above and kept strictly for the time necessary to carry out the specified activities. In any case, the data collected by the website will never be provided to third parties, for any reason whatsoever, unless it is a legitimate request by a judicial authority and only in the cases provided for by law.
Data used for security purposes (blocking attempts to damage the site) are stored for 7 days.
The data collected from the website are processed at ROCK communications via dell’Unione 1, 20123 Milan (Italy), and at the web hosting data center. The web hosting (Register.it S.p.A. with registered office in Viale della Giovine Italia 17, 50122 Florence), which is the data processor, processing the data on behalf of the data controller, is located in the European Economic Area and acts in accordance with European standards.
Social Network Plugins
This site may also incorporate plugins and/or buttons for social networks to enable easy content sharing on your favourite social networks. These plug-ins are programmed so as not to set any cookies when accessing the page to safeguard users’ privacy. Cookies are only set if so provided by social networks when the user makes actual and voluntary use of the plugin.
The collection and use of information obtained by the plugin are governed by the respective privacy policies of the social networks, to which please refer.
Transfer of data to non-EU countries
This website may share some of the data collected with services outside the European Union. In particular with Google, Facebook and Microsoft (LinkedIn) via social plugins and the Google Analytics service. The transfer is authorised based on specific decisions of the European Union and the Guarantor for personal data protection, in particular decision 1250/2016 (Privacy Shield – here the information page of the Italian Guarantor), so no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
This website processes user data lawfully and fairly, taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. Data processing is carried out through computer and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. In some cases, in addition to the owner, categories of persons involved in the organisation of the website (administrative, sales, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the User may, in the manner and within the limits provided for by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning them (right of access);
- learn about their origin;
- receive clear communication;
- obtain information on the logic, methods and purposes of the data processing;
- request the updating, rectification, integration, deletion, transformation into anonymous form, and blocking of data processed in breach of the law, including data no longer necessary for the purposes for which they were collected;
- in cases of consent-based data processing, receive, at the sole cost of any support, the data you provided to the data controller in a structured, machine-readable form and in a format commonly used by an electronic device;
- the right to lodge a complaint with the supervisory authority (Privacy Guarantor);
- as well as, more generally, to exercise all the rights recognised to them by the applicable legal provisions.
Requests should be addressed to ROCK communications.
Where data are processed on the basis of legitimate interests, the data subject’s rights to data processing are nevertheless guaranteed (except for the right to portability, which is not provided for by the regulations), in particular, the right to object to data processing, which can be exercised by sending a request to the data controller.
The data controller within the meaning of the applicable laws is ROCK communications and can be contacted via e-mail at email@example.com.
Google is appointed as the controller, processing data on behalf of the owner (Google Analytics).