Information on the processing of personal data pursuant to Articles 13 and 14 of the GDPR EU 679/2016 (“GDPR”)
The GDPR EU 679/2016 aims to ensure that the processing of personal data is carried out with respect for the fundamental rights and freedoms and the dignity of the data subject with particular reference to confidentiality and personal identity and the right to data protection. Pursuant to Articles 13 and 14 of the GDPR, Ittinsect S.R.L (“Data Controller” or “Ittinsect”) provides this information notice to describe the processing of the user’s personal data collected through the site currently available at the URL https://www.ittinsect.com (“Site”), the purposes and methods of processing and the security measures adopted to guarantee their confidentiality in full compliance with the applicable legislation. In general, Ittinsect processes personal data following the browsing of the Site and the sending of email requests. In some sections of the Site, the User may enter the data of the Customer who is the holder of the order, who is instructed by the latter to fill in the form containing the fields for providing personal data in his/her own name and on his/her own behalf. The User’s and Customer’s data will be used by the Controller for the sole and exclusive purpose of fulfilling the request sent on behalf of the Customer and/or User.
Ittinsect S.R.L, with registered office in Via Marsala 29h, 00185 Rome – Italy, is the data controller.
The Data Protection Officer can be contacted at the e-mail firstname.lastname@example.org for information on data processing.
Type of data processed
Ittinsect may collect the following types of data:
2.1 Requests relating to the services offered in the CONTACTS section:
When filling in the online contact forms available in the Contacts section of the website, the User and/or the Customer will be asked to provide some personal data, such as, but not limited to, name, surname, email address, possible reference shop, purchase order references, possible photographs, the subject of the request or suggestion. This data is necessary in order to respond to the specific request of the User and/or Customer, which, depending on the contact form chosen by the latter, may have as its object:
-information on the delivery, maintenance and care of the products purchased and/or, in general, information on the purchase made at the points of sale;
-information on promotions running at the points of sale;
-suggestions for improving the site;
-notices of commercial properties for rent or sale.
The data marked with an asterisk on the contact form are compulsory and failure to provide them or providing them inexactly prevents the Controller from responding to your request. On the other hand, the provision of data in the fields not marked with an asterisk, while it may be useful to facilitate relations with the Controller, is optional and failure to provide such data will not prevent the Controller from responding to the User’s and/or Client’s request.
When filling in the online form available in the WORK WITH US section, the User will be asked to provide some personal data such as, but not limited to, name, surname, email address and mobile phone number. Any further personal data will be acquired subsequently by the Controller in order to carry out assessments of the candidate’s professional profile. The data marked with an asterisk on the contact form are compulsory and failure to provide them or providing them inexactly prevents the Controller from considering your application.
2.3 Purchase data
Should the User and/or the Customer, after registration and/or access to the Reserved Area, make a purchase on the Site, the Controller shall process additional information relating to the User and/or the Customer and the purchase made, which is necessary to process and fulfil the purchase orders.
This information includes, for example: payment and billing data (e.g. credit card number, postcode and address), delivery data, shipping address, customer order number, purchase history on the Site, etc.
2.4 Navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified subjects, but by its very nature could allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error) and other parameters relating to the user’s operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check that it is working properly, and are deleted immediately after processing.
Cookies collect information including data that could potentially enable the identification of a data subject. For data processing by means of cookies, please refer to the relevant policy, available at the following link: https://www.ittinsect.com/cookie-policy/.
Method of data collection
Data are collected directly from the data subjects, when they browse the Site, send emails or communications to Ittinsect, also through the contact section (“Contact Section”) or ask to subscribe to the list to receive advertising communications.
Purpose and legal basis of data processing; storage period.
4.1. To respond to requests received through the communication channels published on the Site (Contact Section).
The legal basis for this processing is the legitimate interest of Ittinsect to communicate with the public and to process and answer requests from potential customers, suppliers and other interested parties. The retention period of such data is equal to the time necessary to process the request. This retention period may be longer if the data subject is subject to other specific processing. The legal basis for this processing is the fulfilment of pre-contractual obligations.
The User and/or Customer who registers and/or accesses the Reserved Area may purchase the products offered for sale via the Site and conclude the relative contract with the Controller, subject to acceptance of the terms and conditions of sale. In this case, the Owner will process the data in order to process and manage the purchase orders, ship the purchased products, provide the necessary after-sales assistance, manage the return procedure for the purchased products, and comply with the provisions of the tax regulations. The Customer may also use the online services referred to in paragraph 4.2 above. The retention time of this data is 10 years. The legal basis for this processing is the fulfilment of contractual obligations.
4.2. To prevent or control unlawful conduct or to protect and enforce rights.
For example, Ittinsect may use the data of data subjects to prevent or prosecute unlawful acts or infringements of intellectual/industrial property rights (including of third parties) or computer crimes or crimes committed via telematic networks. The legal basis for such processing is the legitimate interest of Ittinsect as data controller. The data retention period is equal to the time reasonably necessary to enforce Ittinsect’s rights from the moment Ittinsect becomes aware of the offence or its potential commission.
In relation to the aforementioned purposes, the processing of personal data is carried out by means of manual, computerised and telematic tools with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data in compliance with the law.
Rights of the Data Subject.
The User and the Customer may contact Ittinsect to exercise their rights under Articles 15 et seq. of the GDPR and, in particular, request access to their personal data, know the existence of their personal data, request rectification, erasure or restriction of processing, object to processing and request portabilitỳ of their data; the User and the Customer may also withdraw their consent at any time (this will not affect the lawfulness̀ of the processing based on the consent given before the revocation).
When exercising the right of access, the User and the Client may request information on who processes their data, for what purposes and for how long, with whom the data is shared and whether it is transferred to third countries, and may also request not to be subject to automated processing such as profiling.
The User and the Client have the right to lodge a complaint with the Data Protection Authority and to ask the Data Controller, at any time, for information about the data processors and the persons authorised by the Data Controller to process the data.
The User and the Customer may exercise their rights by contacting Ittinsect (at the addresses indicated above or by sending an e-mail to email@example.com).
Where the data are processed – Transfer of data
The processed data are stored at Ittinsect in Italy.
The data may also be stored in the European Union by suppliers of Ittinsect to whom the data is transmitted on the basis of the signing of contracts in compliance with Art. 28 GDPR with standard contractual clauses in accordance with the European Commission’s decision on protection clauses or by virtue of an adequacy decision of the European Commission on the level of data protection (Privacy Shield). The updated list of third-party providers, acting as data controllers under Article 28 GDPR, is available with a request to firstname.lastname@example.org
Data sharing – data recipients
With subjects who may become aware of the data, in the capacity of “Data Processors” to whom the Data Controller entrusts certain processing activities relating to the purposes illustrated in paragraph 4 above (e.g. transporters, forwarding agents, consultants, companies that deal with the dispatch of communications, carrying out customer satisfaction checks, conducting surveys, etc.). With service providers. Ittinsect uses third party services (cloud, content management system, analytics, hosting, browsing functionality) that operate as data controllers under agreements in accordance with Article 28 GDPR. When these providers operate from a third country, they do so on the basis of standard contractual clauses in accordance with the European Commission’s decision on protection clauses or under a European Commission adequacy decision on the level of data protection (Privacy Shield). These parties only come into possession of personal data necessary for the performance of their functions and may only use such data in order to perform such services on behalf of Ittinsect or to comply with legal requirements. The up-to-date list of third-party providers, acting as data processors within the meaning of Article 28 GDPR, is available by making a request to email@example.com.
With judicial authorities and administrative bodies. Where permitted or required by law, Ittinsect may share data requested by a judicial authority, administrative body or government agency in order to protect or exercise the rights of Ittinsect or third parties, or to comply with legal obligations.
Changes to the policy
This Policy may be amended from time to time to reflect changes in laws, technology, changes in data collection and use, commercial initiatives, or to allow us to add new features. In the event of such changes, Ittinsect will notify the User and the Client: (i) by means of an announcement posted on the main page of the Site and/or (ii) by taking any other action Ittinsect deems appropriate. The User and the Customer are invited to consult the Site periodically for updates. Any changes made shall be effective as of the time of their publication, and browsing the Site after such time shall be deemed as acceptance of such changes.