INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTS. 12 ET SEQ.. OF REG. (EU) 2016/679 (“GDPR”)
Introduction and categories of data subjects
IUNGO S.p.A. (or “Iungo”) as Data Controller, informs you that the personal data collected or voluntarily provided by Users through the Website www.iungo.com (“the Website”), will be processed in compliance with European legislation – Regulation (EU) 2016/679 “GDPR” – and national legislation – Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018 – .
In particular, Iungo provides the following information:
1. CATEGORIES OF PERSONAL DATA PROCESSED
The computer systems and software procedures used to operate the Website acquire, in the course of their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but, by its very nature, it could make it possible to identify Users by means of processing and cross-referencing with data held by third parties.
This category of data includes:
- IP addresses or domain names of the computers used by users connecting to the Website,
- the addresses in URI (Uniform Resource Identifier) notation of the requested resources,
- the time of the request,
- the method used in submitting the request to the server,
- the size of the file obtained in response,
- the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and computer environment.
These browsing data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its proper functioning. The data could also be used to ascertain liability in the event of any computer crimes to the detriment of the Website: subject to this possibility, data on web contacts are stored for a limited period of time and are deleted periodically.
Data provided voluntarily by Users
The User may voluntarily provide personal data by filling in the appropriate forms on the Website in order to make requests to Iungo or use the services offered by the Website.
Data of a common, essentially identifying nature (e.g. first name; surname) and contact data (e.g. telephone and/or IT contact details) may therefore be collected.
It is specified that Iungo will not process the so-called “special categories of personal data” as referred to in Article 9 of the GDPR.
2.PURPOSES AND LEGAL BASIS OF THE PROCESSING
The data voluntarily provided by Users through the forms on the Website will be processed for the following purposes:
- A) Responding to User Requests. The data provided by the User will be processed for the purpose of responding to contact requests, to requests for download of training/information material in the appropriate sections of the Website, as well as to any request for information made by Users also via IUNGObot.
Such data will be processed by virtue of your consent, expressly given pursuant to Art. 6, para. 1(a) of the GDPR, by ticking the checkbox below the data collection form.
The provision of data is essential to ensure an adequate response to your requests by Iungo. The data will be kept for the time strictly necessary for the reply.
- B) Use of services offered by the Website. The data provided by the User will be processed in order to ensure the correct fruition of the services requested: registration to the webinars selected by the User; registration or access to the Iungo.com Platform.
The processing is legitimised, pursuant to Art. 6 para. 1(b) of the GDPR, by theperformance of contracts or pre-contractual measures taken at the request of the User.
The provision of the data requested in the forms is essential in order to guarantee the use of the requested service. The data processed for this purpose will be retained for the time strictly necessary to use the service, i.e. for the time required to organise and run the webinar and as long as the User’s credentials are valid for access to the Platform.
- C) Sending of information promotions, newsletters, market surveys. The data (and in particular the contact data) collected may also be processed for the purpose of sending promotional information, newsletters and for conducting market surveys.
Such processing may take place, pursuant to Art. 6 para. 1(a) of the GDPR, only with your express consent by ticking the relevant checkbox below the data collection form.
The provision of data for this purpose is entirely optional. The consent given may be revoked at any time without affecting the lawfulness of the processing based on the consent given before revocation: it is always possible to unsubscribe using the appropriate link at the bottom of any communication received.
- D) Sending information on services similar to those already chosen by Customers or on which Users have already expressed their interest (known as “soft spam”). The data collected may also be processed by Iungo in order to send promotional communications to advertise products and/or services similar to those already used or purchased by the User. Such processing is carried out by Iungo in pursuit of its own legitimate interests, pursuant to Article 6 para. 1(f) of the GDPR. Data subjects may always oppose such interests by exercising their right to opt-out, i.e. the right to easily and freely refuse the sending of such communications, via the link at the bottom of each communication received.
3. PROCESSING METHODS AND STORAGE PERIOD
The processing of personal data is carried out purely by means of computerised and digital tools, with a logic strictly related to the above-mentioned purposes. Taking into account the state of the art and the costs of implementation, as well as the nature, scope, context and purposes of the processing, and the risk to the rights and freedoms of natural persons, Iungo adopts technical and organisational measures deemed appropriate to ensure an adequate level of security.
In any event, processing may be carried out, on the basis of previously formalised assignments, by persons adequately informed and instructed by the Datta Controller on the measures and procedures to be adopted to ensure an adequate level of security. In this context, Iungo takes the necessary measures to ensure that each processor has access only to the personal data necessary for the performance of their respective tasks and operational functions.
Users’ personal data will be stored for the time necessary to fulfil the purposes for which they were acquired or provided. In detail:
4. DISCLOSURE AND DISSEMINATION
The data may be disclosed to:
- consultants (e.g. IT or marketing service providers, etc.), specifically appointed for this purpose after evaluation of their competence, reliability and experience;
- companies that provide the data controller with services functional to the performance of the activity provided or that collaborate in the organisation of events and services, specifically appointed for this purpose after assessment of their competence, reliability and experience
- any public authorities that request them or to which it is necessary to disclose information in compliance with specific legal obligations.
5. TRANSFER OF DATA ABROAD
Data provided by Users are not transferred to countries outside the European Union. Where, after informing the Users, such a transfer should take place, a level of data protection appropriate to the European level will be guaranteed, using the appropriate conditions and guarantees provided for in Articles 44 et seq. of the GDPR.
6. DATA SUBJECT’S RIGHTS
Under the terms of the GDPR, the data subject may exercise the following rights:
- 7 Right of revocation of consent at any time without prejudice to the lawfulness of the processing based on the consent given before revocation;
- Article 15 Right of access by the data subject;
- Article 16 Right of rectification;
- Article 17 Right to erasure;
- Article 18 Right to restriction of processing;
- Article 20 Right to data portability;
- 21 and Art. 22: Right of objection to automated decision-making concerning natural persons. In this regard, we inform you that Iungo does not carry out any automated processing that produces legal effects concerning the Data Subjects or that affect them in a significantly similar way.
The User may exercise the aforementioned rights by contacting the Data Controller at the addresses indicated in paragraph 7 below.
For the purpose of verifying the existence of the conditions and terms for the exercise of the aforementioned rights, please refer to the full text of the aforementioned provisions, available at www.garanteprivacy.it.
If the User considers that the above-mentioned rights have been violated, he/she may, in accordance with current legislation, lodge a complaint with the national supervisory authority.
7. IDENTIFICATION DATA OF THE DATA CONTROLLER
Data identifying the data controller
The data controller is IUNGO S.p.A., with head office in via Tacito 7 – 41121 Modena (MO), TAX CODE/VAT NO. 02731600363, contact details: tel. 059 251643, fax 059 5967756, e-mail firstname.lastname@example.org.