INFORMATION ON THE PROCESSING OF PERSONAL DATA
EU REGULATION 2016/679 ("GDPR")
Why this notice
This page sets out how the website of DIRECTA S.I.M.p.A., the data controller ("Directa" or "Controller"), with registered offices in Via Bruno Buozzi, 5 - 10121 Turin, is managed in relation to the processing of the personal data of the users who consult it ("User" or "Data subject"). This information ("Information") is also provided for the purposes of EU Regulation 2016/679 ("GDPR") to those who interact with the web services of Directa, accessible electronically from the address:
https://www.directa.it, https://www.directa.com corresponding to the home page of Directa's websites.
The information is provided only for the websites of Directa and not for other websites that may be consulted by the user through links.
Type of data and legal basis for processing
Following consultation of this site, data regarding identified or identifiable persons may be processed. Such personal data are generally of a common nature, since they essentially consist of identity elements and will be processed in accordance with the conditions of lawfulness set forth in art. 6 letter a) of the GDPR. The processing of personal data has as its legal basis the need to fall in with the express requests of users made through the site.
Specific summary information will be progressively reported or displayed on the pages of the site given over to each of the services concerned.
If the User is under 16 years of age, the processing of his data will require the consent of the holder of parental responsibility.
Category of subjects to whom the data may be disclosed
Personal data will not be disclosed and may be communicated to companies contractually linked to Directa within and outside the European Union, in order to comply with the purposes for which they were collected. Specifically, the data may be communicated to companies connected to the controller, professionals, studios or companies in the context of assistance and consultancy arrangements.
Subjects belonging to the above categories will act as data processors, or they will be able to operate in total autonomy as independent data controllers.
The list of such subjects is available at the registered office of the controller or by writing to the following e-mail addresses: firstname.lastname@example.org, email@example.com.
Data transfer to a third country and/or an international organisation and guarantees
Personal data will not be transferred on the initiative of Directa abroad (inside or outside the European Union). However, some third parties, service providers, may have their own servers physically located abroad (as in the case, for example, of server providers). In such cases, the transfer of data abroad will take place exclusively within the scope of and in compliance with current legislation.
Methods of data processing and storage
The processing will be carried out automatically and manually, with methods and tools designed to ensure maximum security and confidentiality, by persons specifically appointed in accordance with the provisions of Arts. 28 and 29 of the GDPR. For the purposes of the provisions of art. 5 par. 1 letter e) of the GDPR.
The measures adopted by the controller do not exempt the user from paying due attention to the use, where required, of passwords/PINs of adequate complexity, which he must update periodically and keep carefully and make inaccessible to others, in order to avoid improper and unauthorised use.
Personal data shall be kept in a form which permits identification of the data subject for a period of time not exceeding the fulfilment of the purposes for which the data were collected and subsequently processed and, in any event, no longer than 24 months from consent being given or from the last contact between the parties.
Nature of the provision
Excluding browsing data, the User is free to provide personal data by completing the appropriate spaces in the dedicated sections of the controller's website. However, failure to provide such data may make it impossible to obtain what he has requested.
Place of data processing
The processing of data collected through the site or by e-mail, takes place at the aforementioned location and is carried out by authorised persons. The personal data provided by users are employed only to respond to requests from the latter and are communicated to third parties only where this is necessary for that purpose.
Generally speaking, during normal Internet browsing, some personal data such as IP addresses or computer domain names and other parameters relating to the user's operating system and computer system may be collected implicitly. These data are not used by Directa except in an anonymous way and only so as to obtain statistics of visits to its site.
No personal data of users are acquired by the site. Cookies are not used for the transmission of personal information, nor are persistent cookies of any kind, or systems for tracking users.
The use of session cookies (which are not permanently stored on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to protect exploration of the site and to allow a better use.
The session cookies used on the Directa website avoid the use of other IT techniques that could potentially compromise the confidentiality of user browsing and do not allow the acquisition of the user's personal identification data.
Rights of data subjectsYou may exercise your rights as established by the GDPR by directly contacting DIRECTA S.I.M.p.A. with registered offices in Via Bruno Buozzi, 5 (Turin), by writing to the following e-mail address: firstname.lastname@example.org or to the Data Protection Officer (DPO) by writing to the following e-mail address: email@example.com; at any time you have the right to:
- obtain from Directa access to personal data and request information regarding the purposes, categories of personal data processed, the recipients to whom the personal data will be communicated (including any recipients in third countries), the period of storage of the personal data or, where this is not possible, the criteria for its definition, the existence of an automated decision-making process, including profiling;
- rectify, delete or limit the processing of personal data. If the data subject has given his consent to the processing of personal data concerning him for one or more specific purposes, he may revoke consent at any time;
- be informed of the existence of appropriate safeguards with regard to the transfer of his data to a third country or an international organisation;
- request the portability of personal data; in this case, Directa will provide the personal data of the data subject, in a commonly used structured format that is readable by automatic device, transmitting them to another data controller, if requested;
- oppose, for reasons related to his particular situation, the processing of personal data even if such processing is based on the specific needs of the controller. The data controller therefore refrains from further processing, unless he can prove:
1. the existence of legitimate binding reasons that prevail over those of the data subject, or,
2. the existence of an assessment, exercise or defence of a right in court;
- not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or which has a similar significant effect on his person;
- lodge a complaint with a supervisory authority if the data subject considers that the processing of his personal data is in breach of the provisions of the GDPR, without prejudice to any other administrative or judicial recourse.
Via Bruno Buozzi, 5
+39 011 0884141