WEB SITE DATA PROTECTION INFORMATION
in line with EU Regulation 2016/679
(European Regulation on Personal Data Protection)
1) Introduction
Studio Ega srl is committed to complying with data protection of users. Its data protection policy (“Privacy Policy”) describes Studio Ega srl’s web site activities and its commitments in this domain. Studio Ega srl shall process the personal data of users when they visit its web site and use its services. The web site sections where users’ personal data are collected shall feature specific information in line with Art. 13 /15 of EU Reg. 2016/679.
The provisions of EU Reg. 2016/679 require the data subjects consent before processing their personal data. If users provide personal data of third parties, these data shall be communicated to Studio Ega srl to be processed according to the specifications illustrated in the data protection information and in line with EU Reg. 2016/679 and the applicable legislation.
2) Data Controller and DPO
The subject in charge with data processing shall be Studio Ega srl (hereinafter referred to as “Data Controller”) and shall be contacted through a written communication to be sent to: Studio Ega srl, Viale Tiziano, 19 – 00196 Rome.
The data protection Manager shall be appointed by the Data Controller and shall be contacted via e-mail as indicated in the Contact section on its web site.
The updated list of the subjects in charge appointed by the Controller in line with Art. 28 of the above-mentioned EU Regulation and of individuals authorized to process these data shall be consulted at the Studio Ega srl headquarters.
3) Types of data processed
Visiting and consulting Studio Ega srl’s web site does not generally entail any user data collection and processing except for navigation data and cookies as specified below. In addition to the so-called “navigation data” (further on), the personal data voluntarily provided by users shall be processed when they interact with its web site functionalities or when they request to access its web site services. Under the Privacy Code, Studio Ega srl shall also be entitled to collect users’ personal data with third parties in order to conduct its activities.
4) Cookies and Navigation Data
Studio Ega srl’s web site shall use “cookies”. By using its web site, users shall accept cookies as provided for under its Privacy Policy. Cookies are small files stored on the users’ hard disk. There are two macro-categories of cookies: technical and profiling cookies. Technical cookies are needed for the correct functioning of a web site and for navigation purposes; without them, users may not be able to correctly visualize web site pages or use some services.
Profiling cookies are designed to create users’ profiles so as to send them advertising messages in line with the preferences they showed while navigating.
Moreover, cookies can be classified as:
“session” cookies that are immediately cancelled once the browser is closed;
“persistent” cookies that remain inside the browser for a certain period of time; for example, they are used to recognize the device that connects to a web site, thus facilitating the user authentication process;
“own” cookies generated and directly managed by the manager of the web site that users are browsing;
“third-party” cookies generated and managed by subjects other than the manager of the web site that users are browsing.
5) Cookies
Studio Ega srl’s web site shall use different types of cookies: own, session and persistent cookies required to allow users to navigate through its web site for internal and system administration purposes;
Third-party session and persistent cookies that are needed to allow users to use the multimedia contents on its web site, such as for example videos and images;
Third-party and persistent cookies used by its web site to send statistical information to Google Analytics, through which [name of the company] can conduct analyses of web site access/visit statistical data. These cookies are only designed to be used for statistical purposes and to collect aggregated information. Through a couple of cookies, one persistent and one session cookie (expired when the browser is closed), Google Analytics also records the time when the web site visit starts and ends. It is possible to prevent Google from tracking data through cookies and from processing them by downloading and installing the browser plug-in from the following address:
http://tools.google.com/dlpage/gaoptout?hl=it
Third-party and persistent cookies used by the web site to include some social-network plug-ins (Facebook, Twitter and Google+). By selecting one of them, users shall be able to publish the contents of the web site they are visiting on their social network personal page.
Studio Ega srl’s site may feature links to other sites (so called third-party sites). Studio Ega srl shall not access or control these cookies, web beacons and other user-tracking technologies that may be utilized by third-party sites accessed by users from tits web site; Studio Ega srl shall not control the contents and the materials published by or obtained through third-party sites or the modalities of tracking users’ personal data. In this case, it shall not be subject to any liabilities. Users shall check the privacy policy of third-party sites accessed through Studio Ega srl’s web site and shall get information about the applicable conditions for their personal data use. This Privacy Policy of Studio Ega srl shall apply to its web site as defined above.
6) Disabling cookies in the browser
Each browser has specific configuration instructions. Any further information on the procedures to disable cookies shall be found on the web site of the browser provider.
Google Analytics cookies
In order to disable Google Analytics cookies alone, data subjects shall use an additional component, an opt-out procedure, made available by Google on the following link: https://tools.google.com/dlpage/gaoptout?hl=it.
Third-Parties’ Targeting and Advertising cookies
To obtain further information and/or to disable Targeting and Advertising cookies, users shall instead visit the following web site: http://www.youronlinechoices.com/it. Notwithstanding what stated above, disabling cookies shall not prevent data subjects from using parts of Studio Ega srl’s web sites, but some services may not be available.
.
7) Keeping personal data
The data collected through cookies shall be kept according to their nature: session cookies shall expire when users log out, persistent cookies shall have specific expiry dates that, with some exceptions, shall not exceed 20 days. These data shall be exclusively processed for the above-mentioned purposes and may be communicated to Studio Ega srl’s subsidiary, parent, associated or related companies.
In line with minimum security standards, users’ personal data shall also be communicated to law enforcement agents and to other public and private subjects in line with tax, administrative, financial and similar obligations under the law. These data shall not be disseminated in any case.
In line with proportionality principles and requirements, users’ personal data shall not be kept for longer periods of time with respect to the ones needed to meet the objectives illustrated above (that is the services) or to the specific legal provisions.
8) Data Processing Purposes and Methods
Studio Ega srl shall be entitled to process users’ ordinary and sensitive data for the following purposes: access to its web site services and functionalities, requests and reporting, circulation of newsletters, management of candidatures sent through its web site, etc.
Moreover, when users provide their additional ad hoc consent, Studio Ega srl shall process their personal data for marketing purposes, that is to send them promotional materials and/or commercial communications on its services to the addresses indicated, also through traditional contact modes and/or means (such as letters ,operators’ calls, etc.) and through automated procedures (such as internet communications, fax, e-mails, text messages, applications for mobile devices like smartphones and tablets, the so-called APPS, social network accounts, like Facebook or Twitter, automatic operator calls etc.).
Personal data shall be processed by Studio Ega srl in paper and electronic form and entered into its information system fully in line with EU Regulation 2016/679, including security and confidentiality profiles under correct and legal processing standards. Under EU Regulation 2016/679, data shall be stored and kept only for the time strictly required for their utilization.
9) Personal Data Security and Quality
Studio Ega srl shall protect users’ personal data security and comply with the security provisions under the law so as to avoid their loss, their non-eligible or illegal utilization and unauthorized access. Furthermore, the information systems and programs used by Studio Ega srl shall be configured so as to reduce the utilization of personal and id data to the minimum; these data shall be processed only for the specified purposes. Studio Ega srl shall use many advanced security technologies and procedures to protect users’ personal data; for example, personal data shall be kept on secure servers located in protected and controlled premises. Users may help Studio Ega srl update and correctly maintain their personal data by communicating any change to their address, their qualifications, contact information, etc.
10) Data Communication and Access
Users’ personal data shall be communicated to:
All the subjects entitled to access them under the law;
Studio Ega srl’s collaborators and employees in their respective tasks;
All natural and/or legal persons, public and/or private subjects when their communication is required or necessary to carry out their activities and with the modalities and purposes illustrated above;
11) Conferring personal data
Some personal data shall be conferred by users in order to allow Studio Ega srl to manage communications, their queries or to contact them again to respond to their requests. These data shall feature the symbol [*] and, in this case, users shall confer them so as to enable the company to meet their requests, that otherwise may not be met. On the contrary, the data without the asterisk shall be conferred only on a voluntary basis, i.e. if they are not conferred, users shall not be liable. Users shall not be obliged to confer their personal data for marketing purposes, as specified in the section “Data Processing Modalities and Purposes” and if they refuse they shall not be liable. Their consent to the use of their personal data for marketing purposes shall be extended to communications through the above-mentioned automated and traditional modes and/or means.
12) Data Subjects’ rights
12.1 Art. 15 (access right), 16 (rectification right) of EU Reg. 2016/679
The data subjects shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom their personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(d) where possible, the envisaged period for which their personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of their personal data or restriction of processing of their personal data or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where personal data are not collected from the data subjects, any available information as to their source;
(h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subjects.
12.2 Right under Art. 17 of EU Regulation 2016/679 – right to erasure («right to be forgotten»)
The data subjects shall have the right to obtain from the Controller the erasure of their personal without undue delay and the Controller shall have the obligation to erase their personal data without undue delay where one of the following grounds applies:
(a) their personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subjects withdraw their consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and where there is no other legal ground for the processing;
(c) the data subjects object to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subjects object to the processing pursuant to Article 21(2);
(d) their personal data have been unlawfully processed;
(e) their personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) their personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of EU Reg. 2016/679.
12.3 Right to restriction of processing under Art. 18
The data subjects shall have the right to obtain from the Controller restriction of processing where one of the following applies:
(a) the accuracy of their personal data is contested by the data subjects, for a period enabling the Controller to verify the accuracy of their personal data;
(b) the processing is unlawful and the data subjects oppose the erasure of their personal data and request the restriction of their use instead;
(c) the Controller no longer needs their personal data for the purposes of the processing, but they are required by the data subjects for the establishment, exercise or defense of legal claims;
(d) the data subjects have objected to processing pursuant to Article 21 (1) pending the verification whether the legitimate grounds of the Controller override those of the data subjects.
12.4 Right to data portability under Art. 20
The data subjects shall have the right to receive their personal data, which they have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which their personal data have been provided.
13) Withdrawal Right
Data subjects shall withdraw their consent to the processing of their personal data by using the forms on Studio Ega srl’s web site that can also be requested in writing. At the end of this transaction, their personal data shall be removed from its archives as soon as possible.
If they need more information about the processing of their personal data, that is how to exercise their rights as provided for under point 7, they shall use the forms present on Studio Ega srl’s web site that can also be requested in writing to this company. Before providing or changing any information, their identity shall be verified and they may be required to answer some questions. A response shall be promptly provided.