Privacy notice as per article 13 Reg. EU 2016/679 (GDPR) – Policy on the processing of personal data collected from the data subject
WHY THIS INFORMATION
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. (C26, C27, C30)
Navigation data: The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI / URL (Uniform Resource Identifier/ Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
Data communicated by the interested party: The optional, explicit and voluntary sending of messages to the contact addresses, as well as the compilation and forwarding of the forms on the website of the Data Controller, involves the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in communications.
Specific information: Specific information could be presented on the pages of the website, in relation to particular services or processing of the provided data.
Cookies and other technologies: For more information on cookies and other used technologies, please refer to the Cookies Policy in the footer of this website.
- DATA CONTROLLER
Pursuant to art. 4 and 24 of GDPR, the Data Controller is LB Research Srl, Via Lombardia, 81 – 22063 Cantù (CO), Italy, in the person of the legal representative. Phone: +39 031 734 908, e-mail contact firstname.lastname@example.org
- DATA PROTECTION OFFICER (DPO)
Pursuant to art. 37 – 39 of GDPR, the Data Controller has appointed the Data Protection Officer (DPO), who can be contacted at: email@example.com.
- PURPOSES OF THE PROCESSING
Personal data will be processed for the following purposes:
- website navigation: the data, necessary for the use of web services, are also processed for the purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.) and to check the correct functioning of the offered services;
- possible completion of the data collection form in the “contact us” area;
- possible completion of the data collection form in the “careers” area.
- LEGAL BASES OF THE PROCESSING
The data processing will take place in compliance with the conditions of lawfulness pursuant to art. 6 of the GDPR:
- on the performance of a contract or the implementation of pre-contractual measures taken at the data subject’s request;
- on the basis of the processing necessary for the purposes of the legitimate interests pursued by the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject who require the protection of personal data do not prevail and also taking into account reasonable expectations nourished by the data subject at the time and in the context of the collection of personal data, when the data subject can reasonably expect that processing for this purpose will take place (Recital 47).
For information, you can write to firstname.lastname@example.org.
- RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS
The provided personal data will be disclosed to recipients that will process the data as Processors (art. 28 of GDPR) and/or as natural persons acting under the authority of the Data Controller and the Data Processor (art. 29 of GDPR), for the above-indicated purposes and to third parties. More precisely, the data will be disclosed to:
- parties that provide services identified and authorized, located in Italy;
- subjects that provide services for the IT and communication network management (e-mail included), located in Italy;
- firms or companies with support and consultancy relationships, located in Italy;
- competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request;
- in case of administrative accounting purposes, the data may be transmitted to commercial information companies for the assessment of solvency and payment habits and/or to subjects for credit recovery purposes, located in Italy.
The parties belonging to the aforesaid categories perform the function of Data Processor or operate in complete autonomy as separate Data Controllers. See specific information in dedicated areas with data collection forms.
The list of Data Processors is constantly updated and available by writing to the e-mail address email@example.com
- DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION AND GUARANTEES
The personal data will not be transferred to countries belonging to the European Union and to countries outside the EU. The website is based in Italy. Please refer to specific privacy notices in dedicated areas with data collection forms.
- DATA RETENTION PERIOD OR CRITERIA FOR CALCULATING THE PERIOD
The process will be carried out by authorized subjects, with methods and tools aimed to guarantee maximum security and confidentiality. In compliance with the provisions of art. 5 paragraph 1 letter e) of GDPR, the collected personal data will be stored in a form that allows to identify the data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. Specifically, the personal data will be processed for a time period equal to the minimum necessary, as indicated in Recital 39 of GDPR, that is until the termination of existing contractual and pre-contractual relationships, without prejudice to a further retention period that may be imposed by law as also required by Recital 65 of GDPR. Please refer to specific privacy notices in dedicated areas with data collection forms. The timing is determined on the basis of the criteria that the interested party can have information about by writing to firstname.lastname@example.org
- RIGHTS OF THE DATA SUBJECTS
The data subject may assert the rights as expressed in art. 15 et seq. of GDPR, by contacting the Data Controller or the DPO at the e-mail address email@example.com. You have the right, at any time, to request access to personal data (art. 15), rectification (art. 16), erasure (art. 17), restriction of processing (art. 18). The Data Controller communicates (art. 19) any rectification, erasure or limitation carried out for the processing to each of the recipients to whom the personal data have been transmitted. Upon request, the Data Controller informs the data subject about these recipients. Moreover, when applicable, for data collection forms in dedicated areas, you have the right to data portability (art. 20) and in this case they will be provided to you in a structured format, commonly used and readable, by an automatic device. When applicable, you have the right to object (art. 21), at any time, to the processing of data based on legitimate interest, as well as in the cases provided for data collection forms in dedicated areas, to revoke any consent given without prejudice to the lawfulness of the processing based on consent before revocation, by writing an e-mail firstname.lastname@example.org. There is no automated decision making. According to art. 77 of GDPR, in case the data subject believes that the processing of personal data carried out by the Data Controller is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State where you usually reside or work or in the place where the alleged violation of the regulation has occurred. You can lodge a complaint with the Garante Privacy (https://www.garanteprivacy.it/), or take the appropriate judicial offices (the latter also for the legal entity contracting party and not just for natural persons).
- PROVISION OF DATA
The disclosure of personal data is not a legal obligation. Failure to provide personal data will make impossible to use the Data Controller services.
The Data Controller reserves the right to modify, update, add or remove parts of this privacy notice. In order to facilitate this verification, the notice will contain an indication of the update date of the information.
Updated on: 20 December 2022