REFERENCE LEGISLATION

Directive 2002/58/EC – concerning the “processing of personal data and the protection of privacy in the electronic communications sector”.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

THE DATA CONTROLLER

After visiting this website, some personal data relating to identified or identifiable persons may be processed. The “Data Controller” responsible for this processing is IMAB Group SpA (VAT No. 00111950416), with registered office at Via L. Falasconi, 92 – 61033 Fermignano PU – Italy.

PLACE OF DATA PROCESSING AND STORAGE PERIODS

Processing of data connected with the online services provided by this website take place at the aforementioned registered office of the Data Controller. This processing is carried out by members of its staff who are expressly authorised to do so, or by third-party contractors who are responsible for periodical maintenance operations, hereinafter referred to as “Data Processors” within the meaning of Article 28 of the GDPR. The collected data shall be stored – regardless of the type of data processed – exclusively for the length of time necessary for completion of the specific purposes indicated in the specific summaries displayed on the pages of the website for the particular services stated.

TYPES OF DATA PROCESSED

Navigation data

During the course of normal operation, the IT systems and software processes that ensure that this website functions correctly collect some personal data which is transmitted as part of standard Internet communication protocols.

This information is not collected in order to associate it with identified interested parties, but by its very nature it could be processed and associated with data held by third parties in order to identify users.

This category of data includes IP addresses or domain names of the computers used by users to connect to the website, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time when requests are made, the method used to submit requests to the server, the size of the file received in response, the numerical code indicated the status of the response provided by the server (good result, error etc.) and other parameters relating to the user’s operating system and IT setup.

This data is used solely for the purposes of collecting anonymised statistics about the use of the website and to ensure that it functions correctly and is deleted immediately after processing. This data could be used to determine liability in case of any computer-related crimes which damage the site.

Data provided by the user voluntarily

Optional, explicit and voluntary sending of personal data by the user in the form of registration as present on this site involves the subsequent acquisition of the data provided by the sender, which is necessary for the provision of the requested service. Specific summaries will be displayed or viewed on the web pages dedicated to the requested services prior to data being sent.

Anonymous or aggregated data

Anonymisation is a process intended to prevent the data subject from being identified. Anonymised data do not fall within the scope of the data protection legislation. We collect, process and share aggregated data as statistical or demographic data for various purposes. Aggregated data may derive from personal data provided by users, but they are not considered to be personal data because, as specified, they do not allow the data subject to be identified, either directly or indirectly. Such data are also used to improve the quality of our existing products/services and develop new features, as well as for further purposes related to general research (for example, to ascertain the frequency of use for a particular product or service, to calculate the percentage of users who access a specific feature on the website etc.). As such data do not allow a natural person to be identified and are not considered personal data, they can be shared with other third parties, parent companies, subsidiaries or partners.

COOKIES

Cookies are small text files containing a certain amount of information exchanged between a website and the user’s terminal (usually a browser). They are mainly used to ensure that websites function and that they operate as efficiently as possible, and they also provide information to the website owners. There are two types of cookies: session cookies and persistent cookies. Session cookies are stored in the browser for a short period of time and are deleted as soon as the user closes the browser. Their use is strictly limited to sending session identifiers (consisting of numbers randomly generated by the server) which are necessary for secure, efficient browsing of the website. Persistent cookies, on the other hand, are stored in the user’s browser until they expire after a specific length of time. These cookies cannot be deleted directly by closing the browser and enable the website to remember choices made by the user and collect information relating to the website pages visited by the user and the frequency of their visits to the website, and to track users’ navigation in order to improve their experience on the website. Both session and persistent cookies can be First-party or Third-party, depending on whether the cookies were installed on the user’s terminal by the operator of the website which the user is visiting (First-party cookies) or another party (Third-party cookies).

Cookies used by this website

This website uses both First-party and Third-party cookies as it uses features from Google Analytics, provided by Google Inc. Google Analytics uses cookies to collect and analyse information based on the use of the websites visited by the user. For more information about Google Analytics cookies and their use by Google Inc., read:

http://www.google.com/intl/it/policies/technologies/cookies/ e https://developers.google.com/analytics/devguides/collection/analyticsjs/cookies-usage

and the Google Analytics Privacy Policy:

http://www.google.com/intl/en/analytics/privacyoverview.html

For a detailed list of cookies currently present on this website, visit the following link.

Cookie Policy

Managing cookies

Normally, browsers allow users to control most cookies through the browser settings. Please note that disabling some or all “technical” cookies could affect your ability to use the website’s features. If a user wishes to not receive any types of cookies on their computer, from this website or from others, they can increase their privacy protection by changing their browser’s security settings:

Mozilla Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

Google Chrome: https://support.google.com/chrome/answer/95647?hl=it

Internet Explorer: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookies

Safari 6/7 Mavericks: https://support.apple.com/kb/PH17191?viewlocale=it_IT&locale=it_IT

Safari 8 Yosemite: https://support.apple.com/kb/PH19214?viewlocale=it_IT&locale=it_IT

Safari su iPhone, iPad, o iPod touch: https://support.apple.com/it-it/HT201265

LINKS TO OTHER WEBSITES

This site may contain links or references to access other websites, such as the social networks Facebook, Instagram, Google+, Twitter and Pinterest. When you click on these links, you may share our content. Please note that the Data Controller does not manage the cookies or other monitoring technology used by these websites and this Policy does not apply to them.

OPTIONAL NATURE OF DATA PROVISION

Aside from the requirements specified for navigation data, the user is free to provide or withhold their personal data. However, failure to provide such data may make it impossible to achieve the expected results.

DATA PROCESSING METHODS

Personal data are processed by methods including the use of automated tools. Specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorised access. The Data Controller has adopted all the minimum security measures required by law and, based on the main international standards, has also adopted further security measures to reduce the risks relating to the confidentiality, availability and integrity of the personal data collected and processed as much as possible.

SHARING, COMMUNICATION AND DISSEMINATION OF DATA

The data collected may be transferred or communicated to other companies for activities closely related and instrumental to the operation of the service, such as IT system management. Personal data provided by users who submit requests to receive printed material (brochures, promotional material etc.) are only used for the purpose of carrying out the service requested and are only communicated to third parties where this is necessary (companies that provide packaging, labelling and dispatch services). Outside of these cases, personal data will not be communicated except where this is required by contract or law, or except where specific consent is requested from the data subject.

To this effect, personal data could be sent to third parties, but exclusively in the following cases:

a) explicit consent is given to share the data with third parties;

b) it is necessary to share the data with third parties in order to provide the requested service;

c) this is required to comply with a request from the Judicial Authorities or Public Security.

No data from the web service will be shared.

RIGHTS OF THE DATA SUBJECT

Personal data protection legislation expressly gives the person to whom the data belongs (also known as the “data subject”) certain rights. In particular, in accordance with Article 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to obtain confirmation as to whether or not personal data concerning them are being processed, to obtain any available information as to their source and the purposes of the processing, and the right of updating, rectification and completion of the data, as well as the right to erasure of the data if this is processed in violation of the law or where one of the grounds specified in Article 17 of Regulation (EU) 2016/679 applies.

Transfer of personal data outside the EU

If transfer, processing or access to personal data by parties located outside the European Union is necessary, the Data Controller will obtain the necessary guarantees to ensure that the Data transfer will be compliant with Chapter V of the GDPR (for example, checking the adequacy decision made by the Personal Data Protection Authority, by checking the third party’s Privacy Shield certification (if applicable) or, alternatively, by drawing up specific standard contract clauses relating to data protection).

CHANGES TO THIS PRIVACY POLICY

From time to time, the Data Controller will check the Privacy Policy and Security Policy and, if necessary, revise to reflect legislative, organisational or technological changes. If any changes are made to this Policy, the new version will be published on this web page.

QUERIES, CLAIMS, SUGGESTIONS AND EXERCISE OF RIGHTS

If you would like further information, to make a suggestion, to make a claim or objection relating to this Privacy Policy or how our Company processes personal data, or to exercise your rights as provided for in the data protection legislation, please contact the Data Controller by writing to IMAB Group SpA (VAT No. 00111950416), with registered office at Via L. Falasconi, 92 – 61033 Fermignano PU – Italy, or by email to privacy@imab.com.

LAW AND JURISDICTION

The interpretation and execution of these Terms and Conditions are subject to Italian law. The Court of Urbino (Italy) is named exclusively as the competent court for any disputes in relation to these Terms and Conditions. The Data Controller reserves the right to obtain urgent remedy at any Court, including outside of Italy, to protect its interests and ensure that its rights are respected.