Privacy & Cookies Policy

Privacy Policy

Extended disclosure pursuant to EU Regulation No. 679/2016 (“GDPR”) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018

Data controller.

The data controller is Studio Legale Piccaglia unipersonale P.IVA 02516601206 COD. FISC 02516601206

The Company is the Data Controller of the personal data collected on this website (hereinafter the “Site“). WHICH PERSONAL DATA ABOUT YOU MAY BE COLLECTED The Company may collect the following categories of personal data (hereinafter, collectively, the “Data“):

• Contact data – information related to first name, last name, social security number, address, phone number, cell phone number, email address, etc.
• Other personal data – information that you provide us about your place and date of birth, education or professional situation, etc.
• Social Log-In Data – information related to your Social account as well as other data you provide to the Social Network used to log-in to the Site, which may be disclosed according to the privacy preferences you have set on that Social Network.
• Site Usage Data – information about how you use the site, open or forward our communications, including information collected through cookies (you can find our Cookie Policy below).

HOW WE COLLECT YOUR DATA The Company collects and processes your Data, depending on the service you have requested, under the following circumstances better described in the section on purposes:

• for the purchase of our products
• If you register on the Site / download our possible APP
• if you register for our events
• If you write to our sales or administrative department
• if you subscribe to our newsletter
• whether it responds to our marketing campaigns
• Whether other companies or business partners legitimately transfer your Data to us

If you provide Data on behalf of someone else, you must make sure, in advance, that those individuals have read this Privacy Policy. Please help us keep your Data up to date by informing us of any changes. FOR WHAT PURPOSES YOUR DATA MAY BE USED

1. (a) Establishment and execution of contractual relations and consequent obligations.

The Company may process Your Contact Data, Payment Data and Other Personal Data for the purposes of the possible establishment and execution of contractual relationships, the provision of requested services and the response to reports and complaints. The Company may also use your Contact Data, and in particular your email, to provide you with information related to the requested service. Prerequisite for processing: performance of a contract to which the data subject is a party and fulfillment of legal obligations related to that contract. The provision is mandatory in order to process your order; otherwise we will not be able to process it.

1. (b) Operational management and purposes closely related to this in accessing the Site, particularly the restricted areas of the Site.

The Company may process Your Contact Data, Other Personal Data and Social Log-In Data to enable You to complete the Site registration process and allow You to be able to access Your Personal Area in order to: (i) download documents related to the services you have purchased; (ii) process other requests made through the Site. Registration with the Site may also take place, if You voluntarily decide to avail of it, through the Social Log-In mechanism. In this way You will not have to enter the data necessary for registration (such as Contact Data), which will instead be communicated by the Social Network through which the Log-In is performed. Please note that in this case the Company may process Data related to the Social Log-In, i.e. not only those related to your Social account but also any other personal data that may be made visible according to the preferences you set or according to the privacy policy of the same Social Network. Therefore, we encourage you to review the privacy policy of your Social Network, including for further information regarding such preferences. Prerequisite for processing: fulfillment of contractual obligations to allow you to register on the Site. The provision of Contact Data is mandatory, failing which we will not be able to allow you to register on the Site.

1. (c) Analysis and improvement of services – customer satisfaction

Your Contact Data may be processed by the Company to analyze, review and improve its services with a view to customer satisfaction. Prerequisite for processing: legitimate interest of the Company in reviewing and improving the quality of its services.

1. (d) Sending periodic newsletters

Your Contact Data may be used by the Company in order to send you periodic newsletters, upon your explicit request through subscription to the service, containing news and insights on various topics of interest. Prerequisite for processing: performance of a contract to which the data subject is a party. The provision of data is mandatory, failing which you will not be able to subscribe and receive the newsletter.

1. (e) Marketing to meet your needs and Profiled Marketing to provide you with promotional offers also in line with your preferences

Subject to Your appropriate and specific consent, the Company may process Your Contact Data and for marketing and advertising communication purposes aimed at informing You about sales promotional initiatives, carried out through automated contact methods (electronic mail, text messaging, MMS, chat, instant messaging, social networks and other mass messaging tools, push notifications, etc.) and traditional contact methods (e.g., operator telephone call, traditional mail, etc.), or for market research. Again subject to your special and specific consent, the Company may, also, process your Contact Data, Other Personal Data, Interests, Social Log Data and Site Usage Data, through statistical processing thereof, creating your individual profile in order to send you commercial communications in line with your preferences, based on the analysis of your purchasing habits and choices. Such personalized communications could be carried out through automated modes of contact (email, text messaging, MMS, chat, instant messaging, social networks and other mass messaging tools, push notifications, etc.) and traditional modes of contact (e.g., operator phone call, traditional mail, etc.). Prerequisite for processing: consent. The provision of Data is optional and failure to provide it does not affect contractual relations. This consent may be revoked, at any time, with effect for subsequent processing.

1. f) Sending communications for the promotion of products and services similar to that of a previous purchase pursuant to and within the limits allowed by Article 130, paragraph 4, of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018).

Your Contact Data related only to e-mail coordinates may be used for promotional purposes related to products and services similar to those that are the subject of your purchase. Prerequisite for processing: legitimate interest of the Company to maintain an effective contractual relationship with you. The provision of the Data is optional and failure to provide it does not affect contractual relations. This consent may be revoked, at any time, with effect for subsequent processing.

1. (g) Performing marketing activities on behalf of third parties on products and services of Group companies and also third parties.

Subject to your special and specific consent, the Company may process, on behalf of third parties, your Contact Data for marketing activities on products and services of Group companies and also of third parties belonging mainly to the publishing, finance, economy, industry, luxury, services, telecommunications ICT, insurance and nonprofit, carried out through automated contact methods (e-mail, SMS, MMS, chat, instant messaging, social networks and other massive messaging tools, push notifications, etc ) and traditional contact methods (e.g., telephone call with operator, traditional mail, etc.) or for market research and statistical surveys. Prerequisite for processing: consent. Failure to provide the same has no consequences on contractual relations. This consent may be revoked, at any time, with effect for subsequent processing.

1. (h) Defense of rights in the course of judicial, administrative or extrajudicial proceedings, and in the context of disputes arising in connection with the services offered.

Your Contact Data and Payment Data may be processed by the Company to defend its rights or take action or even make claims against you or third parties. Prerequisite for processing: legitimate interest of the Company in the protection of its rights. The provision of the Data for this purpose is obligatory since failure to do so will make it impossible for the Company to defend its rights.

1. (i) Purposes related to obligations under laws, regulations or EU legislation, provisions/requests of authorities empowered to do so by law and/or supervisory and control bodies

Your Contact Data and Payment Data may be processed by the Company to fulfill its obligations. Prerequisite for processing: fulfillment of a legal obligation. The provision of Personal Data for this purpose is mandatory as failure to do so will make it impossible for the Company to fulfill specific legal obligations. HOW WE KEEP YOUR DATA SECURE The Company uses all security measures necessary to improve the protection and maintenance of the security, integrity and accessibility of your Data. All of Your Data is stored on our secure servers (or appropriately stored hard copies) or those of our suppliers or business partners, and is accessible and usable according to our security standards and policies (or equivalent standards for our suppliers or business partners). Where we have provided you (or you have chosen) a password that allows you access to our Site, applications or services provided by us, you will be responsible for the secrecy of that password and for compliance with any other security procedures we give you. HOW LONG WE KEEP YOUR DATA We retain your Data only for as long as necessary to fulfill the purposes for which it was collected or for any other legitimate related purposes. Therefore, if Data is processed for two different purposes, we will retain that Data until the purpose with the longer retention period ceases, however, we will no longer process Data for that purpose whose retention period has expired. Your Data that is no longer needed, or for which there is no longer a legal prerequisite for its retention, will be irreversibly anonymized (and thus may be retained) or securely destroyed. Below are the retention times in relation to the different purposes listed above:

1. Establishment and execution of contractual relationships and consequent obligations: the Data processed to fulfill any contractual obligation may be retained for the duration of the contract and in any case no longer than the next 10 years, in order to verify any pending obligations including accounting documents (e.g. invoices).
2. Operational management and purposes strictly related to this access to the Site, in particular to the restricted areas of the Site: the Data processed for this purpose may be kept for the duration of the contract and in any case no longer than 10 years after the last access to the Site.
3. Service analysis and improvement – customer satisfaction: the Data processed for this purpose may be kept for 12 months.
4. Sending periodic newsletters: the Data processed for this purpose may be retained for the duration of the relationship and no longer than the next 10 years.
5. Marketing to meet your needs and Profiled Marketing to provide you with promotional offers also in line with your preferences: the Data processed for these purposes may be kept for 24 months after collection.
6. Sending communications for the promotion of products and services similar to that of a previous purchase (pursuant to and within the limits allowed by Article 130, paragraph 4 of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018) : Data processed for purposes of promoting similar services or products may be retained for 24 months from the date of the previous purchase.
7. Performing marketing activities on behalf of third parties on products and services of Group companies and also third parties: Data processed for marketing purposes may be kept for 24 months after collection.

1. Defense of rights in the course of judicial, administrative or extrajudicial proceedings, and in the context of disputes that have arisen in connection with the services offered: in such cases, we will retain your Data for the time strictly necessary for the fulfillment of these purposes.
2. Purposes related to obligations under laws, regulations or EU legislation, provisions/requirements of authorities legitimized to do so by law and/or supervisory and control bodies: in such cases, we will keep your Data for the time strictly necessary to fulfill these purposes.

WHO WE MAY SHARE YOUR DATA WITH Your Data may be accessed by duly authorized employees, as well as external suppliers, appointed as necessary as data processors, who provide support for the provision of services. CONTACT INFORMATION The Company’s contact information can be found on the “Contact Information” page of this website The Data Protection Officer (DPO) appointed by the Company can be contacted at the following email address indicated on that page. YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO ADVOCATE COMPLAINTS TO THE CONTROL AUTHORITY Under certain conditions you have the right to ask the Company:

• access to your Data,
• The copy of the Data you have provided to us (so-called portability),
• The rectification of the Data in our possession,
• The deletion of Data for which we no longer have any legal basis for processing,
• Withdrawal of your consent if the processing is based on consent;
• The limitation of the way we process your Data, within the limits provided by the legislation to protect personal data.

Right to object: in addition to the rights listed above, you always have the right to object at any time, for reasons related to your particular situation, to the processing of your Data carried out by the Data Controller in pursuit of its legitimate interest. You can also always object at any time if the Data is processed for marketing and profiled marketing purposes. The request to object should be addressed to the email address in the contact section. The exercise of these rights is free of charge and is not subject to formal constraints, but is subject to certain exceptions aimed at safeguarding the public interest (e.g. prevention or identification of crimes) and the interests of the Company (e.g. maintaining professional secrecy). In the event that you exercise any of the above rights, it will be the Company’s responsibility to verify that you are entitled to exercise them and to acknowledge you, as a rule, within one month. In the event that you believe that the processing of Personal Data relating to you occurs in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Garante per la protezione dei dati personali, using the references available on the website www.garanteprivacy.it or to take appropriate legal action.

Cookie policy and cookie policy.

What are cookies A cookie is a small text file containing a certain amount of information exchanged between a website and your terminal (usually the browser) and is normally used by the website operator to store information necessary to improve navigation within the site or to send advertising messages in line with the preferences expressed by the user when browsing the web. When visiting the same site or any other site again, the user’s device checks for the presence of a recognized cookie so that it can read the information it contains. Different cookies contain different information and are used for different purposes (efficient navigation through the pages of the same site, profiling in order to send targeted promotional messages, analysis on the number of visits to the site). In the course of browsing, the user may also receive on his or her terminal cookies sent by different sites or web servers (so-called third parties), on which some elements (e.g. images, maps, sounds, specific links to pages of other domains) present on the site the user is visiting may reside. More generally, some cookies (referred to as session cookies) are assigned to the user’s device only for the duration of access to the site and expire automatically when the browser is closed. Other cookies (referred to as persistent) remain on the device for an extended period of time. The specific purposes of the different types of cookies installed on this site are described below. You can disable cookies by following the information below. Characteristics and purposes of cookies installed by the site Technical cookies: These are cookies used specifically to enable the proper functioning and enjoyment of our sites. For example, technical cookies are used for user login functionality. They are mainly provided by the site server or, in the case of the integration of external services such as social networks, by third parties. Profiling cookies: These are cookies used for the purpose of sending advertising messages in line with the preferences expressed by the user when browsing the web. They can be delivered by our servers or through our site by third parties. Companies that offer or advertise their products through this site may assign cookies to users’ terminals. The categories of cookies used and the type of personal data processing by these companies are regulated in accordance with the information made by these companies. To accept or deny these cookies provided by our servers make the choice directly from the “PREFERENCES” panel of the initial pop-up www.youronlinechoices.com/it Analytical cookies: These are cookies used for statistical analysis, to improve the site and simplify its use as well as to monitor its proper functioning. This type of cookie collects information anonymously about user activity on the site. This type of cookie is delivered exclusively by third parties, such as Google Ananlytics Options about the site’s use of cookies through browser settings The delivery of all cookies, both first- and third-party, can be disabled by intervening in the settings of the browser in use; it should be noted, however, that this could make the sites unusable if the cookies essential for the delivery of functionality are blocked. Each browser has different settings for disabling cookies; below we offer links to instructions for the most common browsers.

• Microsoft Internet Explorer
• Google Chrome
• Apple Safari
• Mozilla Firefox
• Opera

Third-party sites. Third-party sites that can be accessed through this website are not covered by this policy. The Company disclaims any responsibility for them. The categories of cookies used and the type of personal data processing by these companies are governed in accordance with the notice rendered by these companies. Further Information about personal data processing carried out on the site. For further information on the processing of personal data collected on this site carried out please refer to the Privacy Policy and the Privacy Policy.

Privacy Policy

Dear User, Thank you for visiting our website. The SOCIETY has always paid close attention to the issues of protection of personal data processed by it not only because it is subject to specific legislation, but above all because the safeguarding of data constitutes a fundamental asset. It is therefore for these reasons that we constantly strive to provide our Users with an Internet experience in full respect and protection of their Privacy. Why this notice The following page describes how the site is managed with regard to the processing of personal data of Users who consult it. This is a notice also provided in accordance with the GDPR to those who interact with the web services directly provided by the Company We invite you to read our Privacy Policy, explained below. The Privacy Policy and Standards used the protection of personal data are based on the following principles:

1) PRINCIPLE OF RESPONSIBILITY The processing of personal data is managed over time by appropriate responsibilities identified within the corporate organization.

2) PRINCIPLE OF TRANSPARENCY Personal data are collected and subsequently processed in accordance with the principles expressed in the Privacy Policy adopted by the Company, set out in this Privacy Policy. At the time of any provision of data, the data subject is provided with a notice, which is concise but complete, in accordance with the GDPR.

3) PRINCIPLE OF PERTINENCE OF COLLECTION Personal data shall be processed lawfully and fairly; shall be recorded for specified, explicit and legitimate purposes; shall be relevant and not exceed the purposes of processing; and shall be kept for as long as necessary for the purposes of collection.

4) PRINCIPLE OF PURPOSES OF USE The purposes of personal data processing are made known to the data subjects at the time of collection. Any new data processing, if unrelated to the stated purposes, is activated after new information to the data subject and possible request for consent, when required by the GDPR.

5) PRINCIPLE OF VERIFIABILITY Personal data are accurate and updated over time. They are also organized and stored in such a way that the data subject is given the opportunity to know, if he/she so desires, what data have been collected and recorded, as well as to check their quality and request their possible correction, integration, deletion for violation of the law or opposition to processing and to exercise all other rights provided by the GDPR at the addresses indicated in the Notices on this page.

6) SECURITY PRINCIPLE Personal data are protected by technical, computer, organizational, logistical and procedural security measures against the risks of destruction or loss, even accidental, and unauthorized access or unauthorized processing. These measures are updated periodically according to technical progress, the nature of the data and the specific characteristics of the processing, constantly monitored and verified over time.

Third parties performing support activities of any kind for the provision of services by companies, in relation to which they perform personal data processing operations, are designated by the latter as Data Processors and are contractually bound to comply with measures for the security and confidentiality of processing. The identity of said third parties is made known to users. With the consent of the interested parties, if required by law, and in any case after adequate information specifying the various purposes, personal data may be communicated to third parties, public and private, unrelated to the company, which will process them as autonomous data controllers. Of the processing of personal data performed by said third party data controllers, the Company is in no way responsible. The Company also assumes no responsibility for:

1. the rules and methods of handling personal data of other Web sites, which can be reached from our pages through links and cross-references;
2. The contents of any e-mail services, Web spaces, chat forums provided to users.

Processing related to the web services offered by this site takes place at the offices of the companies and possibly at the offices of external data processors and is handled by data processors in charge of managing the services requested, marketing activities – where requested by the user -, data storage activities and occasional maintenance operations. Scope of data communication The personal data provided may be communicated to third parties in order to comply with legal obligations, in execution of orders from public authorities legitimately entitled to do so or even to assert or defend a right in court. If necessary in relation to particular services or products requested, personal data may be communicated to third parties who perform, as independent data controllers, functions closely related and instrumental to the provision of services or supply of products. Without communication, these services and products could not be provided. Personal data will not be disseminated unless the requested service requires it. Types of data collected, purposes and methods of processing It is good for you to know that, through browsing the site, your professional and personal interests may be detected: such information, however, is collected for the sole and exclusive purpose of providing the requested services and possibly to control the quality of the services offered. Only with the express consent of the user in the forms provided by law, are carried out, with electronic tools, analysis and profiling activities related to purchasing and professional choices in order to improve the offer of services and business information, direct sales, market research on products, services and events from the company in accordance with the interests of users. Personal data will also be processed for the purpose of sending commercial and promotional information, direct sales, market research on products, services and events (hereinafter collectively referred to as “marketing activities”) of the company, and for marketing activities, directly by the company, on behalf of companies of the company Data provided voluntarily by the user The types of personal data collected and processed in the site are those necessary for the provision of the various services provided. The data collected are processed using paper, automated and telematic methods and with logic strictly related to the purposes of processing. Your fax and telephone numbers and your e-mail address may also be used to offer you services. It is therefore clear that if these data are not given, those services that require the use of these tools cannot be provided to you. If you do not express your consent to the use of e-mail and telephone for purposes of advertising information or direct sales or interactive commercial communication, these tools will not be used for this purpose. Specific disclosures will be made on the pages of the site prepared for the possible provision of personal data. Any voluntary sending of electronic mail to the addresses indicated on the site involves the acquisition of the sender’s address as well as any other information contained in the message; these personal data will be used only to perform the service or provision requested. Navigation data It is useful to know that the site’s software procedures acquire, in the course of their normal operation, some personal data (navigation data) whose transmission is implicit in the use of Internet communication protocols. Although this information is not intended to be associated with identified users, by its nature, if associated with other data held by third parties (e.g. your internet service provider), it could allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URL (Uniform Resource Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used only for the purpose of anonymous statistics on the use of the site and to check its correct functioning. The Data Controller and, depending on the service requested, the designated Managers keep, for a limited period of time according to the law, the trace (LOG) of the connections/navigations made in order to respond to any requests from the judicial authorities or other public body entitled to request said trace for the ascertainment of possible responsibility in case of computer crimes. Provision of data Apart from what is specified for navigation data, the user is free to provide or not to provide the personal data requested in the registration forms for services. On these forms, however, some data may be marked as mandatory; it should be understood that these data are necessary for the provision of the requested service. If these data are not provided, the requested service cannot be provided and you will not be able to take advantage of the related opportunities. At the time of any provision of data, the data subject is provided with an information notice containing all the requirements dictated by the GDPR. The data subject is then called upon to express his or her informed, free, specifically expressed and documented consent in the form required by law, where required by law. If the conferrals of personal data occur at later stages, additions may be provided to the information already rendered previously and new processing consents may be requested. Security measures adopted to protect the data collected The company uses “secure” architectures and technologies to protect personal data against undue disclosure, alteration or misuse. The protections activated against personal data are intended, in particular, to minimize the risks of destruction or loss, even accidental, of the data, unauthorized access or processing that is not permitted or does not conform to the purposes of collection. The subjects to whom the personal data refer have the right at any time to exercise their rights as provided by the GDPR. Requests should be addressed to the e-mail address found on the “Contact Us” page or to the specific contact details indicated in the disclosures made to users at the time of any personal data collection.

Use of IP addresses

An IP address is a number automatically assigned to your computer whenever you connect to the Internet through your Internet Provider or from a corporate LAN/WAN network using the same Internet protocols. Like your home address, to which others can send you material, the IP address is used by the Web site to be able to send you its own pages. Digital measurement privacy policy by Nielsen https://priv-policy.imrworldwide.com/priv/browser/it/it/optout.html