In this page we describe the way we process the personal data of the users who visit our website.
The information provided herein applies solely to our website and it does not apply to other sites that a user may access via a link.
THE DATA CONTROLLER
When users visit this site, personal data of identified or identifiable subjects may be acquired, including their images.
The data controller is Pro.mo, which has its registered office in Via San Vittore 36 – 20123 Milan, Italy –
PLACE WHERE THE DATA IS PROCESSED
Data processing for the purposes of the online services supplied by our website is carried out at the aforementioned registered office of Pro.mo, by processors appointed by Pro.mo and, at times, by persons in charge of maintenance operations.
TYPES OF DATA PROCESSED
Navigation data. During normal use, the IT systems and the software used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected with a view to associating it with identified subjects, however, on account of its very nature, and through processing and association with data held by third parties, this information could be used to identify the users.
This group of data includes the IP addresses and the domain names of the computers used by the users who visit the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time a request was made, the method used to submit a request to the server, the size of the file obtained in reply, the numerical code reflecting the status of the reply given by the server (successful, error, etc.…) and other parameters of the operating system and the IT environment of the user.
This data is used for the sole purpose of collecting anonymous statistical information on the use of the site and to verify its proper operation, and it is deleted immediately after processing.
The data could be used to ascertain liabilities in the event of hypothetical IT related crimes being committed against the site; other than in this case, web contact data is not retained for more than seven days.
DATA SUPPLIED FREELY BY THE USER
Except for navigation data as described above, the user is free to enter the data specified in request forms.
Failure to enter the required data may entail the impossibility of obtaining the service requested.
For the sake of completeness, it should be noted that in some cases the Authority (the Data Protection Guarantor or his/her appointees) may request information pursuant to art. 15 of GDPR 2016/679, in order to verity the data processing modalities adopted. In such cases, the site must disclose the information requested, on pain of administrative sanctions.
DATA PROCESSING MODALITIES
Personal data are processed by means of automated tools for the time strictly necessary to fulfil the purposes for which they have been collected.
Specific security measures are put in place to prevent loss, illicit or improper uses of the data, and unauthorised access to the data.
RIGHTS OF THE DATA SUBJECTS
The subjects to whom the personal data refer to are entitled at all times to request confirmation of the existence of their personal data, and to get to know the content and origin of such data, verify their accuracy, request that the data be supplemented, updated, amended, or rectified, and that its use be restricted (arts. 16 – 18 of GDPR 2016/679). Pursuant to the same articles, they have the right to have their data deleted, converted to anonymous forms, and to have any data processed in violation of the law blocked. They can oppose the use of their data for any legitimate reason.
For your convenience the articles in question are reproduced in full below:
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (‘right to be forgotten’)
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed; ;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers that are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing pursuant to Union or Member State laws to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(e) for the establishment, exercise or defence of legal claims.
Right to restriction of processing
1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for the time it takes the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.