PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA OF USERS OF THE WEB SITE WWW.HARPALIS.IT
The following information (“the Notice“) is provided, pursuant to article. Article 13 of the Reg. EU 2016/679 (“GDPR“), in order to illustrate the purposes and methods of processing personal data referring to users who access the website www.harpalis.it (“the Site“), carried out by Harpalis S.p.A.
This Notice exclusively concerns the processing of personal data referring to users of the Site (“the Data Subjects“), and does not pertain to the processing of personal data carried out during the visit of pages and websites accessible through links that may be present on the Site.
In addition to this Notice, the Data Controller may provide more specific information regarding certain processing activities carried out through certain forms contained in the Site.
DATA CONTROLLER:
The Data Controller of your personal data, described in this Notice, is Harpalis S.p.A. (Tax Code and P.I number 07095490483), located at Lungarno Amerigo Vespucci, N. 58 – 50123 Florence (FI) (“the Data Controller“); the contact details to reach the Data Controller (“Contact Details“) are as follows: email info@harpalis.it, certified email harpalis@pec.it.
TYPES OF DATA PROCESSED:
When the user visits the Website, they may be subject to processing:
- data related to website navigation, detected and collected by the Owner through the use of software applications necessary to ensure the normal functioning of the Website
The processing of such information (such as the address Internet Protocol, The domain names of the computers and devices used by the users, the browser used, the Uniform Resource Identifier, the Uniform Resource Locator And other data that, by providing information on the device and connection used to visit the Site, may indirectly allow the identification of the Data Subject), is essential to enable the correct functioning of the Site and is therefore necessary to allow users to enjoy the services offered.
The failure to provide such information by the Data Subject prevents browsing the Site and enjoying the services offered through it.
The technical parameters of the Site have been configured in such a way as to minimize the collection and use of users’ identifying data.
- The personal data voluntarily provided by the Data Subjects through the insertion of personal information in the forms present on the Site, sending emails or communications to the addresses of the Data Controller and/or its partners and collaborators present on the Site, and the use of the features offered by the Site.
PURPOSE OF PROCESSING:
Such personal data is processed for the purpose of:
- To provide the services offered to the Data Subject through the Website, namely to respond to requests sent through the form located in the “Request Info” section
Such processing operations concern information such as the name, surname, email address, and company of the requester, as well as any additional information communicated in the text of the message addressed to the Controller
The provision of such data is optional, but necessary for the Controller to provide a response to the requests submitted and to offer the requested service:
- To send newsletters and informative communications about the services offered by the Controller, limited to the contact details of the Data Subject.
The Company may use the personal data you entered in the online form fields (such as your name, surname, email address, and company) for direct marketing purposes, i.e. to send promotional and commercial communications related to the Company’s products and/or services and/or events, for direct sales activities, for market research, and surveys to detect satisfaction with the Company’s initiatives Such activities may be carried out by means of email, telephone calls through an operator, SMS, and traditional mail
Such operations are carried out only with the consent of the Data Subject, expressed by entering their name, surname, and email address in the appropriate form and by ticking the appropriate box The Data Subject may revoke the consent given at any time by using the appropriate functionality at the bottom of each email received or by contacting the contact details indicated in this Company’s Information Notice (email info@harpalis.it.) Consent to the above-described processing is optional; if the Data Subject chooses not to give consent, they will not suffer any type of prejudice or repercussion regarding the use of other services offered through the Website (it being understood that the Data Subject will not be able to receive newsletters from the Controller)
- Data such as the Internet Protocol (IP) address and technical specifications of the browser used for navigation, which are collected and communicated by the Controller to Linkedin Ireland Unlimited Company for the purpose of increasing the commercial visibility of the Controller’s image
With regard to the operations now indicated, the data controller is also Linkedin Ireland Unlimited Company, with registered office at Gardner House, Wilton Plaza, Dublin 2, Republic of Ireland (EU) This implies, among other things, that responsibility for any further processing operations carried out after the transmission of such data lies solely with Linkedin Ireland Unlimited Company, to which the Data Subject may address to exercise their rights with respect to them
This processing is carried out in pursuit of the legitimate interest of the Data Controller in promoting their services and commercial image on the aforementioned social network.
Furthermore, we inform you that the Company has adopted a single technological infrastructure for the storage and retention of data, called Customer Relationship Management (“CRM”), in which the data of natural persons, who are representatives of companies or entities (collected during the performance of activities), and their interactions with the entities are stored, and, on a residual basis, through non-automated means (e.g., paper archives) chosen to ensure the security of such data, by persons who operate under the direct authority of the Data Controller and who have been duly authorized and trained in this regard.
The provision of data is always voluntary, however, it is necessary for the inclusion in the CRM. In any case, you may exercise the right to object to the processing at any time by contacting the data controller at the following email address of Harpalis S.p.A.: info@harpalis.it.
PERIOD OF RETENTION OF PERSONAL DATA
The personal data processed for the purposes referred to in point A 1) and 3)) The personal data processed for the purposes referred to in point A) will be stored for the time necessary to allow navigation of the Site, subject to any need for further retention for the purpose of investigating crimes by the public authorities or for the purpose of ascertaining, exercising or defending a right or legitimate interest of the Owner in court.
Personal data processed for the purposes described in point 2) will be stored for the time strictly necessary to achieve the purposes for which they were collected; as for the sending of newsletter For promotional purposes of the offered services, the contact data will be processed until the withdrawal of consent by the Data Subject or, in any case, for a maximum of 24 months from the relevant registration for such purposes.
CATEGORIES OF RECIPIENTS OF PERSONAL DATA AND TRANSFERS TO THIRD COUNTRIES
Personal data of the data subjects may be disclosed:
- Personal data of the data subjects may be communicated to information technology (IT) service providers, such as support for the management and maintenance of the Website, web hosting and email services.
- to the employees of the Owner in charge of managing the Website and responding to requests made;
- to public authorities, such as police forces and judicial offices, if required by law or a legitimate measure.
Where the conditions established by the GDPR are met, the Data Controller will enter into an agreement with those recipients, among those mentioned above, who receive the communication of personal data in order for them to process them on its behalf (“Data processors”) Specific contracts will be signed with these data recipients, aimed at ensuring that the operations carried out are in strict compliance with the instructions given by the Data Controller and that adequate technical and organizational measures are implemented to safeguard the security of the personal data processed. Your personal data will not be transferred to countries outside the European Economic Area (“third countries“) or international organizations.
The rights of the data subjects
The data subject can exercise, at any time and free of charge, the rights indicated in Articles 15 and following of the GDPR by contacting the Data Controller at the contact details provided. In particular, the user, as the Data Subject and within the limits provided by the GDPR and the Legislative Decree n. 196/2003, can exercise:
- The right of access, i.e., the right to obtain confirmation of whether or not personal data concerning oneself is being processed, as well as the right to receive all information relating to such processing and a copy of the personal data being processed.
- the right to rectification, that is, the right to obtain the rectification or integration of one’s personal data processed, if they are inaccurate or incomplete with respect to the purposes of the processing;
- The right to erasure (also known as the “right to be forgotten“), which is the right to obtain the erasure of personal data concerning the data subject in certain cases as provided for in Article 17 of GDPR;
- The right to limit processing, which means the right to obtain limitation of the processing of personal data, in the cases provided for by Article 18 of GDPR;
- The right to data portability, which is the right to receive the personal data concerning the Data Subject and which they have provided to the Data Controller in a structured, commonly used and machine-readable format, and to obtain the direct transmission of such data to another data controller, where technically feasible;
- the right to object, namely the right to object, at any time for reasons related to his or her particular situation, to the processing of personal data concerning the Data Subject based on the condition of the lawfulness of the legitimate interest or the performance of a task carried out in the public interest or in the exercise of official authority, unless there are legitimate grounds for the Data Controller to continue processing that outweigh the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of a legal claim.
- The right to lodge a complaint with a Supervisory Authority, such as the Italian Data Protection Authority, located at Piazza Venezia 11 – 00187, Rome (RM), Italy (IT), Email: garante@gpdp.it, PEC: protocollo@pec.gpdp.it.
Such rights can be exercised free of charge by sending a written communication to the Data Controller at the contact details provided. However, in case of manifestly unfounded or excessive requests, also due to their repetitive nature, the Data Controller may charge a reasonable fee proportionate to the administrative costs incurred to manage the request, or refuse to comply with it.
CHANGES TO THE INFORMATION
Over time, the Data Controller may make changes to this Privacy Policy, also to ensure that it is up-to-date or to improve its clarity; in this case, the Data Controller will promptly notify users of the Site, using the most effective and appropriate means for this purpose.