EXTENDED PRIVACY POLICY

In this Policy, we Istarter S.p.A. (Tax and VAT number 10782330012), represented by our interim legal representative, with registered office in 10122-Turin, Via Carlo Allioni, 3 (hereinafter, also the “Controller” or the “Company”), define the methods used for the collection of the data of the visitors to our website https://www.istarter.it/ (hereinafter the “Website”) in accordance with Article 13 of Italian Law Act No. D.Lgs. 196 of 30.6.2003 (hereinafter the “Privacy Law”), as well as Art. 13 and 14 of the EU-Regulation no. 2016/679 (hereinafter “GDPR”).

1. CONTROLLER, OBJECT AND PLACE OF PROCESSING

This Privacy Policy is released in accordance with the national and international laws on the protection of the Internet surfers visiting a website, regardless of the methods and tools used.
After collecting the user’s consent, the Controller shall process Data strictly in compliance with the provisions of the GDPR and other national law, including any other provisions of the Supervisory Authority (i.e. The Data Protection Supervisor) if applicable
The Data we collect may be transferred to a different country other than the one where the Data Subject resides. For more information on the place of processing, the Data Subject may contact the Controller using the contact details under Section 10 and 12 of this Policy.
The Data Controller has committed to the protection and privacy of all visitors to its website, and encourages all users to read the Privacy Policy carefully.

2. METHODS AND PURPOSES FOR DATA PROCESSING AND USING

2.1. The collection of the Data allows us to provide the Data Subjects with more updated information on all projects and events that we organize and/or attend in the field of scale-ups and digital innovation. The Data that we collect from our website https://www.istarter.it/, and other socials (Vimeo, YouTube, Facebook, Twitter etc..) are exclusively processed and saved for the above purposes.
We may share your data with our employees and partners both within and outside your country.
By acknowledging this Privacy Policy, you authorize us to transfer or share with thirds the data we collected.
Under no circumstance, we shall transfer or disclose your data to thirds without your prior consent, except for the cases specifically provided for under Art. 24 of Law Act no. D.lgs.196/03.

2.2. Possible new and different data processing terms shall be implemented by our Company only after sending a new Privacy Policy to the Data Subjects, and/or Users and obtaining their consent, wherever applicable.

2.3. The Controller has already implemented all the (IT and practical) safety measures needed to prevent the unauthorized access, modification, disclosure, or destruction of the Data, without prior consent of the Data Subjects.
We process your data within our organization for the stated purposes, and in accordance with the DPO, if available, or with the Data Processor.
You may obtain detailed information about the purposes for data processing and the collected Data by contacting the Controller using the contact details under Section 10 and 12 of this Policy.
The Privacy protocols and standards used by the Company for the protection of your personal data are based on the concepts described below.

2.3.1. RESPONSIBILITY AND LIABILITY FOR DATA PROCESSING AND USE
The responsibility and liability for any processing of your personal data has been assigned by our Company to our in-house resources who we employ within our organization. Nicola Garelli, President of iStarter S.P.A. will be responsible of data treatment.
Only for certain particular cases, we may grant access to your data also to other parties with various tasks and responsibilities in terms of website management (i.e. Administration, marketing, and management staff, as well as hosting providers).
The Data Subject may request the Controller for an updated list of all Data Processors at any time.

2.3.2. TRASPARENCY WITH REGARD TO DATA PROCESSING AND USE
We collect and process data in accordance with the concepts stated in this Policy.
Before collecting and/or submitting their data, the Data Subjects may consult and read this Privacy Policy and freely decide whether they wish to agree with it.
A consent is required and may be tacitly given, even if the data are collected automatically (for example technical or profiling cookies).
The Data Subject may request the Controller at any time to supply more information on the statutory conditions of each processing, stating in particular if processing is based on a law provision, or an established contract, or if it is needed for the execution of an agreement.

2.3.3. COMPLIANT DATA COLLECTION
All data are collected and processed based on fair and lawful methods. Data are strictly saved for the explicit and licit reasons stated under Section 2 of this Policy, and never outside of the scope stated herein.

2.3.4. DATA VERIFICATION PRINCIPLE
All data are updated, arranged and saved so that all Data Subjects can access, whenever necessary, data that have been collected and saved, checking their quality, and possibly request any amendments, additions, cancellation if infringing any law, or alternatively exercise their rights under Section 9 of this Policy by the terms and methods stated under Section 10 of this Policy.

2.3.5. SAFETY PRINCIPLE AND ACTIVATED SAFETY MEASURES

2.3.5.1. The data collected and processed are protected against their illicit disclosure or alteration. This protection is undertaken by technical as well as informative (IT technology) tools and systems designed to minimize the risk of destruction, (accidental) loss, or access by unauthorized parties.

2.3.5.2. The above-mentioned safety measures are periodically tested and upgraded to the latest technical knowledge based on the nature of the data and the requirement of the processing methods.

2.3.5.3. Any third party, performing any ancillary activity of any type whatsoever, or supplying services on behalf of the Company and for which they are to carry out personal data processing, shall be considered as Data Processors and shall be obliged to comply with all relevant safety measures and privacy obligations.

2.3.5.4. The information we gather and acquire may be shared by us with the following third parties:

  • Equity Partners
  • Start-ups that collaborate with us
  • Investors
  • third parties who works with us

3. TYPE OF DATA AND PROCESSING METHODS

3.1. The data collected through the domain of the website https://www.istarter.it/ and various socials of other thirds (YouTube, Twitter, Vimeo, Facebook etc..) may include: name, surname, telephone number, email, IP address, and any other information directly supplied by the users when contacting the Company through any of the links in a web page.
Generally speaking, it is about the following data:

  • a) Data freely and voluntarily supplied by the users: The data collected and processed through the website are used for the supply of our services. Consequently, failure to supply the requested data, or to consent to their processing shall prevent us from actually supplying the requested service or function.
    These data (e.g. Email address, landline phone, or mobile phone numbers) shall never be used or disclosed by the Company for any advertisement, direct sale, or marketing activity without the users’ explicit consent.
    More specific information and privacy statements may be available in special areas of our website where data are requested.
    If an Email is voluntarily sent to any of our addresses, we shall acquire all of the sender’s details and mail information eventually contained in the message. We will use these data to contact the sender, and execute the services or performances requested by the latter.
  • b) Surfing data: The website utilizes certain automated functions that are designed to collect data for their operation, and whose transmission is implicitly part of the Internet communication protocols.
    Although this information is not associated with any user’s ID, if combined with other data held by other thirds (e.g. Internet service provider) they may by their own nature lead to the identification of the user or their details (i.e. IP addresses, name of the domains used by the PC connecting to the Website, URL addresses of the requested resources, time of the request, numeric code of the server response).

These Data are strictly used for statistical purposes only in order to check and monitor the traffic on our website and the trouble-free operation of the latter.
The Controller, i.e. its designated managers, keep track of all website connections for a limited time. This allows us the fulfilment of possible requests or orders of the competent judicial Authorities during a possible audit or assessment of compliance with IT-responsibilities and IT crimes.

4. COOKIES

4.1. Our website uses cookies for its operation. Cookies are part of a code, actually a text file, installed within a browser to help the Controller change the contents according to the surfers, and supply the website service as described above.
Unless otherwise stated, our website uses cookies to make your online browsing an easier, more enjoyable experience, fulfilling your requests and ensuring a fluent navigation throughout the different pages of our site.
Some temporary markers may be installed on our website, and in this case your attention will be drawn to them and your consent will be requested.
The main types of cookies used are:

a) Technical and aggregate statistical cookies
These cookies are essential for the website to operate correctly and increase its functionality and performance. Our technical cookies may be further classified as follows:

(i) Navigation cookies – Navigation cookies are technical cookies and are needed for the functioning of the website. From the first access, these cookies allow the website to function correctly and allow you to view content on your device in an easy optimal way;

(i) Cookie analytics – These cookies are used to prepare statistical analyses on the navigation methods of our website’s users. This information is processed in an aggregate and anonymous way;

(i) Functionality cookies (also of third parties) – These cookies record information about the choices you have made and allow us to tailor our website to you.

These cookies do not require the prior consent of the users for their download and use.
Other types of cookies or third parties’ tools that may use cookies
Some of the following services may not require a prior consent of the users, and may be managed directly by the Controller, with no assistance of third parties. Should any of the following tools involve any third parties’ service, we may not exclude possible tracking activities by these thirds, who may attempt to identify users, without us knowing about it.
The cookies we use as the Controller are:

  • doubleclick.net
  • api-iam.intercom.io
  • istarter.it
  • vimeo.com
  • player.vimeo.com
  • youtube.com

Checking cookies download

Additionally to the above information, users may still change how cookies are stored on their machine by clicking on the ‘Tools’ menu in their internet browser, and even stop the download of third parties’ cookies.
By deactivating all cookies, the operation of our website may be impaired.
More information on how to manage cookies in your browser are also available in the special section of the privacy policy of Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Explorer.
We inform you that you may also use other tools like Your Online Choices (http://www.youronlinechoices.com/it/) that allow managing the tracking preferences of most advertisement tools.
We strongly recommend all visitors to our Website to use this tool additionally to the information contained herein.
For more technical information on cookies, you may consult: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2142939.

5. DATA STORAGE METHODS

In accordance with the GDPR, all Data, including navigation ones, shall be stored and kept for the time strictly needed to fulfil the purposes of this Policy, which is a period of 2 years for data processed for promotional and/or marketing operations, and 10 years for all other data.

6. DATA ACCESS

6.1. The Data processed by the Controller may be accessed by the employees and partners of the latter who are assigned and/or responsible for in-house data processing and/or the corporate IT-systems. The access to the data is available strictly to these persons, if needed for the correct execution of their tasks, and limited to the only operations required.

6.2. The Controller provides for the protection of users’ data and information against non-authorized access, illicit processing, accidental loss, destruction, and damage. Moreover, the Controller shall store these data and information for the period strictly needed for the intended application

7. DATA DISCLOSURE

7.1. The users’ explicit consent to data disclosure is not required [pursuant to Art. 24 letter a), b), and d) under Privacy Law and Art. 6 letter b) and c) of the GDPR], if disclosure is requested by a Supervisory (like IVASS in Italy) or Judicial Authority, or any other competent Entity, or if needed to ensure the Controller’s compliance with its legal obligations, or alternatively to enforce its defence in the framework of a judiciary proceeding. The afore-mentioned Authorities may access and keep the data as independent Data Controllers. In this case, the Data will not be disclosed, unless required by the service in point.

7.2. If needed for special services or products, personal Data may be disclosed to thirds, acting as independent Data Controllers, assigned to special operations that are strictly functional and linked to the service/product in point whose execution/delivery would be otherwise impossible.

7.3. Except for the above conditions, the Controller shall not disclose any personal, confidential data to any party outside of the EU or to other International organizations.

8. DATA TRANSFER

8.1. Personal data are saved in Aruba’s web server.

9. RIGHTS OF THE DATA SUBJECTS

9.1. The Data Subject has all rights under Privacy Law Art. 7 and GDPR Art 15. More precisely, the Data Subject has the right:

  • i. To receive a confirmation of whether or not its personal details are kept, although not yet recorded, anywhere and this in an intelligible way;
  • ii. To be informed on:
    • a) The source of personal details;
    • b) The purposes and methods of processing;
    • c) The logics of a possible processing by means of any electronic system;
    • d) The identification details of the Controller, the Processors, and Representative designated in accordance with Privacy Law Art. 5, § 2 and GDPR Art. 3, § 1;
    • e) The persons or group of persons entitled to access or share personal data and information in their office as designated representatives within the country of the User;
  • iii.
    • a) To receive an update, or request any change/ addition to the data if needed;
    • b) To request the cancellation, anonymity, or locking of data that are processed in discrepancy with the law, including those for which no storage is required for the purposes for which they were first collected, and then processed;
    • c) To receive a declaration that all operations under above letters a) and b) and their contents were extensively described to all those who received disclosure or shared the reference data, unless this would be reasonably impossible or entailed a disproportionate use of measures as compared to the rights for which protection is sought;
  • iv. To fully or partly oppose and reject:
    • a) The processing of personal details for personal, fair reasons, and regardless of whether the data are or not relevant and useful to the purpose of collection; b) the processing of personal details for the purpose of sending advertisement or promotional material, unsolicited sale offers, market researches, or other marketing communications through automated call centres, unmanned email services, and/or other traditional marketing systems like telephone calls and/or regular mail services. The right of the Data Subject to oppose the processing of its data under above point
    • b) (direct marketing) equally applies to automated and traditional marketing technologies, and without prejudice to the right of the Data Subject to oppose and reject just partly. Therefore, the Data Subject may decide to strictly allow and accept the sending of communications by a traditional system, or just by automated systems, both or none of the two.
      Please note that the Data Subject is always entitled to oppose and reject the processing of its data for direct marketing purposes without having to give any fair reasons for it.
      If applicable, the Data Subject is also entitled to the rights under GDPRO Art. 15-21 (right to have personal data rectified and a ‘right to be forgotten’ where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject, right of limiting data processing, right of data portability, and right to raise an opposition) as well as a right of claiming before the Supervisory Authority.

9.2. If allowed by the applicable laws, the user may request a copy of all data in our possession.

9.3. Before following up a specific request, we may ask you for some additional optional information, for example:

  • (i) Your identity;
  • (ii) More details needed to follow-up your requests.

9.4. The Controller commits to react to any question in due course and always within the terms established by the law. A Data Subject wishing to oppose/reject the processing of its data, shall contact us at the address stated under Section 11 and 13 of this Policy.

10. MODALITIES FOR THE EXERCISE OF THE RIGHTS OF THE DATA SUBJECT

All website visitors and the Data Subjects may exercise their rights under the EU Regulation 2016/679 at any time and free of charge by sending:A registered letter with bill of receipt to:

  • Registered office: Via Carlo Allioni 3 | 10122, Torino, Italy
  • An Email to: hello@istarter.it

11. CONTROLLER, AND OTHER PERSONS RESPONSIBLE ON ITS BEHALF

The Controller is Istarter S.p.A. (Tax and VAT number 10782330012), with registered office in Turin, Via Carlo Allioni, 3 (10122).
The list of the persons responsible or in charge of data processing is held at Nicola Garelli. A copy of this list can be obtained by applying as described above.

12. CONTACTS

Processing of the data collected through the web domain https://www.istarter.it/ shall take place at Turin, Via Carlo Allioni, 3 (10122), or any other place of residence of the parties involved.
For more information you can address the Controller at any later time
Any comment, question, or query on the Controller’s use of the users’ personal details and information shall be addressed via email: hello@istarter.it

In accordance with Art.11 of this Privacy Policy, the collected Data may be processed by in-house or outsourced personnel, as well as any other person assigned to the execution and management of the requested services, and whose identity shall be disclosed or made known to thirds as stated in this Policy.

13. FUTURE MODIFICATIONS TO THIS PRIVACY POLICY

As a result of the new laws and provisions enforced in the country, as well as the continuous review and upgrade of our services, this Privacy Policy may have to be adjusted or modified.
So, this Privacy Policy may change in time and we recommend all Data Subjects to check the Privacy section of our website from time to time.
To facilitate the identification of new Policy releases, the review date of the actual Policy is printed on the bottom line.
Please note: for modifications of the Privacy Policy relative to processing activities whose legal base is the consent of the Data Subject, the Controller shall take care of requesting a new consent, if needed.

14. REDIRECTING TOWARDS OTHER WEBSITES OF THIRDS

Our website contains some plug-ins that redirect the visitors to other websites and socials (YouTube, Vimeo, Facebook, Linkedin etc..). Plug-ins are software components that enable customization and facilitate surfing our pages.
However, we have no control on the access and management of other websites than the one where we promote our business.
For this reason, we will not be liable for the collection, processing, and disclosure of your data by other thirds linked to our web pages. We also prompt you to always read their Privacy Policy before accessing their space.

Review date: 23 May 2018