In this Policy, we Istarter S.p.A. (Tax and VAT number 10782330012), represented by our interim legal representative, with registered office in 10122-Turin, Via Carlo Allioni, 3 (hereinafter, also the “Controller” or the “Company”), define the methods used for the collection of the data of the visitors to our website https://www.istarter.it/ (hereinafter the “Website”) in accordance with Article 13 of Italian Law Act No. D.Lgs. 196 of 30.6.2003 (hereinafter the “Privacy Law”), as well as Art. 13 and 14 of the EU-Regulation no. 2016/679 (hereinafter “GDPR”).
1. CONTROLLER, OBJECT AND PLACE OF PROCESSING
After collecting the user’s consent, the Controller shall process Data strictly in compliance with the provisions of the GDPR and other national law, including any other provisions of the Supervisory Authority (i.e. The Data Protection Supervisor) if applicable
The Data we collect may be transferred to a different country other than the one where the Data Subject resides. For more information on the place of processing, the Data Subject may contact the Controller using the contact details under Section 10 and 12 of this Policy.
2. METHODS AND PURPOSES FOR DATA PROCESSING AND USING
2.1. The collection of the Data allows us to provide the Data Subjects with more updated information on all projects and events that we organize and/or attend in the field of scale-ups and digital innovation. The Data that we collect from our website https://www.istarter.it/, and other socials (Vimeo, YouTube, Facebook, Twitter etc..) are exclusively processed and saved for the above purposes.
We may share your data with our employees and partners both within and outside your country.
Under no circumstance, we shall transfer or disclose your data to thirds without your prior consent, except for the cases specifically provided for under Art. 24 of Law Act no. D.lgs.196/03.
2.3. The Controller has already implemented all the (IT and practical) safety measures needed to prevent the unauthorized access, modification, disclosure, or destruction of the Data, without prior consent of the Data Subjects.
We process your data within our organization for the stated purposes, and in accordance with the DPO, if available, or with the Data Processor.
You may obtain detailed information about the purposes for data processing and the collected Data by contacting the Controller using the contact details under Section 10 and 12 of this Policy.
The Privacy protocols and standards used by the Company for the protection of your personal data are based on the concepts described below.
2.3.1. RESPONSIBILITY AND LIABILITY FOR DATA PROCESSING AND USE
The responsibility and liability for any processing of your personal data has been assigned by our Company to our in-house resources who we employ within our organization. Nicola Garelli, President of iStarter S.P.A. will be responsible of data treatment.
Only for certain particular cases, we may grant access to your data also to other parties with various tasks and responsibilities in terms of website management (i.e. Administration, marketing, and management staff, as well as hosting providers).
The Data Subject may request the Controller for an updated list of all Data Processors at any time.
2.3.2. TRASPARENCY WITH REGARD TO DATA PROCESSING AND USE
We collect and process data in accordance with the concepts stated in this Policy.
A consent is required and may be tacitly given, even if the data are collected automatically (for example technical or profiling cookies).
The Data Subject may request the Controller at any time to supply more information on the statutory conditions of each processing, stating in particular if processing is based on a law provision, or an established contract, or if it is needed for the execution of an agreement.
2.3.3. COMPLIANT DATA COLLECTION
All data are collected and processed based on fair and lawful methods. Data are strictly saved for the explicit and licit reasons stated under Section 2 of this Policy, and never outside of the scope stated herein.
2.3.4. DATA VERIFICATION PRINCIPLE
All data are updated, arranged and saved so that all Data Subjects can access, whenever necessary, data that have been collected and saved, checking their quality, and possibly request any amendments, additions, cancellation if infringing any law, or alternatively exercise their rights under Section 9 of this Policy by the terms and methods stated under Section 10 of this Policy.
2.3.5. SAFETY PRINCIPLE AND ACTIVATED SAFETY MEASURES
188.8.131.52. The data collected and processed are protected against their illicit disclosure or alteration. This protection is undertaken by technical as well as informative (IT technology) tools and systems designed to minimize the risk of destruction, (accidental) loss, or access by unauthorized parties.
184.108.40.206. The above-mentioned safety measures are periodically tested and upgraded to the latest technical knowledge based on the nature of the data and the requirement of the processing methods.
220.127.116.11. Any third party, performing any ancillary activity of any type whatsoever, or supplying services on behalf of the Company and for which they are to carry out personal data processing, shall be considered as Data Processors and shall be obliged to comply with all relevant safety measures and privacy obligations.
18.104.22.168. The information we gather and acquire may be shared by us with the following third parties:
- Equity Partners
- Start-ups that collaborate with us
- third parties who works with us
3. TYPE OF DATA AND PROCESSING METHODS
3.1. The data collected through the domain of the website https://www.istarter.it/ and various socials of other thirds (YouTube, Twitter, Vimeo, Facebook etc..) may include: name, surname, telephone number, email, IP address, and any other information directly supplied by the users when contacting the Company through any of the links in a web page.
Generally speaking, it is about the following data:
- a) Data freely and voluntarily supplied by the users: The data collected and processed through the website are used for the supply of our services. Consequently, failure to supply the requested data, or to consent to their processing shall prevent us from actually supplying the requested service or function.
These data (e.g. Email address, landline phone, or mobile phone numbers) shall never be used or disclosed by the Company for any advertisement, direct sale, or marketing activity without the users’ explicit consent.
More specific information and privacy statements may be available in special areas of our website where data are requested.
If an Email is voluntarily sent to any of our addresses, we shall acquire all of the sender’s details and mail information eventually contained in the message. We will use these data to contact the sender, and execute the services or performances requested by the latter.
- b) Surfing data: The website utilizes certain automated functions that are designed to collect data for their operation, and whose transmission is implicitly part of the Internet communication protocols.
Although this information is not associated with any user’s ID, if combined with other data held by other thirds (e.g. Internet service provider) they may by their own nature lead to the identification of the user or their details (i.e. IP addresses, name of the domains used by the PC connecting to the Website, URL addresses of the requested resources, time of the request, numeric code of the server response).
These Data are strictly used for statistical purposes only in order to check and monitor the traffic on our website and the trouble-free operation of the latter.
The Controller, i.e. its designated managers, keep track of all website connections for a limited time. This allows us the fulfilment of possible requests or orders of the competent judicial Authorities during a possible audit or assessment of compliance with IT-responsibilities and IT crimes.
Some temporary markers may be installed on our website, and in this case your attention will be drawn to them and your consent will be requested.
The main types of cookies used are:
a) Technical and aggregate statistical cookies
These cookies are essential for the website to operate correctly and increase its functionality and performance. Our technical cookies may be further classified as follows:
(i) Navigation cookies – Navigation cookies are technical cookies and are needed for the functioning of the website. From the first access, these cookies allow the website to function correctly and allow you to view content on your device in an easy optimal way;
(i) Cookie analytics – These cookies are used to prepare statistical analyses on the navigation methods of our website’s users. This information is processed in an aggregate and anonymous way;
(i) Functionality cookies (also of third parties) – These cookies record information about the choices you have made and allow us to tailor our website to you.
These cookies do not require the prior consent of the users for their download and use.
Some of the following services may not require a prior consent of the users, and may be managed directly by the Controller, with no assistance of third parties. Should any of the following tools involve any third parties’ service, we may not exclude possible tracking activities by these thirds, who may attempt to identify users, without us knowing about it.
The cookies we use as the Controller are:
Checking cookies download
Additionally to the above information, users may still change how cookies are stored on their machine by clicking on the ‘Tools’ menu in their internet browser, and even stop the download of third parties’ cookies.
By deactivating all cookies, the operation of our website may be impaired.
We inform you that you may also use other tools like Your Online Choices (http://www.youronlinechoices.com/it/) that allow managing the tracking preferences of most advertisement tools.
We strongly recommend all visitors to our Website to use this tool additionally to the information contained herein.
For more technical information on cookies, you may consult: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2142939.
5. DATA STORAGE METHODS
In accordance with the GDPR, all Data, including navigation ones, shall be stored and kept for the time strictly needed to fulfil the purposes of this Policy, which is a period of 2 years for data processed for promotional and/or marketing operations, and 10 years for all other data.
6. DATA ACCESS
6.1. The Data processed by the Controller may be accessed by the employees and partners of the latter who are assigned and/or responsible for in-house data processing and/or the corporate IT-systems. The access to the data is available strictly to these persons, if needed for the correct execution of their tasks, and limited to the only operations required.
6.2. The Controller provides for the protection of users’ data and information against non-authorized access, illicit processing, accidental loss, destruction, and damage. Moreover, the Controller shall store these data and information for the period strictly needed for the intended application
7. DATA DISCLOSURE
7.1. The users’ explicit consent to data disclosure is not required [pursuant to Art. 24 letter a), b), and d) under Privacy Law and Art. 6 letter b) and c) of the GDPR], if disclosure is requested by a Supervisory (like IVASS in Italy) or Judicial Authority, or any other competent Entity, or if needed to ensure the Controller’s compliance with its legal obligations, or alternatively to enforce its defence in the framework of a judiciary proceeding. The afore-mentioned Authorities may access and keep the data as independent Data Controllers. In this case, the Data will not be disclosed, unless required by the service in point.
7.2. If needed for special services or products, personal Data may be disclosed to thirds, acting as independent Data Controllers, assigned to special operations that are strictly functional and linked to the service/product in point whose execution/delivery would be otherwise impossible.
7.3. Except for the above conditions, the Controller shall not disclose any personal, confidential data to any party outside of the EU or to other International organizations.
8. DATA TRANSFER
8.1. Personal data are saved in Aruba’s web server.
9. RIGHTS OF THE DATA SUBJECTS
9.1. The Data Subject has all rights under Privacy Law Art. 7 and GDPR Art 15. More precisely, the Data Subject has the right:
- i. To receive a confirmation of whether or not its personal details are kept, although not yet recorded, anywhere and this in an intelligible way;
- ii. To be informed on:
- a) The source of personal details;
- b) The purposes and methods of processing;
- c) The logics of a possible processing by means of any electronic system;
- d) The identification details of the Controller, the Processors, and Representative designated in accordance with Privacy Law Art. 5, § 2 and GDPR Art. 3, § 1;
- e) The persons or group of persons entitled to access or share personal data and information in their office as designated representatives within the country of the User;
- a) To receive an update, or request any change/ addition to the data if needed;
- b) To request the cancellation, anonymity, or locking of data that are processed in discrepancy with the law, including those for which no storage is required for the purposes for which they were first collected, and then processed;
- c) To receive a declaration that all operations under above letters a) and b) and their contents were extensively described to all those who received disclosure or shared the reference data, unless this would be reasonably impossible or entailed a disproportionate use of measures as compared to the rights for which protection is sought;
- iv. To fully or partly oppose and reject:
- a) The processing of personal details for personal, fair reasons, and regardless of whether the data are or not relevant and useful to the purpose of collection; b) the processing of personal details for the purpose of sending advertisement or promotional material, unsolicited sale offers, market researches, or other marketing communications through automated call centres, unmanned email services, and/or other traditional marketing systems like telephone calls and/or regular mail services. The right of the Data Subject to oppose the processing of its data under above point
- b) (direct marketing) equally applies to automated and traditional marketing technologies, and without prejudice to the right of the Data Subject to oppose and reject just partly. Therefore, the Data Subject may decide to strictly allow and accept the sending of communications by a traditional system, or just by automated systems, both or none of the two.
Please note that the Data Subject is always entitled to oppose and reject the processing of its data for direct marketing purposes without having to give any fair reasons for it.
If applicable, the Data Subject is also entitled to the rights under GDPRO Art. 15-21 (right to have personal data rectified and a ‘right to be forgotten’ where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject, right of limiting data processing, right of data portability, and right to raise an opposition) as well as a right of claiming before the Supervisory Authority.
9.2. If allowed by the applicable laws, the user may request a copy of all data in our possession.
9.3. Before following up a specific request, we may ask you for some additional optional information, for example:
- (i) Your identity;
- (ii) More details needed to follow-up your requests.
9.4. The Controller commits to react to any question in due course and always within the terms established by the law. A Data Subject wishing to oppose/reject the processing of its data, shall contact us at the address stated under Section 11 and 13 of this Policy.
10. MODALITIES FOR THE EXERCISE OF THE RIGHTS OF THE DATA SUBJECT
All website visitors and the Data Subjects may exercise their rights under the EU Regulation 2016/679 at any time and free of charge by sending:A registered letter with bill of receipt to:
- Registered office: Via Carlo Allioni 3 | 10122, Torino, Italy
- An Email to: email@example.com
11. CONTROLLER, AND OTHER PERSONS RESPONSIBLE ON ITS BEHALF
The Controller is Istarter S.p.A. (Tax and VAT number 10782330012), with registered office in Turin, Via Carlo Allioni, 3 (10122).
The list of the persons responsible or in charge of data processing is held at Nicola Garelli. A copy of this list can be obtained by applying as described above.
Processing of the data collected through the web domain https://www.istarter.it/ shall take place at Turin, Via Carlo Allioni, 3 (10122), or any other place of residence of the parties involved.
For more information you can address the Controller at any later time
Any comment, question, or query on the Controller’s use of the users’ personal details and information shall be addressed via email: firstname.lastname@example.org
To facilitate the identification of new Policy releases, the review date of the actual Policy is printed on the bottom line.
14. REDIRECTING TOWARDS OTHER WEBSITES OF THIRDS
Our website contains some plug-ins that redirect the visitors to other websites and socials (YouTube, Vimeo, Facebook, Linkedin etc..). Plug-ins are software components that enable customization and facilitate surfing our pages.
However, we have no control on the access and management of other websites than the one where we promote our business.
Review date: 23 May 2018