PRIVACY NOTICE
Click HERE for the San Marino's version
Who is the Data Controller?
ITT WEB, represented by its legal representative, with registered office at Strada degli Angariari, 25 - 47891 Falciano (Republic of San Marino) (hereinafter, "Controller"),
How can I contact them?
The company's contact details are:
Phone: +378.0549.941183
Certified Email (PEC): ittweb@pec.aruba.it
Email: privacy@ittweb.net
Address: Strada degli Angariari, 25 - 47891 Falciano (Republic of San Marino)
Has a DPO been appointed? How can I contact them?
The company has appointed Attorney Angela Lo Giudice as the Data Protection Officer (DPO), who can be contacted at the following email address: dpo@ittweb.net
1. Introduction
In accordance with the European regulation on the protection of personal data and the San Marino legislation on the protection of personal data, legal entities are not considered data subjects, and therefore, such regulation does not apply to them. However, if personal data related to a natural person is included in the context of collecting corporate data, such person shall be considered a data subject under the relevant law and regulation.
2. What processing is carried out through the website? And what are the legal bases, purposes, and retention periods?
CONTACT US | PURPOSE | The purpose of data processing is to allow you to send us information requests for possible registration. |
LAWFULNESS OF PROCESSING | Pre-contractual measures taken at the request of the data subject. In the event of a dispute, the data will be processed to act or defend in court, which corresponds to the legitimate interest of the data controller. | |
RETENTION PERIOD | We will process the data for 12 months from the last email exchange. The data may be kept longer only in case of possible disputes, and therefore to exercise or defend a right based on the legitimate interest of the data controller. | |
ADDITIONAL INFORMATION | The provision of data is optional, and refusal will prevent the form from being submitted. |
NEWSLETTER AND SENDING COMMERCIAL INFORMATION | PURPOSE | The purpose of data processing is to allow you to subscribe to the newsletter service and receive promotional messages. |
LAWFULNESS OF PROCESSING | Consent. Opt-out can be exercised at any time. | |
RETENTION PERIOD | We will delete the data after 5 years from the last transmission. | |
ADDITIONAL INFORMATION | The provision of data is optional, and refusal will prevent newsletters from being sent. |
NAVIGATION DATA | PURPOSE | Site security |
LAWFULNESS OF PROCESSING | We will process the data based on the legitimate interest of the company in information security and compliance with legal obligations. The legal basis for the processing of cookies other than those necessary is consent. | |
RETENTION PERIOD | 24 months | |
ADDITIONAL INFORMATION | For cookie policy, please refer to the specific notice. |
3. What else should I know?
The data will be processed lawfully, fairly, and with the utmost confidentiality, in compliance with appropriate security measures as provided for by the GDPR and Law No. 171/18. The processing will be carried out using digital means. The data will not be subject to public disclosure, and the user will not be subjected to automated decision-making processes such as profiling unless they consent to this through the installation of cookies or other tracking tools, for which the applicable regulations are referred to in the specific notice.
4. To whom will my data be disclosed?
The Data Controller may disclose the data to all parties to whom disclosure is required by law for the fulfillment of the purposes provided for by law. The Data Controller also relies on several companies or IT tools that perform data processing activities on the personal data of the data subjects exclusively in the interest of the Data Controller, all of which are duly appointed as data processors under Article 28 of the GDPR and Article 29 of Law No. 171/18. The list of data processors can be found at the company's premises.
5. What is the location of data storage and transfer?
The management and storage of personal data will take place on servers located in Italy and in non-EU countries. The Data Controller ensures from now on that the transfer of data takes place in accordance with the GDPR by entering standard contractual clauses.
6. What are my rights and how can I exercise them?
a) Rights of the data subject
As a data subject, you have the rights set forth in Article 15 et seq. of the EU Regulation No. 2016/679 as well as in Articles 15 et seq. of Law No. 171/18, specifically:
RIGHT OF ACCESS (Article 15) The data subject has the right to obtain confirmation as to whether or not personal data concerning them exist, even if not yet registered, and their communication in an intelligible form.
RIGHT TO RECTIFICATION (Article 16) The data subject has the right to obtain the rectification of inaccurate personal data concerning them and the completion of incomplete data.
RIGHT TO ERASURE (Article 17) The data subject has the right to obtain the erasure of personal data in the presence of particular reasons, such as the withdrawal of consent, opposition to processing, or if the data are no longer necessary for the purposes for which they were collected and processed, or in the case of unlawful processing. Erasure may not always be possible, but the data controller will be obliged to provide an adequate justification.
RIGHT TO RESTRICTION OF PROCESSING (Article 18) The data subject has the right to obtain the restriction of processing in the presence of particular circumstances, such as, for example, in the case of a request for rectification or opposition during the time of evaluation of the requests.
RIGHT TO DATA PORTABILITY (Article 20) If the processing is based on consent or contract and is carried out using automated means, the data subject may receive their data in a structured, commonly used, and machine-readable format or request that they be transmitted to another data controller.
RIGHT TO OBJECT (Article 21) The data subject has the right to object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of the collection; b) to the processing of personal data concerning them for purposes not covered by Article 2. The user may submit a request to object to the processing of their personal data under Article 21, specifying the reasons justifying the objection: the Data Controller reserves the right to evaluate the request, which would not be accepted in case there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights, and freedoms of the user.
RIGHT TO LODGE A COMPLAINT The data subject has the right to lodge a complaint with the competent supervisory authority under Article 77 of the GDPR or Article 66 of Law No. 171/18 if they believe that the processing of their data is contrary to current legislation.
b) How to exercise your rights:
The data subject may exercise their rights at any time by contacting the Data Controller at the addresses provided above.