Who are we and what do we do with your personal data?
WebScience Srl,, headquartered at viale Jenner 51, IT-20159, Milan, Italy, (hereinafter also The Data Controller), as the data controller, is concerned about the confidentiality of your personal data and ensuring that they are protected from any event that might put them at risk of being breached.
The Controller implements to this end policies and practices having regard to the collection and use of your personal data and the exercise of your rights under applicable law. The Controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary and in any case in case of regulatory and organizational changes that may affect the processing of your personal data.
The Controller has appointed a data protection officer or data protection officer (DPO) whom you can contact if you have questions about the policies and practices adopted.
You can contact the DPO/DPO at email@example.com
How does the Data Controller collect and process your data?
Personal information about you will be processed for:
1) Site navigation.
The processing of your personal data, such as browsing data e.g. IP address and cookies issued by browsing the site are processed by the Data Controller to follow up on the management of the site and to collect information including aggregate information.
Your personal data will in no way be disseminated or disclosed to unspecified parties.
2) Communication to third parties and recipients.
The communication of your personal data takes place mainly towards third parties and/or recipients whose activities are necessary to carry out the activities inherent to the aforementioned purposes, and also to respond to certain legal obligations. Any communication that does not respond to these purposes will be subject to your consent. In particular, your data will be disclosed to third parties/recipients for:
- the performance of the service (e.g., IT service providers);
- communications towards the financial administration, and public supervisory and control bodies towards which the Controller must fulfill specific obligations arising from the specificity of the activity performed;
The personal data that the Controller processes for this purpose are browsing data (IP address)
3) IT security reasons.
The Data Controller processes, including through its suppliers (third parties and/or recipients), your personal data (e.g. IP address) or traffic data collected, or obtained, in the case of services displayed on the website to the extent strictly necessary and proportionate to ensure the security and ability of a network or servers connected to it to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
For these purposes, the Owner provides procedures for handling personal data breach (data breach).
What are cookies and for what purposes they may be used?
A "cookie" is a small text file created by some websites on a user's computer when the user accesses a particular site, for the purpose of storing and transporting information. Cookies are sent from a web server (which is the computer on which the visited website is running) to the user's browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user's computer; they are, then, re-sent to the website at the time of subsequent visits.
Cookies may remain in the system for long periods of time and may also contain a unique identification code. This allows the sites that use them to keep track of the user's navigation within the site itself, for statistical or advertising purposes, that is, to create a personalized profile of the user from the pages he or she has visited and then show and/or send him or her targeted advertising (so-called Behavioural Advertising).
What cookies are used and for what main purpose
The Owner reports below the specific categories of cookies used, the purpose and the consequence of de-selecting them:
Third-party cookies are also operational on this website, i.e. cookies created by a website other than the one the user is currently visiting, as descripted in the table above.
On this website there are special "buttons" (called "social buttons/widgets") that depict icons of social networks (e.g. Facebook, linkedin). The same allow users who are browsing the Controller's web page to access the relevant social networks with a "click". In this case, the social network and web services acquire data about the user, while the Owner will not share any browsing information or user data acquired through its site with the social networks and web services accessible thanks to the social buttons/widgets. Such services issue "third-party cookies." Below are links to the privacy policies of the most commonly used social networks and websites to which the buttons link:
- for Facebook: www.facebook.com/help/cookies
- for Linkedin: www.linkedin.com/legal/cookie_policy
Deselecting and enabling cookies "review your cookie choices"
You can, at any time, manage your preferences below using the button on the bottom left of the web page.
What happens if you do not provide your information?
Please see the consequences of deselecting individual cookies as listed in the table above.
How we process your data
The processing of personal data is carried out through computer procedures by specially authorized and trained internal persons. They are allowed access to your personal data to the extent and to the extent that it is necessary for the performance of the processing activities concerning you.
The Data Controller periodically verifies the means by which your data are processed and the security measures provided for them, the constant updating of which it provides for; verifies, also through the authorized persons in charge of the processing, that no personal data whose processing is not necessary are collected, processed, archived or stored; verifies that the data are stored with the guarantee of integrity and authenticity and their use for the purposes of the processing actually carried out.
Where we process your data
Data are stored in computer and telematic archives located within the European Economic Area.
How long we process your data
Please take a look at the personal data retention periods as shown in the table above.
Personal data are retained for the time necessary to allow you to navigate the site and in any case no longer than 24 months, except in cases where events occur that involve the intervention of the competent Authorities, also in collaboration with third parties/recipients entrusted with the data security activities of the Data Controller, to carry out any investigations into the causes that led to the event, as well as to protect the interests of the Data Controller related to a possible liability related to the use of the site and its services.
What are your rights?
Basically you, at any time and free of charge and without special charges and formalities for your request, can:
- obtain confirmation of the processing carried out by the Data Controller;
- access your personal data and know their origin (when the data are not obtained from you directly), the purposes and aims of the processing, the data of the subjects to whom they are communicated, the storage period of your data or the criteria useful to determine it;
- update or rectify your personal data so that they are always exact and accurate;
- delete your personal data from the databases and/or archives, including backup archives of the Data Controller in the event, among others, that they are no longer necessary for the purposes of the processing or if the processing is assumed to be unlawful, and always if the conditions provided for by law are met; and in any case if the processing is not justified by another, equally legitimate reason;
- limit the processing of your personal data in certain circumstances, such as where you have disputed its accuracy, for the period necessary for the Controller to verify its accuracy. You must also be informed, in a reasonable time, when the period of suspension has expired or the cause for the restriction of processing has ceased to exist, and thus the restriction itself lifted;
- obtain your personal data, if received or processed by the Controller with your consent and/or if their processing is on the basis of a contract and by automated means, in electronic format also for the purpose of transmitting them to another data controller.
The Controller must do so without delay and, in any case, no later than one month after receipt of your request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller will, within one month of receipt of your request, inform you and make you aware of the reasons for the extension. To exercise your rights, write to firstname.lastname@example.org
How and when can you object to the processing of your personal data?
For reasons related to your particular situation, you can object at any time to the processing of your personal data if it is based on legitimate interest by sending your request to the Controller, at email@example.com
You have the right to the deletion of your personal data if there is no legitimate reason overriding the one that gave rise to your request.
To whom can you file a complaint?
Without prejudice to any other action in administrative or judicial proceedings, you may lodge a complaint with the competent supervisory authority, i.e., the one that performs its duties and exercises its powers in Italy where you have your habitual residence or work or if different in the Member State where the breach of Regulation (EU) 2016/679 occurred.