Privacy Policy

INFORMATION PURSUANT TO ARTICLES 13 AND 14 – EU REGULATION 2016/679

Interested parties:

Website users

Processing of personal data

Below, the management methods of the service www.ita23group.it whose owner is ITA 23 GROUP s.r.l. are described. This information is provided pursuant to Article 13 of Regulation 2016/679 of the European Parliament and Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data. This information is provided only for the ITA 23 GROUP website and not for other websites that may be consulted by the user through links.

Data controller

Following the consultation of this site, data relating to identified or identifiable persons may be processed. Data controller: ITA 23 GROUP SRL – Via SS. Crocefisso, 12 – 73056 – Taurisano (LE) – email: info@ita23group.it, Company Name: ITA 23 GROUP SRL with registered office in Via SS. Crocefisso, 12 – 73056 – Taurisano (LE).

Place of data processing and recipients

The processing connected to the web services of ITA 23 GROUP takes place in ITALY at the Aruba Server Farms.

Type of data processed

Browsing data The software applications intended for the operation of the ITA 23 GROUP website acquire certain personal data transmitted through secure protocols. This information is not collected to be associated with identified individuals, but could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses, browser identifier (user agent), URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the numeric code indicating the status of the response given by the server (such as success, error), and other parameters related to the user’s operating system and computer environment. These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct operation. Data voluntarily provided by the user For access to some services provided through the ITA 23 GROUP website, the optional and voluntary input of some identifying data (email, name, contact information, and information necessary to provide the requested service) may be required.

Purpose and legal basis

Service provision The personal data provided by users who use the services rendered by ITA 23 GROUP (e.g., browsing the site, filling out forms for various requests) are used solely to perform the service or provision requested. The legal basis of the processing is the execution of pre-contractual measures in order to respond to your requests.

Purchase of goods or services Through the registration form, you can register on the www.ita23group.it website. Once registered, you will be able to make a commercial transaction by entering your name, address, phone number, email, credit card number, and preferences regarding the products you wish to purchase. This data processing is necessary to carry out the commercial transaction. Once a product or service is purchased, ITA 23 GROUP will send a transaction confirmation via email and, if necessary, may use other information to contact the user to obtain certain data necessary for processing their transaction. ITA 23 GROUP may also use contact information to send the user a message summarizing the transaction confirmation and any product shipment, providing further information about it. The legal basis of the above processing is contractual.

Further communications following the purchase of goods or services After purchasing a product or service, ITA 23 GROUP may communicate additional information to the user, including commercial information related to the same category of the purchased items. The legal basis of the above processing is the legitimate interest of the data controller (recital 47 GDPR).

Direct marketing In case of specific consent (registering for the newsletter), ITA 23 GROUP may send information about new products, promotions, and special offers by email. Users can disable the service at any time through the appropriate procedure and/or the methods indicated later for exercising their rights. The legal basis of the above processing is the consent of the interested party. Specific summary information, if necessary, will be provided or displayed on the pages of the site prepared for particular additional services upon request.

Data retention period

The data retention period is the time necessary for the purposes deriving from the requested services and for an additional period of 48 months. If the requested information is the subject of an online transaction, such data may be kept for accounting and fiscal purposes for a period of 10 years. As for the technical data managed by the site, such as cookies, the retention period is defined by the technical characteristics of the cookies themselves and specified in the “Site cookies” table. The data retention period is considered renewed for an additional period of 48 months each time new consent is given for data processing and/or each access to the services offered through personal credentials (e.g., Login to personal area).

Optional data provision

Apart from what is specified for browsing data, the user is free to provide ITA 23 GROUP with the personal data requested to use the services provided through the site. Failure to provide the data marked with an asterisk (mandatory) will result in the inability to use the offered service.

Methods and security of processing

The processing of personal data is carried out through IT tools suitable to ensure the security and confidentiality of the data and in compliance with the appropriate security measures as required by Article 32 GDPR, using secure communication protocols with SSL encryption algorithms. Your personal data will be processed in accordance with the legislative provisions of the aforementioned regulation and the confidentiality obligations therein. Good practices are considered the provision of the Italian Privacy Guarantor “Guidelines on promotional activities and spam contrast” of 4 July 2013 (published in the Official Gazette No. 174 of 26 July 2013), the Guidelines on the processing of personal data for online profiling of 19 March 2015, and the Guidelines on automated decision-making processes and profiling – WP251, defined based on the provisions of Regulation (EU) 2016/679.

Transfer of data to non-EU countries and adequacy guarantees

The service provider responsible for hosting, maintenance, and management of the ITA 23 GROUP website is Aruba spa, a web agency that ensures GDPR compliance and is located in Italy. Further transfer of data to non-EU countries may occur due to the use of services from Facebook, Google, and other possible external social or processing service providers located in the USA. Such data processing is guaranteed by the “Privacy Shield” agreements signed by the individual companies.

Recipients

To carry out and support the operation and organization of the activity, some data may be brought to the attention of or communicated to recipients. These subjects are distinguished into: Third Parties, Data Processors and sub-processors, and personnel authorized under the authority of the data controller or processor.

Third Parties are defined as individuals or legal entities, public authorities, services, or other bodies that are not the data subject, the data controller, the data processor, and the persons authorized to process data under the data controller’s or processor’s authority. For data processing related to administrative, accounting, legal obligations, customer management, contracts, data may be communicated to: – Companies managing traditional or computerized postal services. – Companies registering domain names – Any other subjects whose communication of data is necessary to achieve the purposes mentioned above, or for a legal obligation; Data Processors and sub-processors are defined as individuals or legal entities, public authorities, services, or other bodies that process personal data on behalf of the data controller. – Aruba spa as the primary data processor, and other sub-processors providing services for technological infrastructure, connectivity, and hosting services. – Other possible IT service providers necessary for the service provision, possibly located in the USA with adequacy guarantees under the “Privacy Shield” agreement. Within our corporate structure your data will be processed only by personnel expressly authorized by the Data Controller, with assurance of the adoption of appropriate instructions, training, confidentiality agreement, and, in particular, by the following categories of employees: – Administrative staff.

Dissemination

Your personal data will not be disseminated in any way.

Rights of data subjects

Data subjects (individuals to whom the personal data refer) can exercise the rights provided by the Regulation at any time, through a dedicated personal area. This area can be accessed by requesting the link through the appropriate procedure at the end of this information. Another way to exercise the rights of the Regulation, if the user has subscribed to the newsletter service, is available through the appropriate link at the end of the received email. In particular, individuals may lawfully request the rights from Article 15 to Article 23, and specifically: 1. The deletion of all data. 2. Rectification / modification. 3. Limitation. 4. Portability. 5. The right to object to automated decision-making (profiling). If necessary, report additional requests in the notes field. Data subjects, if the conditions are met, also have the right to lodge a complaint with the supervisory authority according to the provided procedures. For any further information, and to assert the rights recognized by the European Regulation, you can contact the data controller at the above-mentioned references. The exercise of the rights of the data subjects Requests can also be addressed using the following contacts: Data controller: ITA 23 GROUP – Via SS. Crocefisso, 12 – 73056 – Taurisano (LE) – email: info@ita23group.it.

Notice and consent acquisition form from the data subject

The undersigned data subject, having acquired the information provided by the data controller pursuant to Articles 13-14 of the GDPR, confirms that they have read this information on data processing for the purposes necessary to provide the service and to allow ITA 23 GROUP a proper management and appropriate processing of the data, also considering that the data processor used by ITA 23 GROUP for the website management is Aruba spa, located in Italy.

Consent

As evidence of your explicit and unequivocal consent, we will record the time, date, IP address, and your email. Remember that you can exercise your rights at any time (mentioned above) through the link at the bottom of the received communications or through the contact channels.