Privacy Policy

Articles 13-14 of EU Regulation 2016/679 (GDPR)

We hereby inform users, in accordance with Articles 13-14 of EU Regulation 2016/679, about the processing of personal data carried out through this website (hereinafter also referred to as the “Website” or “Websites”) without extending to other websites that may be accessed via links contained within.
The processing of personal data is conducted in compliance with the current regulations on personal data protection, and is based on principles of fairness, legality, transparency, and data protection.

Data Controller: AGENZIA UNO SAS, headquartered at Via Sagliano Micca n.3, 10122 – Turin (TO), Tax Code: 05125600014.
Contact Information: Phone: +39 011 562 7396; Email: privacy@agenziauno.com

This privacy notice is a general requirement that must be fulfilled before or at the time of direct collection of personal data. For personal data not collected directly from the data subject, the notice must be provided within a reasonable period or at the time of communication of the data (to third parties or the data subject). In accordance with the General Data Protection Regulation (GDPR – EU Reg. 2016/679), this organization, as the Data Controller, informs as follows:

Sources and Categories of Personal Data

The personal data in the possession of this organization is collected directly from the data subjects. This website does not collect data belonging to special categories, such as data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, or data concerning health or sexual orientation.

Cookies

Like others, this Website stores cookies in the browser used by the data subject to transmit personal information and enhance the user experience. Cookies are small text strings that the websites visited by the user send to their terminal (usually the browser), where they are stored, sometimes with long-term persistence, to be retransmitted to the
same sites upon the next visit.
For more details and to modify your consent to the use of cookies, please refer to the Cookie Policy on our Website.

Browsing Data

The IT systems and software procedures responsible for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This data is not collected to be associated with identified data subjects but could, through processing and association with data held by third parties, identify users.
This category of data includes IP addresses or domain names of the computers used by users to connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of
the response from the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. This data is used solely to obtain anonymous statistical information on the use of the site and to check its correct operation. The data is deleted immediately after processing. The data may be used to ascertain responsibility in the event of hypothetical computer crimes against the website.
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests sent to us as site operators. You can recognize an encrypted connection in the browser’s address bar when it changes from “http://” to “https://” and the lock icon is displayed in the browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Profiling Data

Profiling data related to the habits or consumption choices of the data subject is not directly acquired. However, it is possible that such information may be acquired by third parties through links or embedded elements. Please refer to the section on third-party cookies.

Data Provided Voluntarily by the User

The optional, explicit, and voluntary sending of emails to the addresses indicated on the Website results in the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the email. Similarly, the explicit and voluntary submission of forms available on the website, containing the data of the data subject, results in the processing to fulfill pre-contractual obligations or the execution of services provided through the forms.
The User assumes responsibility for third-party personal data obtained, published, or shared through this Website and guarantees the right to communicate or disclose it, releasing the Data Controller from any liability towards third parties.

Purposes and Legal Bases of the Processing

Personal data is used to:

• a) Enable website navigation (ref. Art. 6, para. 1(f) GDPR);
• b) If necessary, to perform the requested service or task within the normal activities carried out by this organization (ref. Art. 6, para. 1(b) GDPR).Moreover, all personal data may be processed for purposes related to legal obligations and to comply with instructions issued by authorities authorized by law (ref. Art. 6, para. 1(c) GDPR), such as, but not limited to:
• c) Fulfillment of administrative, accounting, and/or fiscal obligations related to e-commerce services and/or the purchase contract concluded (e.g., keeping accounting records and issuing sales invoices);
• d) To ascertain, exercise, or defend a right in court or out-of-court (legitimate interest) of this organization (ref. Art. 6, para. 1(f) GDPR);
• e) For functional purposes according to the legitimate interest of the Data Controller, in particular: navigation and usage logs to protect the site and the service from cyber-attacks, identify potential malicious or fraudulent activities (ref. Art. 6, para. 1(f) GDPR).

Consequences of Refusing to Provide Data

Providing the data collected from the data subject is optional but essential for processing the data for the purposes under letters a) and b). If the data subject does not provide the necessary data and does not allow processing, it will not be possible to carry out and implement the proposed services or fulfill the contractual obligations, which could hinder compliance with legal obligations, such as administrative, fiscal, and accounting duties.
Apart from what is specified for browsing data, the user is free to provide personal data for cookies and specific requests through forms, e.g., about products and/or services. Failure to provide such data may result in the inability to fulfill the request. For all non-essential data, including those belonging to special categories, providing such data is optional. In the absence of consent or incomplete or incorrect provision of certain data, including special category data, the required processes may be so incomplete as to result in penalties or the loss of benefits, or the inability to meet the obligations imposed by law, exempting this organization from any responsibility for potential sanctions or punitive actions.

Methods of Data Processing

The processing related to the website services is carried out using automated tools, only for the time necessary to achieve the purposes for which they were collected; it takes place on servers located in Italy or the EU and is managed solely by technical personnel in charge of processing or by those responsible for occasional maintenance operations. Specific security measures are observed to prevent data loss, illegal or improper use, unauthorized access, and loss of confidentiality. By “data processing,” we mean the collection, registration, organization, storage, processing, modification, deletion, and destruction of data, or the combination of two or more of such operations. Regarding the above-mentioned purposes, the processing of personal data is carried out using manual, IT, and telematic tools with logic strictly related to the purposes themselves, and in any case, in such a way as to ensure security and confidentiality. Personal data will therefore be processed in compliance with the methods indicated in Article 5 of EU Regulation 2016/679, which, among other things, provides that the data must be processed lawfully and fairly, collected and recorded for specified, explicit, and legitimate purposes, accurate and, where necessary, updated, relevant, complete, and not excessive concerning the purposes of the processing, while respecting the fundamental rights and freedoms of the data subject, with particular reference to confidentiality and personal identity, through protection and security measures. This organization has implemented and will further enhance its access and data storage security system. No automated decision-making process (e.g., profiling) is carried out.

Transfers Outside the EU

The processing will predominantly take place in Italy and the EU but may also occur in non-EU and non-EEA countries, if deemed functional for efficiently fulfilling the purposes pursued, while ensuring safeguards for the data subjects. Finally, processing in non-EU and non-EEA countries is the data subject’s responsibility when website connections originate from such countries.

Data Retention Period

Personal data will generally be retained as long as the purposes of the processing remain valid, depending on the category of data processed. The Data Controller may be obligated to retain personal data for a longer period in compliance with legal obligations or orders from authorities.

Categories of Recipients

Data (only the essential ones) is communicated to:

• Internal and external data processors, who perform specific tasks and operations (e.g., website administration, analysis of browsing and traffic data, management of emails voluntarily sent by the user, etc.);
• Authorities, in the cases and to the persons provided by law.

Data will not be disclosed unless anonymized or unless required by law. Except as specified for cookies and third-party elements, without the prior general consent of the data subject to communications to third parties, only services that do not involve such communications will be provided. Where necessary, specific and punctual consents will be requested, and the recipients of the data will use it as independent controllers. In some cases (not related to the ordinary management of this website), the Authority may request information and details for monitoring purposes related to the processing of personal data. In these cases, responding is mandatory under penalty of administrative sanctions.

Data Subject Rights

At any time, you may:

• Exercise your rights (access, rectification, deletion, limitation, portability, opposition, absence of automated decision-making processes) where provided, towards the Data Controller as per Articles 15 to 22 of the GDPR;
• File a complaint with the Data Protection Authority (www.garanteprivacy.it);
• Revoke any consent given, noting that revocation does not affect the lawfulness of the processing based on consent before its withdrawal.

Requests should be addressed to the Data Controller via email at: privacy@agenziauno.com

Notice Format

This privacy notice can be automatically accessed through any Internet browsing software. We kindly ask that any issues encountered in viewing this notice be reported to us so we can provide alternatives if needed. This document will be subject to updates; it is the user’s responsibility to check the document and its updates.