Information on the processing of personal data (Privacy) based on Legislative Decree no. 196/2003 (Code regarding the protection of personal data) and the EU Regulation 2016/679
With reference to the provisions of Legislative Decree 196/2003 “Code regarding the protection of personal data”, and of the EU Regulation 2016/679, in particular with regard to articles 12 and 13, we inform you that your personal data will be processed in accordance with current legislation.
This information describes how to manage the personal data sent by the user during visits and navigation on the site, as well as those obtained at the time of any registration (by way of example and not limited to) the newsletter, the forum, the services offered.
Type of data processed
- Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category includes IP addresses or domain names used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, and the method used to submit the request to the server. , the size of the file obtained, etc. These data are used for the sole purpose of obtaining anonymous and aggregated statistical information on the use of the site and to check its correct functioning, and reside permanently on third-party servers (hosting providers). The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Purpose of the treatment
- To use the Services offered, the completion of registration forms may be required, containing fields for the provision of mandatory and optional personal data. The provision of personal data indicated as mandatory is necessary to complete the registration procedure; therefore the failure or partial provision of such data makes it impossible to subscribe to the Services and use them. The provision of non-mandatory data is optional; therefore their failure or partial conferment does not prevent registration and use of the Services. The personal data for registration to the Services may differ depending on the registration forms used.
- The technical data relating to the connections (log) are stored to allow the security checks required by the law in order to improve the quality of the services offered and customize them in relation to the needs of users/visitors. In compliance with the current legal provisions on the subject, the log files are recorded. These data do not allow the user to be identified except after a series of processing and interconnection operations, and necessarily through data provided by other providers. Operations that may be carried out exclusively at the request of the competent judicial authorities, are authorized to do so by express provisions of the law aimed at preventing and/or suppressing crimes.
- Subject to freely expressed consent, explicitly and in a differentiated form with respect to the different processing purposes, by selecting the appropriate box in the registration form for the Services, personal data may be processed for sending commercial information, material advertising, and promotional relating to the site and/or to third-party services or products selected on the basis of the data provided in the relevant registration form. Consent for the processing purposes referred to in this point 3. is optional; therefore, following a possible refusal, the data will be processed only for the purposes indicated above. It will also be possible after registration, automatically and without costs, to object to the processing of data and not to receive promotional and/or commercial communications,
- Personal data, collected and stored in databases, are processed by employees and/or collaborators of the data controller as persons in charge. They are not disclosed or communicated to third parties, except in the cases provided for by the information and/or by the law and, in any case, in the manner permitted by this.
- The processing is carried out through automated tools for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the regulations in force on the subject, in particular on the basis of the security obligations relating to the processing of data pursuant to art. 32 GDPR. In order to guarantee an adequate level of data protection aimed at limiting the risk of using the same in an improper or illicit way, technical and organizational measures have been implemented that comply with internationally recognized IT standards, these measures are constantly subjected to verification. . Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
- The data controller is WeAreSayings based in Via Michele Amari 39 00179 Rome – ITALY, in the person of its legal representative, who pursuant to and for the purposes of articles 13 and 14 of the 2016/679 European Regulation, hereby informs you that the aforementioned legislation provides for the protection of data subjects with respect to the processing of personal data and that this treatment will be based on principles of correctness, lawfulness and transparency and protection of your privacy. and your rights. You have the right to obtain from the owner the cancellation (right to be forgotten), limitation, updating, rectification, portability, opposition to the processing of personal data concerning you, as well as in general you can exercise all the rights provided. by articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.
- Right of access to personal data and other rights pursuant to EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22.
- The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in an intelligible form.
- The interested party has the right to obtain the indication:
- the origin of the personal data;
- the purposes and methods of the processing;
- of the logic applied in case of treatment carried out with the aid of electronic instruments;
- the identity of the owner, manager, and the representative appointed under article 5, paragraph 2;
- of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representatives in the State, managers, or agents.
- The interested party has the right to obtain:
- updating, rectification, or, when interested, integration of data;
- the cancellation, transformation into anonymous form, or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
- the attestation that the above operations have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right; data portability.
- The interested party has the right to object, in whole or in part:
- for legitimate reasons for the processing of personal data concerning him, even if pertinent to the purpose of the collection;
- to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
- The interested party has the right to receive their data or have them transferred to another owner.
The User has the right to receive his / her Data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to obtain its unhindered transfer to another owner. This provision is applicable when the Data is processed with automated tools and the processing is based on the User’s consent, on a contract to which the User is a party, or on contractual measures connected to it.
- How to exercise the rights
To exercise the rights of the User, Users can direct a request to the contact details of the Owner indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.
- Contact form, Mailing List or Newsletter
The User, by filling in the contact form with his own data, consents to their use to respond to requests for information, quotes, or of any other nature indicated by the form header. By registering with the mailing list or newsletter, the User’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to this Website may be transmitted.
Personal data are processed with manual, electronic tools, through automated systems, and also through cookies for the time strictly necessary to achieve the purposes for which they were collected. Each treatment takes place in compliance with the methods indicated in the Articles. 6, 32 of the GDPR and by adopting the appropriate security measures provided. The treatments connected to the web services are carried out on the server located at the external provider (the name is available by contacting the Data Controller) and are stored at the offices where the physical servers are located.
Your data are processed within the company by the following categories of authorized and appointed persons appointed by the Data Controller:
- Office marketing
- Informative system
Your data may be disclosed to third parties, in particular to:
- External provider
- Companies that carry out ordinary and extraordinary maintenance of the website
- Companies that provide services relating to third-party cookies
Your information will not be disseminated.
We point out that, in compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the performance of the services provided. When the processing is based on the user’s consent, the owner can keep the Personal Data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term the right of access, cancellation, rectification, and the right to data portability can no longer be exercised.
Last modified, april 19, 2022