We wish to inform you that Regulation (EU) 2016/679 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (hereinafter “GDPR”) recognizes the protection of personal data as a fundamental right. Pursuant to Article 13 of the above-mentioned Regulation, we hereby inform you as follows:
1. DATA CONTROLLER AND DPO
The Data Controller is INDIPENDENT SRL Unipersonale, with registered office at Via Privata Reggio 5, 20122 Milan (MI), Italy. The Data Controller has appointed a Data Protection Officer (DPO), who is available for any information concerning the processing of personal data carried out by the Controller. The DPO may be contacted at the following email address: info@independentmgmt.it.
2. CATEGORIES OF DATA
The Data Controller will process the following categories of personal data: Automatically collected data: The IT systems and software procedures used to operate this website acquire, during their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) that may be associated with identifiable users. Such data include IP addresses, domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server, and other parameters relating to the user’s operating system, browser, and IT environment. These data are processed for the strictly necessary time solely for the purpose of obtaining statistical information on the use of the website and to ensure its proper functioning. The provision of such data is mandatory, as it is directly related to the web browsing experience. Data voluntarily provided by the user: The voluntary and explicit sending of emails to the addresses indicated on this website does not require consent. Any completion of specifically prepared forms entails the subsequent acquisition of the sender’s/user’s address and personal data, which are necessary in order to respond to requests and/or provide the requested service. The voluntary sending of emails to our email addresses does not require any additional privacy notices or consent requests. However, in order to submit a request through the forms, the user must explicitly consent to the use of the data provided therein. Cookies: For further information, please refer to the Cookie Policy.
3. SOURCE OF PERSONAL DATA
The personal data processed by the Data Controller are collected directly from the data subject.
4. PURPOSES OF PROCESSING AND LEGAL BASIS
Your personal data are processed for the following purposes: • Management of user requests: legal basis: performance of pre-contractual measures at the request of the data subject; • Monitoring the proper functioning of the website: legal basis: legitimate interest and consent to the use of third-party cookies, provided via the cookie banner; • Subscription to the periodic newsletter regarding promotions and services of the Data Controller: legal basis: explicit consent. In addition, data are processed in anonymized and/or aggregated form in order to improve the web browsing experience, monitor the proper functioning of the website, and ensure its security. Personal data are also processed to comply with obligations arising from laws, regulations, and/or EU legislation, or orders issued by supervisory and control authorities. In this case, the legal basis is compliance with a legal obligation to which the Data Controller is subject. This website processes personal data lawfully and fairly, adopting appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of personal data.
5. RECIPIENTS OF DATA
Within the limits relevant to the purposes indicated above, personal data may be disclosed to partners, consultancy firms, private companies appointed as Data Processors by the Data Controller, or where required by law or to comply with specific user requests. The appointed Data Processors and authorized personnel are specifically identified in the Privacy Documentation, which is updated periodically.
6. TRANSFER OF DATA ABROAD
The personal data processed by the Data Controller will not be transferred to countries outside the European Union or the European Economic Area (EEA). Should it become necessary in the future to transfer data to third countries, the Data Controller undertakes to ensure compliance with Articles 44–49 of the GDPR by adopting all appropriate safeguards provided for therein (including, where required, Standard Contractual Clauses, adequacy decisions, or supplementary security measures).
7. DATA RETENTION PERIOD
The collected data will be retained for no longer than is necessary to achieve the purposes for which they are processed (“storage limitation principle”, Article 5 GDPR), or in accordance with statutory retention periods. The relevance and obsolescence of stored data in relation to the purposes for which they were collected are reviewed periodically.
8. RIGHTS OF THE DATA SUBJECT
The data subject has the right at any time to request access to their personal data, rectification or erasure thereof, restriction of processing, to object to processing, to request data portability, and to withdraw consent at any time by contacting the Data Controller. The data subject also has the right to lodge a complaint with the competent Data Protection Authority if they believe that their personal data have been processed unlawfully.
9. METHODS OF DATA PROCESSING
Personal data provided by the user will be processed in compliance with the applicable legislation and confidentiality obligations. Data will be processed using electronic tools, paper-based systems, and any other suitable means, in compliance with appropriate security measures pursuant to Article 5(1)(f) of the GDPR.
10. SCOPE OF APPLICATION
This Privacy Policy does not apply to other websites that may be accessed through links available on the Data Controller’s website. The Data Controller shall not be held responsible in any way for third-party websites.