WARNING: NON-TECHNICAL COOKIES: Merely browsing the website and/or scrolling through it does not of itself imply consent; consent needs to be obtained through an unequivocal positive act, such as clicking “ok” or “I consent” in the special banner; that banner should also contain a brief first version of this Notice, as well as a link to the Notice itself so that the user can consult it in full.
This Notice governs the processing of personal data through use of the website at www.robilant.it, provided by Robilant & Asociati Spa, Milano, Via Vigevano, 41 telephone no. 02.581901 e-mail firstname.lastname@example.org fax no. 02.58190911 (“the Data Controller”), in accordance with current applicable laws and regulations concerning data protection, including, in particular, the General Data Protection Regulation (“GDPR”, European Regulation 2016/679).
1. The Data Controller: identity and contact details
The Data Controller is Robilant & Associati spa.
No representative has been appointed, since the Data Controller is established in the Italian jurisdiction.
2. Contact details of the Data Protection Officer
The Data Controller has not appointed a Data Protection Officer.
3. Mode of processing
3.1 Cookies and environment data
3.1.1 TECHNICAL COOKIES
• Browsing cookies, functional cookies, session cookies: these enable the website to work properly. The use of “session cookies” (which are not stored permanently on the user’s device but are automatically deleted when the browser is closed) is strictly limited to sending identifying details of the individual session. Session cookies are used to make browsing the website safe and efficient.
• Statistical cookies: The website uses statistical cookies; these may be written by the Data Controller itself or they may be provided by third parties, in which case appropriate steps have been taken to diminish the extent to which they allow individual users to be identified, both by masking significant parts of the IP addresses handled in this way and by other means. The use of these third-party statistical cookies is also subject to contractual constraints under which the third-party provider undertakes to use them only for the purpose of providing the service, to keep them separate and neither to “enrich” nor “cross-match” them with other information in its possession. In any case the Data Controller has forbidden third-party providers to use such cookies for purposes other than those listed above.
So far as specifically concerns Google Analytics cookies, the user’s browser will send such information concerning his/her use of the website as can be retrieved from those cookies to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, where it will be stored on that company’s servers.
Google’s privacy rules, which you are invited to read, can be consulted at http://www.google.com/intl/it/privacy/privacy-policy.html
The Privacy Notice relating to Google Analytics services can be consulted at http://www.google.com/intl/en/analytics/privacyoverview.html
• Browsing data and environment variables: in the course of normal operation the website’s IT systems and procedures automatically gather certain personal data relating to the user’s browsing, including environment variables. This category of data includes, for instance:
• the IP address of the computer used to access the service;
• the number of times the website has been accessed;
• the pages displayed;
• the date and time of access;
• the last URL visited by the browser before it displayed our web page;
• the type of browser used;
• the operating system used.
3.1.2 NON-TECHNICAL COOKIES
• Profiling cookies: The website uses profiling cookies provided by third parties. [Descrivere le caratteristiche e finalità dei cookie installati e fornire il rispettivo link all’informativa privacy del soggetto terzo/State the purpose(s) and feature(s) of the cookies set, and provide links to the relevant third party’s Privacy Notice in each case].
Robilant & Associati does not use this kind of cookies
Deleting or inactivating cookies
Cookies are ordinary text files, so they can be opened by a text processor. In any case you can configure your browser so as to stop it handling cookies.
How to delete/inactivate cookies in Firefox:
How to delete/inactivate cookies in Edge:
How to delete/inactivate cookies in Chrome:
3.2 Data volunteered by the Data Subject
Any data optionally and freely provided by the Data Subject in e-mailing any of the addresses given on the website may be gathered for the purposes indicated from time to time.
Specifically, in addition to the e-mail address needed for answering the sender, any other personal data contained in such communications will be processed. Data Subjects are invited not to include sensitive data (relating to their state of health, for instance) in their communications to the Data Controller.
The data gathered in this way will be stored and processed solely for the purpose of keeping a record of the correspondence, and will not be used for other purposes.
4. The processing: purposes and legal basis
In the case of the browsing data and technical cookies referred to in 3.1.1 above, the Data Subject’s personal data are processed in order to enable the website to work properly; their use is essential for browsing within the website www.robilant.it In that case the legal basis of the processing is the legitimate interest of the Data Controller.
In relation to the non-technical cookies referred to in 3.1.2 above, personal data processed by means of those cookies make it possible to offer a personalized browsing experience by means of profiling. In that case the legal basis is the Data Subject’s explicit consent.
Robilant& Associati Spa does not use these types of cookies.
Personal data provided voluntarily in e-mails need to be processed in order to respond to the Data Subjects’ queries and requests; the legal basis of such processing is the Data Controller’s legitimate interest in responding to Data Subjects.
5. Mode of expressing consent
Consent to the processing of personal data by means of non-technical cookies can be expressed:
• by clicking a special box displayed within a banner.
• Filling the file for the consent expression and sending it to email@example.com
6. Sources of personal data
Only data provided by the Data Subject in accordance with this Notice and gathered through the website or from the Data Subject’s e-mails will be processed.
No data from sources accessible to the public will be processed.
7. Recipients of the personal data; categories of recipient (if any)
The Data Subject’s personal data may be disclosed to the following recipients:
• communication companies engaged in advertising and profiling activities on behalf of the Data Controller; such companies will be acting as Data Processors;
• companies offering Information Society services, and in particular those which provide hosting services;
8. Categories of data
Data Subjects’ personal data will be processed. “Sensitive data” as defined in Art. 9 of the GDPR will not be processed.
9. Data transfer
The Data Controller intends to transfer personal data to a non-EU jurisdiction or an international organization. The recipients in such cases could, for instance, be:
• communication companies engaged in advertising on the Data Controller’s behalf;
• companies offering Information Society services, and in particular those which provide hosting services;
• communication companies’ service providers;
Personal data will only be transferred to an international organization or an organization established in a non-EU jurisdiction if the European Commission has approved them, having verified that the country, territory or specific sector(s) within the non-EU jurisdiction, or the international organization in question, guarantees an adequate level of protection of the Data Subject’s rights. In any case the Data Controller reserves the right – whenever for any reason it sees fit – to make a specific separate agreement obliging the transferee to put in place adequate security measures (including organizational measures) designed to provide appropriate guarantees concerning those rights. Google Inc., in particular, has contractually bound itself to ensure suitable protection of the Data Subject’s rights. The data may be transferred in this way to the following jurisdictions: United States of America. A copy of these details, or details of the place where such a copy can be consulted, may be obtained on request from: firstname.lastname@example.org
10. Period for which personal data will be kept
The personal data processed and kept for all the purposes referred to in this Notice are processed and kept for no longer than 12 months from the date on which each item was gathered;
The Data Controller reserves the right, however, to ask Data Subjects to renew their consent to the processing and/or to verify any consent already given.
11. Optional nature of consent; consequences of refusing consent
So far as concerns personal data processed by means of technical cookies to enable the website to work properly, the communication of personal data is not a contractual obligation in the case of those technical cookies where the legal basis of processing is the legitimate interest of the Data Controller, since without such processing the website could not be made to work perfectly; so far as non-technical cookies are concerned, on the other hand, consent is to be regarded as optional; failure to provide the data will in this case only make it impossible to provide a personalized service.
In the case of data provided voluntarily by e-mail, the provision of personal data is not a contractual obligation, but its processing is based on the Data Controller’s legitimate interest in replying to Data Subjects; without such processing it would not be possible to respond to the Data Subject’s queries or requests.
12. Rights of the Data Subject
12.1 Right to object
The Data Subject has the right to object at any time to processing of his/her personal data, on grounds relating to his or her particular situation, and to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
12.2 Other rights
The Data Controller also wishes to give Data Subjects notice of the following rights:
• Data Subject’s right of access: the Data Subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain access to the personal data and to certain specific information, in accordance with Art. 15 of the GDPR;
• Right to rectification: the Data Subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement, in accordance with Art. 16 of the GDPR;
• Right to erasure of the data, including the right to withdraw consent: the Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay, and the Data Controller is obliged to erase personal data without undue delay; the Data Subject also has the right to withdraw his/her consent, where one of the grounds specified in Art. 17 of the GDPR applies; that right of withdrawal can be exercised at any time but without prejudice to the lawfulness of any processing based on the consent provided which had been carried out before that consent was withdrawn;
• Right to restriction of processing: the Data Subject has the right to obtain restriction of processing from the Data Controller in any of the circumstances specified in Art. 18 of the GDPR;
• Right to data portability: the Data Subject has the right to receive the personal data concerning him or her which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided, in those circumstances and under those conditions specified by Art. 20 of the GDPR.
13. Exercising these rights
The rights indicated in this Notice, including in particular the right to erasure and the right to withdraw consent provided previously, can be exercised by emailing the Data Controller directly at email@example.com or by sending a registered letter with recorded delivery to Robilant & Associati Spa
14. Consulting the Notice
This Privacy Notice can be consulted at www.robilant.it and also at the Data Controller’s premises. On special request the information can also be provided over the telephone (on condition the identity of the applicant has been duly established), by calling the Data Controller’s number.
15. Privacy and newsletters
If the Data Subject has consented by means of tick-boxes to receiving commercial communications, the Data Controller may process his/her data for the purpose of sending direct marketing communications, newsletters or advertising material, or for carrying out market research by means of traditional forms of contact or automated (computerized) systems, including commercial or promotional communications by e-mail or SMS; the legal basis for all this is the Data Subject’s consent, expressed in accordance with this Notice. In such cases the provision of personal data is not a contractual obligation: the Data Subject can choose whether or not to provide his/her personal data, but failure to provide them will make it impossible to carry out any marketing activities. Personal data processed for this purpose are kept for no longer than 24 months from the date on which each item was gathered.