Supercapital, for all sensitive personal data processed, acting as a responsible subject, and as Data Controller, recognizing and respecting them in the correct way of management and the importance of protecting them, invites users before sharing any personal data, to read this document carefully.
The Data Controller informs that the processing of personal data will be based on the principles of correctness, lawfulness, transparency and protection of its confidentiality and all rights. Personal data will therefore be processed in accordance with the provisions of the GDPR and the protection obligations therein.
1.Owner, data controllers and data protection officer (“DPO”);
2. The personal data being processed;
2.1 Navigation data;
2.2 Data voluntarily provided by the user;
3. Purpose of the processing and mandatory or optional nature of the provision of data;
4. Processing methods, security and data processing place;
5. Communication and diffusion;
6. Data retention;
7. User rights;
1. OWNER, RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA AND RESPONSIBLE FOR DATA PROTECTION (“DPO”)
Following consultation and use of the Site, data relating to identified or identifiable natural persons may be processed. The identification details of the Data Controller and site manager are as follows: Supercapital SRL, with registered office in Via U. Hoepli 3, 20121 Milan, tax code and VAT number 10907830961, REA MI – 2565604.
The list of data processors can be requested by sending an email to: firstname.lastname@example.org
The Data Controller has appointed the Data Protection Officer (hereafter: “DPO”), who can be contacted at the following address: Enrico Viviani, email@example.com.
2. PERSONAL DATA SUBJECT TO PROCESSING
2.1 Browsing data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, they could acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the devices used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s IT environment.
These data are used in order to obtain anonymous statistical information on the use of the Site and to check its correct functioning, to allow – given the architecture of the systems used – the correct delivery of the various functions requested by the User, for security and they are deleted immediately after processing.
In no case, the Data Controller crosses this information with other data that may be in its possession in order to trace the activities of specific users.
2.2 Data voluntarily provided by the User
To access the features offered through the Site and reserved for registered users, registration is required through the following personal data: name, surname, email and telephone number for account verification.
Once registered within the personal area of the User, it will be possible to enter other data related to your profile, such as es. date of birth, tax code, citizenship, gender, address of residence, copy of an identification document as well as expiry date and document number.
These data are provided voluntarily and will be treated in full compliance with data protection legislation. Failure to provide this data will become the only consequence of the impossibility of creating an account and accessing certain features.
The User is responsible for the correctness of the data provided within the profile and guarantees the correctness of the same.
These data can also be processed in relation to the subsequent possible enabling of users to the conditions available in the site area.
Access to the site and services can take place using the credentials provided by a third party, such as Google, Facebook, or similar service (“social log-in”). In this case, the User is required to check the settings of that service and carefully read the policies of the third supplier, as these must authorize the third supplier to share his personal information and authorize Supercapital to search for information such as contacts, friends and other User data. We will keep the identification code associated with the User’s account at the third party’s service when it is used for logging in to Supercapital or for sharing content hosted on the site; storage will take place for as long as necessary to provide the requested services. If the User creates a Supercapital account or uses the site’s services by connecting through the social login, the use of the information provided in the account of origin is used to complete the user profile on the Site. The User can update or modify the information of the profile and contact information at any time through login.
These data are kept for the time necessary to render the services requested and, even for subsequent periods, if the storage is required by law or for other legitimate purposes such as the defense in court of Supercapital, or if there is a legitimate interest of the owner or third party.
2.3 Information collected through cookies
Technical cookies are necessary for the proper functioning of a website and to allow user navigation; without them the user may not be able to view the pages correctly or to use some services.
Profiling cookies have the task of creating user profiles in order to send advertising messages in line with the preferences expressed by the same while browsing.
Cookies can also be classified as:
“session” cookies, which are deleted immediately upon closing the navigation browser; “persistent” cookies, which remain within the browser for a certain period of time. They are used, for example, to recognize the device that connects to a site facilitating authentication operations for the user; “own” cookies, generated and managed directly by the manager of the website on which the user is browsing; “third party” cookies, generated and managed by subjects other than the manager of the website on which the user is browsing.
It is always possible to disable cookies. To do this, please refer to the instructions of each browser used to navigate the Site.
The Site uses the following types of cookies, and offers the possibility of de-selecting them, except for third-party cookies for which the User must refer directly to the relative selection and de-selection methods of the respective cookies. , indicated by link:
Technical cookies – navigation or session – strictly necessary for the functioning of the Site or to allow the User to take advantage of the contents and services requested by them.
Analytics cookies, which allow the site operator to understand how this is used by users. These cookies do not collect information on the identity of the User or any personal data. The information is processed in aggregate and anonymous form.
Functionality cookies, used to activate specific Site features and a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered.
ATTENTION: disabling technical and / or functionality cookies the Site may not be available or some services or certain functions of the site may not be available or may not function properly, and the User may be forced to modify or manually enter some information or preferences every time you visit the Site.
Third-party cookies, i.e. cookies from sites or web servers other than that of the Owner, used for the purposes of these third parties, including also profiling cookies. It should be noted that these third parties, listed below with the relative hypertext links to the privacy policies, act as independent data controllers of the data collected through the cookies they send; therefore, the User must refer to their personal data processing policies, information and any forms for the collection of consent (selection and de-selection of the respective cookies).
(* CHECK IF AND WHICH)
3. PURPOSE OF THE PROCESSING AND OBLIGATORY OR OPTIONAL NATURE OF THE PROVIDING OF DATA
The data that are provided by the user through the Site will be processed by the Data Controller for the following purposes:
a) purposes related to the provision of the requested services (e.g. contact request, newsletter subscription, registration, presentation of projects, resolution of problems related to the use of the Site, complaints etc.).
The provision of data for the purposes referred to in letter a) is optional, but their failure to provide it could make it impossible to operate the requested functions.
b) statistical research / analysis purposes on aggregate or anonymous data, without therefore the possibility of identifying the User, aimed at measuring the functioning of the Site, measuring traffic and evaluating usability and interest
c) purposes related to the fulfillment of obligations established by law, by a regulation or by community legislation.
The provision of data for the purposes listed above in point (c) is mandatory. Failure to provide them would not allow the holder to satisfy the obligations established by law, by a regulation or by community legislation.
d) marketing purposes
The data provided may be processed, with explicit and specific consent, for sending promotional and marketing communications, including the sending of newsletters and market research, through automated tools (sms, mms, email, push notifications, fax) and not (paper mail, telephone with operator). The legal basis for data processing for these purposes is art. 6, paragraph 1, lett. a) GDPR. The commercial profiling and direct marketing treatments are optional and depend on the free choice of the user; therefore, failure to provide consent by the user for these purposes will not affect the use of the services.
4. PROCESSING METHODS, SECURITY AND PLACE OF DATA PROCESSING
Personal data are processed by the Data Controller – or by third parties selected with care for their reliability and competence and rightly appointed as data processors – limited to the achievement by the same of the purposes specified above, mainly with automated tools, but also in paper form , for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access in full compliance with the provisions of current regulations.
5. COMMUNICATION AND DIFFUSION
Personal data may be brought to the attention of employees or collaborators of the Data Controller, belonging to the categories of administrative, commercial, legal, accounting or IT system administrators, depending on the treatment, who, operating under the direct authority of this last, they are appointed managers or processors pursuant to art. 28 and 29 of the GDPR, and receive adequate operating instructions in this regard.
Personal data may be communicated to subjects external to the Data Controller, whose activity is necessary and functional for the provision of the functionality of the Site.
Personal data may be disclosed to third parties such as:
people, companies or professional firms that provide assistance and advice to the Data Controller, rightly appointed as data processors; subjects, entities or authorities to whom the communication of personal data is mandatory pursuant to legal provisions or orders from the competent authorities; subjects delegated and / or appointed by the Data Controller to carry out activities strictly related to the pursuit of the aforementioned purposes (including technical maintenance on the systems), rightly appointed as data processors; to commercial partners, service providers functional to software development, to the provision of services related to the Site.
Where necessary, the Data Controller reserves the right to collect specific consent from the user.
Personal data will not be disclosed by the Data Controller, unless express consent is given. The data could be transferred abroad, to countries of the European Union or to countries outside the European Union that have received an adequacy decision from the Commission, or even to countries that have not received this adequacy decision, in accordance with and within the limits of articles 44 – 49 of the GDPR.
6. DATA RETENTION
Personal data are stored and processed through IT systems owned by the Data Controller and managed by the Data Controller or by third party suppliers of technical services. The data are processed exclusively by specifically authorized personnel, including the personnel in charge of carrying out extraordinary maintenance operations.
The data will be kept for the time strictly necessary for the contractual or legal purposes for which the same data were provided to the Data Controller and, in any case, no later than ten years from the termination of any relationship with the Data Controller.
7. USER RIGHTS
At any time, the user can exercise, in accordance with articles 15 to 22 of the GDPR, the right to:
request confirmation of the existence or not of your personal data; obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period; obtain the correction and deletion of data; obtain the limitation of the treatment; obtain the portability of the data, i.e. receive them from the data controller, in a structured format, commonly used eligible by automatic device, and transmit them to another data controller without hindrance; object to the processing at any time and also in the case of processing for direct marketing purposes; oppose an automated decision-making process concerning individuals, including profiling; ask the data controller to access personal data and to rectify or delete them or limit their processing or to oppose their processing, in addition to the right to data portability; withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation; propose a complaint to a supervisory authority (Guarantor Authority for the protection of personal data – www.garanteprivacy.it).
Requests can be sent by an email to the address: firstname.lastname@example.org.
The User declares to have read the information contained herein and to give his consent to the processing of all his data.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.