GEM srl, in its capacity as Data Controller of your personal data, pursuant to and for the purposes of EU Reg. 2016/679 hereinafter ‘GDPR’, hereby informs you that the aforementioned legislation provides for the protection of data subjects with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.
Your personal data will be processed in accordance with the legislative provisions of the aforementioned law and the confidentiality obligations set out therein. Your personal data may also, with your consent, be used for the following purposes::
- management of non-technical marketing cookies for the portal;
- management of non-technical statistical cookies for the portal.
The provision of data is optional for you regarding the aforementioned purposes, and your refusal to processing does not affect the continuation of the relationship or the adequacy of processing.
Processing method: Your personal data may be processed in the following ways:
- by means of electronic computers using software systems operated by Third Parties;
- by means of electronic computers using directly managed or programmed software systems.
All processing is carried out in accordance with the methods set forth in articles 6, 32 of the GDPR and through the adoption of the appropriate security measures provided.
Your data will be processed only by personnel expressly authorized by the Data Controller and, in particular, by the following categories of authorized personnel:
- internal operators to manage the web portal.
Communication: your data may be communicated to external parties for proper management of the relationship and in particular to the following categories of Recipients including all duly appointed Data Processing Managers:
- web service provider for managing and maintaining the platform; web agency, social
- media marketing, hosting provider.
Communications to Third Parties: Your data may be disclosed to external parties for proper management of the relationship and in particular to the following categories of Recipients identified as Third Parties:
- Google Analytics;
Dissemination: Your personal data will not be disseminated in any way.
Your personal data may also be transferred, limited to the above purposes, to the following states:
Retention Period. Please note that, in compliance with the principles of lawfulness, limitation of purposes and data minimization, pursuant to article 5 of the GDPR, the retention period of your personal data is:
- 1 day: Google Analytics;
- 730 days: Google Analytics, Vimeo;
- Permanent: Google;
- Session: Google Analytics.
Since each browser – and often different versions of the same browser – also differ significantly from each other if you prefer to act independently through your browser preferences, you can find detailed information on the necessary procedure in your browser help area. For an overview of the modes of action for the most common browsers, you can visit www.cookiepedia.co.uk.
Advertising companies also allow to opt out of receiving targeted ads if you wish. This does not prevent the setting of cookies, but it stops the use and collection of certain data by these companies.
For more information and waiver options, visit www.youronlinechoices.eu/.
Data Controller: the Data Controller, according to the Law, is GEM srl (Via dei Campi, 2, 55049 Viareggio (LU); VAT number: 01544010463) in the person of its legal representative pro tempore.
You have the right to obtain from the controller the cancellation (right to be forgotten), limitation, updating, rectification, portability, opposition to the processing of personal data concerning you, and in general can exercise all the rights foreseen by articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.
You may also view the updated version of this policy at any time by logging on to https://www.privacylab.it/informativa.php?14313444645.
EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Data Subject
1. Data subjects have the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet recorded, communication thereof in intelligible form and the possibility of making complaints to the Control Authority.
2. The data subject has the right to obtain the indication:
- of the origin of personal data;
- of the purposes and methods of processing;
- of the logic applied in the case of processing carried out with the aid of electronic instruments;
- of the identification details of the controller, managers and designated representative in accordance with article 5, paragraph 2;
- of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, as managers or appointees.
3. The data subject has the right to obtain:
- the updating, correction or, when required, integration of data;
- the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data for which storage is unnecessary for the purposes for which the data was collected or subsequently processed;
- certification that the operations under letters a) and b) have been notified, also as regards their contents, to those to whom the data was communicated or disclosed, except where this requirement is impossible or involves the use of means that are disproportionate to the protected right;
- data portability.
4. Data subjects have the right to object, in whole or in part:
- for legitimate reasons to the processing of personal data concerning them, even if pertinent for collection purposes
- to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.