PROCESSING OF PERSONAL DATA
ZProtocol S.r.l. (hereinafter ZProtocol) as Data Controller of Personal Data, informs you that access to the website and/or registration to its various sections and/or any requests for information or services require the provision of personal data that will be processed in full compliance with European Regulation 2016/679 (hereinafter “GDPR”). Through this information, users will be able to know, in advance, the processing methods necessary for the use of some areas of the website www.zprotocol.com (hereinafter also “Site”). Pursuant to the aforementioned Law, this processing will be based on the principles of correctness, lawfulness and transparency, protecting your privacy and your rights.
The information is effective exclusively for this site and does not extend to other websites that may be consulted by the user via external links.
INFORMATION CHANGES
ZProtocol reserves the right to make changes to this information at any time by notifying users on this page. In the event of non-acceptance of the changes made to this Information, the user is required to cease using this platform by directly requesting the Data Controller to remove their personal data. Unless otherwise specified, the previous Information continues to apply to data collected up to that time.
OWNER AND DATA CONTROLLERS
The data controller is Zprotocol with headquarters in Viale Tenente Morello 13 – 10081 – Castellamonte (TO) and can be contacted at the following email address: info@zprotocol.com
PURPOSE OF THE PROCESSING AND THE LEGAL BASIS
According to the needs of the user who accesses the Site, the purposes of the processing of personal data are indicated below, that is, those provided directly by users by filling in online forms or direct access, via link, to the email address relating to the requested service, or those acquired automatically through navigation (see the following section “Categories of Personal Data subject to processing”) (hereinafter, “Personal Data”):
- Respond to requests received via direct request (web form “contacts”) – Legal basis for processing: execution of pre-contractual measures (art. 6 (1)(b));
- Fulfill requests for information regarding the provision of services; said processing may also include sending e-mails whose purpose is connected to the procedure for confirming receipt of requests – Legal basis for processing: execution of pre-contractual and/or contractual measures;
- Subject to the user’s consent and until revoked, carry out marketing activities such as, by way of example but not limited to: sending information and promotional material, also using the e-mail address provided to us – Legal basis for processing: consent (art. 6 (1) (a));
- Management and execution of obligations required by law (accounting, administrative, fiscal, etc.) – Legal basis for processing: fulfillment of a legal obligation (art. 6 (1) (c)).
TREATMENT METHODS
Data processing means any operation or set of operations, carried out with or without the aid of electronic or automated means, concerning the collection, recording, organization, storage, processing, modification, extraction, comparison, use, communication, dissemination, blocking, deletion, destruction and selection of the data itself.
Personal Data will be processed with logic strictly related to the aforementioned purposes, through the Databases, the electronic Platforms managed by the Data Controller or by third parties appointed as Data Processors; the Data Controller has adopted suitable technical and organizational security measures to protect users against the risk of loss, abuse or alteration of the Data.
In particular, it uses the protected Data transmission protocols known as HTTPS. Furthermore, it stores user data on Servers located in the European territory. The Servers are subject to an advanced and daily back up and disaster recovery system.
DURATION OF TREATMENT
The data communicated are retained for a period of time not exceeding that necessary to achieve the purposes for which the personal data are processed, or for a longer period, for purposes permitted by law, and in any case deleted without unjustified delay.
For the purposes of requesting information: in relation to the type of request for the time necessary to fulfill the regulatory obligation of retention and/or for any legal requirements.
LOCATION OF TREATMENT
Personal Data is processed mainly at the Data Controller’s headquarters and/or in the places where the Data Processors are located. For further information, users can contact the Data Controller using the methods indicated above.
CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING
In addition to the Personal Data provided directly by users (such as name, surname, postal address, email address, etc.), when connecting to the Site, the computer systems and software procedures used to operate the Site itself automatically and indirectly administer and/or acquire certain information that could constitute personal data, the transmission of which is implicit in the use of Internet communication protocols (such as, by way of example but not limited to, the so-called “cookies” (as better specified below), “IP” addresses, domain names of computers used by users who connect to the Site, the “Url” addresses of the requested resources, the time of the request to the server, navigation on the Site.
SUBJECTS IN CHARGE OF PROCESSING USERS’ PERSONAL DATA
Personal Data may be disclosed to employees or collaborators of the Data Controller who, operating under the direct authority of the latter, process data and are appointed as data processors or authorised to process data pursuant to articles 24-29 of the European Regulation 2016/679 or system administrators and who will receive adequate operating instructions from the Data Controller in this regard; the same will occur – under the responsibility of the Data Processors appointed by the Data Controller – with respect to the employees or collaborators of the Data Processors themselves.
USE OF COOKIES
The complete information on cookies is available from the “Cookie Policy” link on the website.
SOCIAL NETWORK PLUGINS
This site also incorporates plugins and/or buttons to allow the sharing of content on social networks used by the visitor. When you visit a page of the website that contains a plugin, the user’s browser connects directly to the servers of the social network from where the plugin is loaded, which server can track your visit to our website and possibly also associate it with your social account, in particular if you are connected at the time of the visit or if you have recently browsed one of the websites containing social plugins. If you do not want the social network to record data relating to your visit to the website, you must log out of your social account and we also suggest deleting the cookies that the social network has installed in your browser; the collection and use of information by these third parties are governed by their respective privacy policies to which you are kindly requested to refer.
USER RIGHTS
Users may exercise the rights set forth in Articles 16-21 of the European Regulation 2016/679 (Right to rectification, right to be forgotten, right to limit processing, right to data portability, right to object). Users may finally file a complaint with the Data Protection Authority where necessary, or contact the same to request information regarding the exercise of their rights under the European Regulation 2016/679. Specifically:
The right of access: to obtain confirmation of whether or not personal data concerning him or her are being processed and to obtain access to such data and specific information (e.g. purposes of the processing, categories of data in question, recipients to whom the data will be communicated).
The right to rectification: to obtain the rectification of inaccurate data concerning him or her without undue delay. In this case, the data controller is obliged to communicate the rectification to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;
The right to erasure: to obtain the erasure of data concerning him or her without undue delay and the data controller is obliged to erase them without undue delay if certain reasons exist (e.g. the personal data are no longer necessary in relation to the purposes for which they were collected; if the data subject withdraws consent; if they must be erased for a legal obligation). In this case, the data controller is obliged to communicate the cancellation to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;
The right to limit processing: the data controller may be ordered to restrict the processing of data, for example to only retain it with the exclusion of any other use, in certain cases (e.g. if the processing is unlawful and the data subject opposes the erasure of the data; if the data subject contests the accuracy, within the period for verifying the accuracy, etc.). In this case, the data controller is obliged to communicate the limitation of processing to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;
The right to data portability: to obtain the return of the personal data provided and transmit them to others or to request transmission from one controller to another, if technically feasible;
The right to object: to object at any time to processing for purposes of public interest or legitimate interest; for marketing purposes; for scientific, historical or statistical research purposes.
Interested parties may file a complaint with the Guarantor Authority (www.garanteprivacy.it) if necessary, or simply contact her for information regarding the exercise of your rights recognized by EU Reg. 2016/679.