Poggi e associati

Website Policy

This information is provided pursuant to Section 13 of (EU) Regulation no. 2016/679 (hereinafter “GDPR”) and describes the methods used to manage the website http://www.poggieassociati.it (hereinafter, the “Site”) in relation to the processing of personal data of users who consult the Site (hereinafter “Data Subjects”).

1. Data Controller

The Data Controller is Poggi & Associati (the “Data Controller”), with registered office in Via Farini 11, Bologna – 40124, tel. (+39) 051 231800, e-mail: info@poggieassociati.it.

2. Types of data processed

Navigation data – log files

IT systems and software procedures set up for the correct functioning of this Site collect, during their normal operation, certain personal data, which are transmitted in the context of the use of Internet communication protocols.

Said data are not collected in order to be associated with identified persons, but may, on account of their nature, allow users to be identified through processing and associations with other data held by third parties.

This category of data includes IP addresses or the domain names of computers used by persons accessing the Site, URIs (Uniform Resource Identifiers), the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the digital code indicating the state of the server’s response (successful, error, etc.) and other parameters relating to the operating system and to the user’s IT environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to verify its correct operation and are deleted immediately after processing. The data may be used to ascertain responsibility in the event of any IT crimes against the Site.

This category includes also data processed by using cookies. For such purpose, please see the provisions of the Cookie Policy.

Data provided voluntarily by users 

The optional, explicit and voluntary submission of an email address as well as of the relevant message to the addresses indicated on this Site results in the collection of the sender’s address and of other personal data that may be included in the request, which are necessary for responding to requests.

Further personal data (such as personal details, data concerning professional activity, position and/or role within the company, contact details such as business and/or private telephone number, e-mail address) provided to the Data Controller or anyway collected by the Data Controller from third parties, will be processed by the Data Controller in compliance with this policy and/or the Privacy Policy, and the GDPR.

3. Purposes of the processing

Personal data are processed by the Data Controller for the following purposes:

a) within the limits and only for the purposes to provide services accessible via the Site as well as to allow users to be acquainted with and examine in depth the activities carried out by the Data Controller;
b) to manage and develop, with regard to the previous point, questions and requests for interaction with Poggi & Associati;
c) to offer a platform of scientific insights accessible by clients through the reserved areas of the Site;

The carrying out of the activities under letters a), b) and c) above does not require the Data Subject’s consent, being the services or performances, in most cases, carried out at the direct request of the parties.

4. Provision of data and consequences in case of failure to provide data

The provision of personal data for the above purposes is optional and the failure to provide said data will have the only consequence to prevent the Data Controller from managing and processing the Data Subject’s requests.

5. Recipients and Categories of Recipients

Data will not be assigned to third parties unless with the consent of the Data Subject. Should disclosure to third party suppliers or partners of Poggi & Associati be necessary for organisational or administrative requirements or to support the services provided, the Data Controller shall appoint said entities as processors pursuant to the GDPR.

It is understood that the personal data of Data Subjects may be freely disclosed to third parties, such as the police, whenever this is permitted by the law or required by an order or decision of a competent authority.

The Data Controller informs the Data Subject that in this website there is no automated decision-making process, so in particular there is no profiling system.

This website and the services of the Data Controller are not intended for persons under the age of 16, and the Data Controller does not intentionally collect personal information about minors. In the event that information on minors are unintentionally recorded, the Data Controller will delete them in a timely manner, at the request of users.

6. Transfer of data

The data are stored on a server located in Italy. In any case, it remains understood that the Data Controller, where necessary, shall have the right to move the server even outside of the EU. In this case, the Data Controller shall ensure as of now that the transfer of data outside the EU will be in accordance with the provisions of the applicable law, after concluding the standard contract terms laid down by the European Commission.

7. Processing methods

Data relating to the web services of this Site are handled by internal technical personnel, specifically appointed in writing as Person in charge of the processing, pursuant to the GDPR and/or by personnel outside the Data Controller’s organisation, duly appointed, in writing, as Processor, pursuant to Section 28 of the GDPR.

All personal data are processed both in paper format and, mainly, in electronic format. Data will be stored in a form that allows the identification of the user only for the time strictly necessary to achieve the purposes for which they were originally collected and, in a any case, within the limits provided by law. Specific security measures are observed to prevent the loss of data, their unlawful or improper use and unauthorised accesses to the data, in compliance with the provisions of the GDPR.

8. Link to other websites

The Data Controller does not control and is unable to supervise either the content or data processing policies of third parties’ websites and services, which may be accessed via links contained in the Site. Therefore, Poggi & Associati is in no way responsible for data processing carried out through or in relation to said third party’s websites. Users should pay the utmost attention in such respect by carefully reading the terms of use and privacy policies published in the websites they visit.

9. Retention period

Personal data will be retained only as long as strictly necessary to achieve the purposes for which they had been collected and processed. Upon completion of the processing purpose, personal data will be stored for 10 years, without prejudice to the legitimate interest of the Data Controller pursuant to the GDPR, or any longer period that may be established in the future with reference to cases regulated from time to time by the applicable laws or by the competent authorities.

10. Data Subject’ right

Each Data Subject may exercise the following rights at any time:

a) Right of access – obtain confirmation whether or not personal data concerning him/her are being processed, and, where that is the case, access to the following information relating in particular to: the purpose of the processing, the categories of personal data processed and storage period, recipients to whom they can be communicated (Art. 15, GDPR);
b) Right to rectification – obtain, without undue delay, the rectification of inaccurate personal data concerning him/her and have incomplete personal data completed (Art. 16, GDPR);
c) Right to erasure – obtain, without undue delay, the erasure the personal data concerning him/her, in the cases provided for by the GDPR (Art. 17, GDPR);
d) Right to restriction of processing – obtain from the Data Controller restriction of processing, in the cases provided for by the GDPR (Art. 18, GDPR);
e) Right to portability – receive the personal data concerning him/her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, in the cases provided for by the GDPR (Art. 20, GDPR);
f) Right to object – object to the processing of personal data concerning him/her, unless there exist legitimate grounds for the Data Controller to continue with the processing. At any time it is possible to unsubscribe from newsletters, automatic emails, etc. (Art. 21, GDPR);
g) The right to lodge a complaint with a supervisory authority – submit a complaint to the competent authority according to the instructions published on the website www.garanteprivacy.it or by sending an email to urp@gpdp.it;
h) Right of withdrawal – withdraw the consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Art. 7, GDPR).

11. How to exercise the rights

The rights referred to above can be exercised by written request that contains the clear indication in the reference of the type of right exercised. This request may be sent by registered letter with acknowledgement of receipt or regular email addressed to the Data Controller, using the following addresses:
– registered letter with acknowledgement of receipt: Poggi & Associati, Via Farini 11, Bologna – 40124;
– email address: privacy@poggieassociati.it.

This is a unique website which will require a more modern browser to work!

Please upgrade today!