This document relates to the confidentiality policies concerning personal data processed by Anci Servizi s.r.l. a Socio Unico, which manages the website https://www.cimac.it through the company White, Red & Green Milano S.r.l.
This document describes the methods for managing the processing of personal data of website users and visitors. Pursuant to current legislation on the processing of personal data, personal data provided by the data subject (also in the case of data subjects operating as sole traders, small businesses, or professionals) or its employees, agents, representatives and collaborators (hereinafter the “Data”) will be processed in accordance with the provisions of the current applicable privacy legislation, i.e. pursuant to Regulation (EU) 2016/679 (hereinafter the “GDPR”) and to national applicable legislation (Leg. Decree 196/03, as amended by Leg. Decree 101/2018). Data is processed in such a way as to ensure its safety, and in line with the principles of fairness, lawfulness and confidentiality provided for under art. 5 of the GDPR.
The Data Controller, pursuant to art. 4 of the GDPR, is Anci Servizi S.r.l. a Socio Unico, with registered offices in Milan, Via Alberto Riva Villasanta 3, and with operating premises in Vigevano, C.so Brodolini 19 and Via Aguzzafame 60/B. To contact the Data Controller, simply send an e-mail to email@example.com or call either +39.0381.84722 or +39.02.438291. The Data Controller has appointed a DPO, who can also be contacted as above.
Data is processed, in line with the principles of lawfulness provided for under art. 6 of the GDPR, for purposes relating to the relationship established with the Data Controller; therefore, data processing is legally justified, as required by art. 13 c) of the GDPR, by the purposes for which the relationship is established with the Data Controller, i.e. in this particular case, to access the latter’s website as a visitor or user.
The processing of data supplied to the Data Controller, for example by filling in forms, browsing the website, communicating email addresses, etc., includes managing, organising, storing, using and creating a database, as well as carrying out statistics, destroying or amending processed data at the data subject’s request or consulting same, notifying future initiatives, processing and emailing soft spam and light marketing, producing statistics, sending promotional material, erasing data and using it for conferences and meetings.
Moreover, please note that data relating to the web services offered by this website is processed on the Data Controller’s corporate premises, exclusively by employees, collaborators or third parties authorised to conduct occasional maintenance operations.
Data will be processed in paper form and/or electronically by parties specially authorised to do so. Providing data is optional, except for that acquired automatically by the system; however, it is hereby understood that upon continuing to browse the website without disabling cookies (see Cookies policy), consent shall be deemed to have been provided pursuant to art. 4, para. 11.
Data will be stored for ten years and in any case for the time required to fulfil the purpose of the collection.
Should the Data Controller intend to process personal data for a purpose other than that for which it was collected, the data subject will be provided in advance with information on this new purpose and all other pertinent information, and the Data Controller will seek his or her prior consent.
Processing includes communication of data to members of the Data Controller’s organisational structure, i.e. to its consultants entrusted with managing the business, in and outside the EU (in the countries set forth in artt. 45 and 46 of the GDPR), and communication to partners with which the company organises its initiatives, all of which are appointed as external Data Protection Officers pursuant to art. 28 of the GDPR, as well as to Organisations, Institutions and Confindustria.
The data collected will not be disseminated.
The Data Controller reminds the data subject that the personal Data requested and supplied does not fall under the categories of personal data listed in artt. 9 and 10 of the GDPR; consequently, the Data Controller does not process special category data.
Existence of automated decision-making, including profiling.
The Data Controller does not process data on the basis of automated decision-making processes or for profiling purposes.
The Data Controller informs you that the following rights are guaranteed under art. 13, para. 2, of the GDPR:
To exercise the rights listed above or to obtain more information on the processing of your personal data, simply email firstname.lastname@example.org, stating the wording “Exercising of rights under the GDPR” in the subject line and specifying the right that you wish to exercise in the body of the email, along with your name, surname and the email address where you wish to receive the reply. Once your request has been processed, the Data Controller will send its feedback in the terms set forth in art. 12, point 3, of the GDPR.
The Data Controller informs you that the rights listed in and guaranteed by artt. 15-22 of the GDPR may not be exercised by submitting a request to the Data Controller or by lodging a complaint under art. 77 of the GDPR if exercising same could cause real, concrete injury to certain data categories and/or to certain activities listed in art. 2-undecies of Leg. Decree 196/03, as amended by Leg. Decree 101/2018; this does not prejudice the provisions, specified in paragraphs 2 and 3 of the aforementioned article, in terms of limitations, exclusions or delays in exercising rights.
During normal operations, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is an inherent feature of Internet communication protocols. This data is only used to obtain anonymous statistical information on use of the website and to check its correct functioning, and is deleted immediately after it is processed. The data may be used to ascertain responsibility in the event of hypothetical computer crimes against the website.
The documentation, texts, images, brands and anything else published and reproduced on this website is the property of Anci Servizi S.r.l. a Socio Unico and/or licensed to same by third parties. All the contents of this website are protected by the provisions of law relating to copyright and intellectual property. Any reproduction thereof, even in part, is forbidden.
Anci Servizi S.r.l. a Socio Unico shall not be held liable either for the content of the information published on this website or for the use that third parties may make of same, due to any contamination deriving from website access, interconnection, or downloading of material or software from this website. Consequently, Anci Servizi S.r.l. a Socio Unico shall not be held liable or in any way obliged to answer for any damage, loss or harm that third parties may suffer as a result of coming into contact with this website or as a result of its use and reliance of the information published on same or of any connected software.
The material and information available on the website may be changed or updated without notice.
Although Anci Servizi S.r.l. a Socio Unico uses the utmost care when uploading information on the website, the latter takes no responsibility regarding the accuracy and completeness of the information provided, the use of which is at the sole risk of the user. Placing said information at the disposal of the user does not grant any licenses on copyrights, patents or any other intellectual property right.
The Data Controller regularly reviews its compliance with these privacy regulations, which it adapts regularly to reflect the latest requirements.
If you have any questions or concerns regarding these privacy regulations, you can contact the DPO at any time by writing to: email@example.com.
We respond to all users who lodge a formal written complaint to this address in order to get to the bottom of the problem reported. We undertake to cooperate with the competent authorities to resolve any complaints regarding the transfer of personal data that should not be resolved directly between the Data Controller and private individuals.