It is a disclosure made also pursuant to Regulation EU 2016/679 (GDPR), to Legislative Decree 196/2003, to Legislative Decree 101/2018, to the Provisions of the Personal Data Processing Authority and to the other applicable laws regarding protection on the subject (hereafter “laws”), to those who interact with this website, accessible via the Internet at the address https://www.gruppodp.com (or http://www.gruppodp.it) corresponding to the homepage of the website itself.
The disclosure is deemed to have been made also for the dedicated areas where the user may freely provide a series of data concerning them to contact the Data Controller.
1. Data Controller.
The personal data controller is Gruppo DP S.p.A. (VAT no. IT03436170108) with offices in Via Trento, 43/3 16145 Genoa (Italy), certified email address HR.GRUPPODP@REGISTERPEC.IT.
2. Categories of personal data
2.1 Browsing data
During their normal operation, computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected with the purpose of identifying interested parties, but by its very nature, the information could lead to user identification through processes and relations with data held by third parties.
This category of data includes the IP addresses or domain names of computers used by users connecting to the website, the URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, failed, etc.) and other parameters associated with the user’s operating system and computer environment.
This data is only used to obtain anonymous statistical information on the use of the site and to ensure that it operates correctly. The data could be used for ascertaining responsibilities in the event of any unlawful acts; aside from this possibility, the data on web contacts will be kept for the time strictly necessary for achieving the purposes of the Data Controller.
2.2 Data provided voluntarily by the user
No registration is required to access the content of the site. However, within the site there are some services for which it is necessary to provide some personal data. Whenever the Data Controller collects information and personal data, it will inform the users beforehand of the purposes for which such data is required and how they will be used.
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website involves the subsequent acquisition of the sender’s address, which is needed to respond to requests, as well as any other personal data included in the message. The same can be said for services requested by the users by filling in forms or using similar methods.
Specific disclosures will be published on the pages of this website prepared for the provision of certain services.
There follows some general information regarding cookies, to help understand the disclosure.
Cookies are small text strings which websites send to the terminals of visiting users (usually to the browser), where they are stored and later returned to the same websites during subsequent visits by the same user.
While browsing a site, the user may also receive cookies on their terminal that are sent from different websites or servers (so called “third parties”), which contain certain elements (such as, for example, pictures, maps, sounds, specific links to pages on other domains) found on the website that the user is visiting.
Cookies, which are usually present on the users’ browser in significant numbers and sometimes even of persistent duration, are used for different purposes: to carry out IT authentication, monitoring sessions, storing information about specific configurations regarding the users accessing the server, etc.
In its decree dated 8th May 2014, the Personal Data Processing Authority identified two macro-categories: “technical” cookies and “profiling” cookies.
“Technical” cookies are those used only for the purpose of “transmitting a communication on an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service”. They are not used for other purposes and are normally installed directly by the website Owner or operator. They can be divided into browser or session cookies, which guarantee the normal browsing and use of the website (for example, allowing purchases to be made or obtaining authentication to access restricted areas); analytics cookies can be considered the same as technical cookies if they are used directly by the site operator to collect information on the number of users and how they visit the site in aggregate form. Functional cookies enable the user to browse based on a set of selected criteria (for example, the language, products selected for purchase) in order to improve the quality of the service provided.
To install these cookies, it is obligatory to provide disclosure, whereas prior consent of users is not required.
Another element to consider is the subjective one. It is, therefore, necessary to take into account the different subject installing the cookies on the user terminal, according to whether it is the same operator of the website that the user is visiting (that may be indicated as “editor” for short) or of a different site that installs the cookies through the former (so-called “third parties”).
The following may be used in this website:
- Browsing cookies (technical): from the first access, cookies allow the site to work properly and allow the user to view its contents on their device, recognizing the language and market of the Country from which it connects. If it is a registered user, they make them recognisable and lets them access the services of the dedicated areas offered. Navigation cookies are technical cookies and are necessary for the operation of the site.
- Functional Cookies (technical): this kind of cookies allows the website to recognise the user every time they access the website. They make it possible to offer a better and customised service. For instance they store that: the user no longer wants to visualise the capture e-mail popup; if they have left a comment to the blog or to an article; the opinion of an article. Functional cookies are not essential to the operation of the site, but they improve the quality and browsing experience.
- Analytical Cookies (technical): these cookies are used by Google Analytics and by the internal search engine and are used for: collecting data in an anonymous and aggregate form; processing statistical analysis on the browsing methods of the users on the site through the computer, on the number of pages visited; processing the number of clicks made on a page while browsing the site, as well as reports on demographic data (like sex, age and interest for instance). They are used to collect data on the way in which the visitors (not only registered ones) use the site and thus allow us to improve the appearance and the browsing experience.
- Cookies for display advertising (profiling): for the advertising on our website we sometimes use independent advertising companies. These companies can recognise or send a specific cookie in the user’s computer or mobile device. These cookies (so-called third party cookies) are used to send the user the most relevant ads for him or her and those responding most to his or her interests. They are also used to limit the frequency with which an ad is proposed, as well as an aid to measure the effectiveness of an advertising campaign. They memorise that the user has visited a website and this information is shared with other organizations, such as advertisers. The functions of Google Analytics are implemented on the basis of the display advertising (for example remarketing, reports on the impressions of the Display Network, integration of DoubleClick Campaign Managers or reports on the demographic data and on the interests of Google Analytics and also those envisaged by third parties). Visitors can disable Google Analytics for display advertising and can customize the ads of the Google Display Network using the Ad Preferences Manager.
- Google and third-party cookies for marketing / retargeting (profiling): these cookies are used by third-party suppliers. They allow the user to view advertising banners on other affiliated websites, showing the last products viewed on the website. In order to perform this activity of promotion, we use both proprietary cookies (like Google Analytics cookies) and third party cookies. The “third party” cookies come under the direct and exclusive responsibility of the relevant supplier.
Browsers are usually enabled to accept cookies from websites. However, it is possible to control and disable the cookies by using the settings of each browser. This restriction may compromise some features of this website. The user can find information on how to manage cookies with some of the most popular browsers at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.
Alternatively, it is possible to opt out of receiving cookies from specific suppliers using the tool available on the website http://www.youronlinechoices.com or on the website http://www.aboutads.info/choices. To disable the use of the mobile device’s ID for specific advertising, reference can be made to the website http://www.aboutads.info/appchoices.
To opt out of ads based on the interests connected to an advertising identifier on mobile device or tablet, the user is invited to configure the corresponding setting on their device (normally included amongst device’s “privacy” or “advertising” settings). The user will continue to see adverts but they will not be personalised on the basis of their interests.
Although it may seem obvious, we would like to point out that the links reported above refer to third party websites and therefore might not be updated because they are modified by the domain owner.
3. Purposes of the data processing and data transfer
Without prejudice to what is indicated in point 2 for browsing data and for cookies, the data provided/collected will be processed for managing and operating the website and for following up the users’ requests.
The Data Controller does not transfer data to non-EU countries. However, it reserves the right to use cloud-based services. In such a case, the service providers will be selected from those which provide the appropriate guarantees, as set out in Article 46 of the GDPR 679/16. The processing will, therefore, take place according to one of the methods permitted by the law in force, such as the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in Countries considered safe by the European Commission.
4. Conferring the data, legal basis of processing and consequences in the event of not communicating the data
For the browsing data indicated above, the transmission is implicit in the use of Internet communication protocols.
The processing of browsing data is necessary for the pursuit of the legitimate interest of the Data Controller of processing with reference to the purposes indicated above and it is carried out according to the laws.
The processing of the data provided voluntarily by the user through e-mail and filling in the modules/forms or similar methods present on the site is necessary for following up the requested services. Failure to provide such data may make it impossible to obtain what is requested.
As regards the cookies, the disclosure laid down in point 2.3 above is provided. The user’s consent is not required for the technical cookies, whereas profiling cookies are only activated after the free manifestation of the user’s consent.
5. Methods of data processing
The processing of personal data will be mainly carried out with the help of electronic or automated means, according to the manner and using appropriate tools to ensure the safety and confidentiality of the data, in accordance with the provisions of the GDPR. In particular, all technical, computer, procedural, logistical and organizational security measures will be taken, in order to guarantee the minimum level of data protection provided by the law, allowing access only to the people authorised by the Data Controller to process it or to the designated Data Processors.
Recipients/categories of recipients of the personal data processed through the website can be freelancers, consultants and/or other subjects, ICT service suppliers, etc. normally designated Data Processors or parties authorised to process. They may be communicated to Legal Authorities, Public Administrations, Police Forces, Tax Authorities and other public subjects, on their explicit request, in order to fulfil the obligations envisaged by domestic or European laws, regulations and rules, or for protecting rights.
7. Data storage
The technical data and the browser data will be kept for the time necessary to achieve the purposes of the Data Controller and for the time laid down by the laws. The data provided voluntarily by the user through e-mail and filling in the modules/forms or similar methods present on the site are kept for the time necessary to provide the requested services and for the time laid down by the law.
8. Rights (arts. 15 and foll. GDPR)
9. Right to lodge a complaint
The data subject is entitled to lodge a complaint with the Personal Data Processing Authority.
10. Different purposes
If the Data Controller intends to process the data for a purpose other than that for which it was collected, it will provide the data subject, prior to such further processing, information regarding this other purpose and any other relevant information.