Altilia Privacy Policy

Per leggere la nostra privacy policy in italiano, visita la pagina dedicata.

Privacy policy

Ex Art. 13 EU Regulation 2016/679

 

Dear Data Subject,

Altilia S.r.l. considers of fundamental importance the protection of the personal data of its users, actual and/or potential.

With this document (the “Policy“), we renew our commitment to ensure that the processing of personal data collected through browsing on our platform is done in full compliance with the protections and rights recognized by the Regulation (EU) 2016/679 (“GDPR” or “Regulations”) and by the additional applicable regulations on the protection of personal data (the “Privacy Regulations“), including the Italian Legislative Decree 196/2003, as amended (the “Privacy Code”).

The term personal data refers to the definition contained in Article 4(1) of the Regulation, namely, “any information relating to an identified or identifiable natural person; an identifiable person is any natural person who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier, or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural, or social identity” (“Personal Data”).

The purpose of this Policy – drafted on the basis of the principle of transparency and including all the elements required by Article 13 of the Regulations – is to describe the way in which the website www.altilia.ai (the “Website“) is managed, with reference to the processing of Personal Data of users/visitors.

We will also provide you, in a simple and intuitive way, with all the useful and necessary information so that you can give your Personal Data in a conscious and informed way and, at any time, exercise your rights under the GDPR.

  1. ) THE DATA CONTROLLER

    The company that will process your Personal Data for the purposes set out in this Policy and that, therefore, will play the role of data controller, i.e., ““the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data” is Altilia S.r.l.with registered office in Milan, Via San Raffaele 1, VAT number 10780921002 (the Data Controller”).
  2. ) THE DATA PROTECTION OFFICER (DPO)

    The Data Controller, in order to facilitate relations with data subjects, has appointed its own Data Protection Officer (the “DPO”), identifying SAPG Legal Tech. located at Corso Europa, 7.
    As provided for in Article 38 of the GDPR, you may freely contact the DPO for all matters related to the processing of your Personal Data and/or in case you wish to exercise your rights as provided in this Policy, by sending a written communication to the e-mail address: [email protected].
  3. ) PURPOSE AND LEGAL BASIS OF PROCESSING

    While browsing the Site, Personal Data may be processed according to the purposes and related legal bases set forth below.

    1. ) Improving the browsing experience and monitoring the proper functioning of the Site

      The computer systems and software procedures used to operate the Website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

      This category of data includes, by way of example: IP addresses, the type of browser used, the operating system, the domain name and addresses of Internet sites from which access or exit was made, information on the pages visited by users within the Website, access time, the length of time spent on the individual page, internal path analysis and other parameters relating to the user’s operating system and computer environment.
      Such technical/informational data are collected and used only in an aggregate, non-identifying manner and could be used to ascertain liability in the event of hypothetical computer crimes against the Website.

      Processing will be legally based on Data Controller’s legitimate interest in the better functioning of its systems, optimization and improvement of the browsing experience, avoidance of fraudulent activities, and improvement of Website security (Art. 6(1)(f) of GDPR).
    2. ) Enable you to enjoy the service requested as a result of filling out an online form, i.e., by way of example but not limited to registering with the platform, which allows you to manage your personal area, or to be put in touch with the professional most suitable for you

      To enable the Data Controller to carry out the processing activities for this purpose, it will be necessary to provide the Personal Data requested in the appropriate forms.
      In order to enable you to take advantage of the services provided by the Data Controller, it is necessary to process common Personal Data. This includes but is not limited to: personal data such as first name, last name, date of birth; contact data such as phone number, home address, email address.

      This purpose of processing is legitimized by the execution of pre-contractual measures or the contract to which you are a party (ex art. 6 par. 1(b) GDPR).
    3. ) Ascertain, exercise or defend a right of the data controller in judicial and/or extrajudicial proceedings.
      The legal basis for the data controller’s exercise or defense of a right will be that of legitimate interest, as defined in Article 6(1)(f) of the GDPR.
    4. ) Direct Marketing of the Data controller

      This term means the performance of promotional activities (by both automated and traditional methods) of the services of your interest provided by the Data Controller. With regard to this direct marketing purpose, it should be clarified that, by virtue of Article 6 paragraph 1 lett. f) of the Regulations and Article 130 paragraph 4 of the Privacy Code (so-called soft spam exception), the Data Controller may carry out this activity based on its legitimate interest, regardless of your explicit consent, as better explained in Recital 47 of the Regulations in which it is “considered legitimate interest of the Data Controller to process personal data for direct marketing purposes.”. This will be possible as a result of the data controller’s assessments of whether your interests, fundamental rights and freedoms requiring the protection of Personal Data override its own legitimate interest in sending direct marketing communications. Moreover, you may lawfully and at any time (even partially) object to receiving promotional communications, without in any way affecting the processing for the other purposes.

      Such processing, therefore, will be legally based on the data controller’s legitimate interest under Article 6(1)(f) of GDPR.
    5. ) Profiling purposes, i.e., analysis of habits, preferences, behaviors, interests inferred, by way of example, from online actions on profiles and/or Website sections in order to send you commercial communications.

      The processing of your personal data for profiling purposes will take place, in case of your consent, with data processing tools that, following cross-referencing, will create a commercial and behavioral profile of you on the web. Such data processing tool will relate the data collected during your browsing on the Website through the use of first-party profiling cookies accepted by you with the data collected through the completion of the online form. In addition, such data and/or information, will be associated with any and/or additional data and/or information already in our possession as a result of your membership in our services.

      If you have given consent (in whole or in part) to the processing of your Personal Data for the above purposes, you may at any time revoke it in whole and/or in part without affecting the lawfulness of the processing based on the consent given prior to revocation. Any revocation of consent will require the Data Controller to cease the processing activities of your Personal Data for these purposes. The procedures for revoking consent are very simple and intuitive: all you need to do is contact the Data Controller using the contact channels reported to you within this Policy.

      The processing of your personal data for profiling purposes will take place, in case of your consent, with data processing tools that, following cross-referencing, will create a commercial and behavioral profile of you on the web. Such data processing tool will relate the data collected during your browsing on the Website through the use of first-party profiling cookies accepted by you with the data collected through the completion of the online form. In addition, such data and/or information, will be associated with any and/or additional data and/or information already in our possession as a result of your membership in our services.

      If you have given consent (in whole or in part) to the processing of your Personal Data for the above purposes, you may at any time revoke it in whole and/or in part without affecting the lawfulness of the processing based on the consent given prior to revocation. Any revocation of consent will require the Data Controller to cease the processing activities of your Personal Data for these purposes. The procedures for revoking consent are very simple and intuitive: all you need to do is contact the Data Controller using the contact channels reported to you within this Policy. (Art. 6(1)(a) of the GDPR).

    6. ) Contact us

      If requested by you through the completion of the appropriate form, Personal Data will be processed to respond to your inquiries about services provided by Altilia S.r.l.

      This purpose of processing is legitimized by the execution of pre-contractual measures or the contract to which you are a party (ex art. 6 par. 1(b) GDPR).

      The Data Controller, in order to proceed with generic marketing activities and those with respect to which you have given consent, will create a master profile referring to you internally in its centralized management system (CRM). Your possible request to opt-out with respect to generic marketing activities and/or the revocation of any consents you may have given will not result in the deletion of the aforementioned master profile from the CRM as well, unless you exercise your right to deletion in the manner provided for in this policy in the section entitled “Rights of the Data Subject.” Once the above retention periods have expired, the Personal Data will be destroyed, deleted or anonymized, consistent with the technical procedures for deletion and backup and with the accountability requirements in the Data Controller’s charge.

      Please note that consent is free, optional and revocable. Therefore, where only one consent is requested under any form, where it is given, it will be understood to be specific to that purpose and no other purpose that provides the legal basis for consent.

      If you have given consent (in whole or in part) to the processing of your Personal Data for the above purposes, you may at any time revoke it in whole and/or in part without affecting the lawfulness of the processing based on the consent given prior to revocation. Any revocation of consent will require the Data Controller to cease the processing activities of your Personal Data for these purposes. The procedures for revoking consent are very simple and intuitive: all you need to do is contact the Data Controller using the contact channels reported to you within this Policy.

  4. ) PARTIES TO WHOM YOUR PERSONAL DATA MAY BE DISCLOSED

    Your Personal Data may be managed, on behalf of the Data Controller, exclusively by personnel expressly authorized to process it (pursuant to art. 29 of the Regulations and art. 2 – quarter decies of the Privacy Code and by third parties expressly appointed as data processors (pursuant to art. 28 of the Regulations), in order to properly carry out all processing activities necessary to pursue the purposes set out in this Policy.

    For explanatory purposes only, we list some categories of entities to which your Personal Data may be disclosed:

    1. ) business partners of the Data Controller who provide services, in their capacity as data controllers or autonomous data controllers, for the purposes set out in Art. 6(1)(b) of the Regulations;
    2. ) third party service and consulting providers in their capacity as data controllers or autonomous data controllers, for the purposes referred to in Art. 6 par. 1 lett. b) of the Regulation;
    3. ) subjects and authorities whose right of access to Personal Data is expressly recognized by law, regulations or measures of competent authorities;
    4. ) subjects assignees of company or business branch, companies resulting from possible mergers, demergers or other transformations of the Data Controller’s company.

    Should you wish to become aware of which parties have come into possession of your Personal Data as a result of your dealings with the Data Controller, you may contact the Data Controller by sending a communication to the e-mail address set out below in Section 6.

  5. ) RETENTION TIME OF PERSONAL DATA

    In accordance with the principle of retention period limitation (Article 5.1 letter e) of the Regulations), your Personal Data will be processed by the Data Controller only to the extent necessary to fulfill the purposes set out in this Policy.

    Specifically, your Personal Data will be stored:

    1. ) For the purposes set out in Paragraph 3(a) of this Policy, for the time necessary for the provision of services on the Website; in the case of the purchase of products or services, the data will be kept for an additional 10 years after the conclusion of the contract, in accordance with the relevant legal requirements;
    2. ) For the purposes set forth in Paragraph 3(b) of this Policy until you opt-out, if any, while the data relating to the details of promotional and commercial activities carried out will be kept for 10 years after the collection of each data;
    3. ) For the purposes set forth in Paragraph 3(c) of this Policy, for the duration of the out-of-court and/or judicial complaint and/or proceeding until the exhaustion of the time limits for the availability of judicial protections and/or appeal actions;
    4. ) For the purposes set forth in Paragraph 3(d) of this Policy, with regard to master and contact data until you opt-out, while data related to the details of promotional and commercial activities carried out will be kept for 10 years after the collection of each data;
    5. ) For the purposes set out in Paragraph 3(e) of this Policy, until your revocation of the consent given. Revocation of consent does not affect the lawfulness of the processing based on the consent before revocation;
    6. ) For the purposes set forth in Paragraph 3(f) of this Policy, after the processing of the request, for the ordinary limitation period of 10 years.

    After the aforementioned retention periods have expired, your Personal Data will be destroyed, erased or anonymized, consistent with technical erasure and backup procedures and the accountability requirements of the Data Controller. In particular, following your objection and/or your eventual withdrawal of consent, the Data Controller will continue to process your Personal Data in order to have evidence that you should no longer be sent marketing information and promotional material (directly and/or on behalf of third parties) and/or that your data should no longer be disclosed to third parties.

    In any case, your Personal Data will be subject to periodic monitoring, not exceeding 12 months, aimed at assessing its relevance to the activities of the Data Controller; if, your Personal Data is no longer relevant it will be immediately deleted.

  6. ) RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEM

    You may at any time exercise your rights under Articles 15 et seq. of the Regulations against the Data Controller. In particular, you have the right to obtain:

    1. ) confirmation that your Personal Data is or is not being processed and to obtain access to the data and the following information: purpose of the processing, categories of Personal Data, recipients and/or categories of recipients to whom the data has been and/or will be disclosed as well as the relevant retention period;
    2. ) the rectificationof your inaccurate Personal Data and/or the supplementation of incomplete Personal Data, including by providing a supplementary statement;
    3. ) the deletion of your Personal Data and the limitation of processing in the cases provided for by the GDPR and current privacy legislation;
    4. ) where applicable, the portability of your Personal Data and, in particular, the ability to request the direct transmission of your Personal Data to another data controller;
    5. ) objection at any time, for reasons related to your particular situation, to the processing of your Personal Data in full compliance with applicable privacy legislation.

    To exercise your rights, you may contact the Data Controller at the following mailbox, enclosing a copy of your identification document: [email protected].

    In any case, if you believe that the processing of Personal Data is contrary to the Privacy Regulations, you will always have the right to lodge a complaint with the competent supervisory authority (Data Protection Authority) under Article 77 GDPR.

  7. ) PLACES OF PROCESSING

    Your Personal Data will be processed by the Data Controller within the territory of the European Union.

    In addition, should your Personal Data be transferred and/or located in countries outside the territory of the European Union due to technical and/or operational issues, we inform you as of now that the entities located outside the European Union will be appointed (if the prerequisites are met) as Data Processors pursuant to Article 28 of the Regulations.

    Furthermore, the transfer of your Personal Data to such entities, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation.

    Therefore, all necessary precautions will be taken in order to ensure the fullest protection of your Personal Data by basing such transfer: a) on adequacy decisions of the third country recipients expressed by the European Commission; b) on adequate safeguards expressed by the third party recipient pursuant to Article 46 of the Regulation; c) on the adoption of binding corporate rules, so called binding corporate rules; d) by adopting standard contractual clauses approved by the European Commission.

    In any case you may request more details from the Data Controller if your Personal Data has been processed outside the European Union by requesting evidence of the specific safeguards adopted.

    v. 28/07/2023 – Rv. 05.12.2023