Privacy

Privacy Policy (Article 13 General Data Protection Regulation GDPR)

The processing of the website / portal web services takes place at the company’s headquarters and is only handled by the technical staff of the office authorized to process the processing (eg Internet Area), or by any external managers for the performance of occasional technical operations or periodic (eg database and website maintenance).

The data controller considers the “privacy” of its users to be of fundamental importance and guarantees that the processing of personal data through its website is carried out in compliance with fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity and the right to the protection of personal data. In this regard, the data controller has granted and implemented a Privacy Policy for everything concerning the site management methods with reference to the processing of users’ personal data.
Privacy Policy and to check it carefully in order to check for any updates or revisions that may become necessary. The data controller informs that the personal data (hereinafter “Data”) provided by you, or otherwise acquired as a result of or during navigation on our site / portal, may be processed, in compliance with the European Regulation 2016/679 (GDPR).

Definition of “personal data”

For the purposes of this Policy, “personal data” – as better specified in Article 4 of the GDPR – means “any information relating to an identified or identifiable natural person (” interested party “); the natural person is considered identifiable who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social; “.
This Privacy Policy applies to personal data collected through the website and / or portal of the Data Controller of your data and / or e-mail boxes of the Company. This does not apply to personal data collected “off-line”, except in cases where such personal data are combined with other personal data collected by the Data Controller of your online data. Furthermore, this does not apply to other websites owned by third parties, which can be accessed via hyperlink, due to the fact that the Data Controller of your data does not manage and does not control the content of such sites.
The following personal data can be collected by the Data Controller of your data, through its website and / or portal: name, surname, address, e-mail address, information grouped for statistical purposes only during the site consultation process. and / or portal, other information provided voluntarily by the user through the online registration procedures or the compilation of specific fields, forms, information aimed at improving and facilitating the navigation of the site.

Methods of data processing

Users can access different sections of the website without releasing any personal information. The Data Controller of your data processes and collects personal data online through its website and / or portal or other Company e-mail address; these treatments are carried out, mainly in an automated way, in the following ways:

1. Data released voluntarily by users
   The Data Controller of your data collects personal information and other data that are entered in the registration forms or released in the form fields of the website and / or portal, as well as forwarded to the Company by e-mail. These data may concern information necessary to provide the services requested by the interested party (eg Newsletter) and / or to contact the interested party (name, postal address, e-mail address, telephone number, user ID and password), or even the date of birth, professional credentials, hobbies and interests of the user.
2. Navigation data collected through the use of electronic tools
   The IT systems and software procedures used to operate the website of the Data Controller of your data acquire, during their normal use, a series of personal information whose transmission is implicit in the use of Internet communication protocols (e.g. example, the IP address of the user or the domain name of the computer used to access the website, the URL of the requested resources, the time of the request or the time of the session, the method used to submit the query to the server, the size of the files received in response to the request, the numerical code concerning the status of the response given by the server and other type of information regarding the user’s operating system and IT environment). The website and / or web portal of the Data Controller uses technologies such as cookies or similar in order to collect and / or transmit users’ personal data. The Data Controller of your data uses these technologies exclusively for the purpose of obtaining statistical information on the use of the site and / or web portal (e.g. total number of visitors to the sites, number of visitors per single web page, name of the domain of origin of the visitor’s internet service provider). In particular, the use of session cookies (those that are removed from the user’s computer when the browser is closed) is strictly limited to the transmission of information referring to the user’s session, of fundamental importance for a safe and efficient navigation of the website and / or portal. Furthermore, the use of these session cookies strictly excludes the use of other IT techniques that are potentially prejudicial to the confidentiality of users’ browsing and does not allow the acquisition of personal identification data of the same.

Details on the processing of personal data

The User Data is collected to allow the Owner to provide its services, as well as for the following purposes: Statistics, Contacting the User, Interaction with external social networks and platforms, Registration and authentication, Social Applications, Payment Management, Interaction with support and feedback platforms, Infrastructure monitoring, Traffic optimization and distribution, Interaction with live chat platforms, Remarketing and Behavioral Targeting, Address management and sending of email messages, Display of content from external platforms, Affiliation commercial and heat mapping. The types of Personal Data used for each purpose are indicated in the specific sections of this document.

Purpose of the processing of the collected data

Personal Data may be collected for the following purposes and using one or more of the following services:

• Social applications
• Interaction with social networks and external platforms
• Contact the user, chat and feedback
• Traffic optimization and distribution, infrastructure monitoring
• Remarketing and Behavioral Targeting
• Statistics
• Viewing content from external platforms
• Registration and authentication

Purpose of the collection

The data controller collects the personal data of its users necessary to carry out the authorization, enabling and personalization of access to the various areas and related contents of the Company’s website / portal. Furthermore, the data controller acquires the data necessary to execute the contractual obligations assumed towards customers and deriving from the booking operations. The execution of these obligations necessarily implies that the employees of the operational and commercial functions of Atena Holding srls have access to such data. as well as the employees of third-party service providers. The data controller uses the personal data collected online in order to offer products and services, control the system of authorized accesses to monitor data security, evaluate job proposals submitted by candidates (CV); only at the specific request of the interested party, through the online registration form, the data controller submits commercial offers and promotes marketing initiatives through its own “Newsletter”. The owner of the data processing, as “Owner” of the related processing, informs that the data in question will be processed and used exclusively for the purposes outlined in this Privacy Policy.

The personal data collected by filling in the forms on the website / web portal of the data controller are processed in order to:

• allow you to access the services provided by the site / portal and reserved for registered users,
• to be able to contact you at your request to provide you with the specific information and assistance you need or for which you have requested our assistance
• with your express specific consent, for the sending of commercial information and for marketing purposes both with automated methods (eg email, fax, sms, mms etc.) and non-automated (eg ordinary mail, telephone with operator etc.) ) in relation to products and services of companies and / or commercial partners,
• with your express consent to carry out, with electronic tools, profiling activities, analysis of purchase choices and market research in order to improve the offer of services and commercial information, making them more compliant with your interests.
• This information may be supplemented by further information provided at the time of any request for specific services.

Communication and / or dissemination of personal data

Personal data will be accessible to the bodies and employees of the data controller, formally appointed as Data Processors or Data Processors. The use and forwarding of personal data by external individuals and organizations acting on behalf of the aforementioned data controller are governed by contracts that provide for an adequate level of personal data protection. These subjects are appointed External Managers. Users’ personal data will be used and released by the data controller exclusively to individuals and organizations working on their own behalf, in accordance with this Privacy Policy and as explicitly provided for by current legislation. Furthermore, the data controller manages the information contained on its website / web portal in collaboration with other service providers and web agencies, from which it can receive personal data relating to the users of such information. These online collaborations are governed by specific contracts which presuppose an adequate level of protection of the personal data processed. In some other cases, the data controller may also be required to release the personal data of the users of its website / web portal, in execution of contractual obligations, in accordance with current legislation or to satisfy the request for services by the ‘interested; this information release activity can take place in the following cases:

1. when online users have authorized the release of information;
2. when the data controller needs to communicate information about users to offer services and satisfy the request of an online user;
3. when the data controller needs to communicate information to its partners who perform services for online users;
4. when the data controller is required, by order of the judicial authorities, to release information about users, or in accordance with a local or international law, regulation or mandate.

Furthermore, further circumstances may arise, if for example the data controller decides, for commercial reasons, to carry out sales, mergers or capital acquisitions. As part of these reorganization activities, personal data may be shared with current or potential buyers. In these circumstances, the data controller will obtain written guarantees that personal data will be processed with an adequate level of protection and, in any case, in compliance with current legislation. Except in cases explicitly permitted by law, or provided for in this Privacy Policy, personal data will not be disclosed or shared without the consent of the user concerned. The data controller will not transfer the personal data of its website users to unauthorized third parties, for consideration or free of charge.

Protection of personal data

In accordance with the principle of minimization of treatment enshrined in art. 5 GDPR, The data controller guarantees that the processing by electronic means is carried out by minimizing the use of personal data and identification data, limiting their use to cases where they are strictly necessary for the achievement of the purposes for which have been collected. The data controller also guarantees the adoption and observance of specific security measures to prevent the loss of data, any illicit or incorrect use of the same and unauthorized access. The user’s data will be kept by the data controller for a maximum of two years from the last interaction with the user and up to any cancellation order by the interested party, including data which need not be kept in relation for the purposes for which they were collected, in compliance with the rights enshrined in articles 15 – 21 GDPR and to be implemented in the manner referred to in the following paragraph “Your Rights”. It is the responsibility of each individual user in charge to guarantee and verify the ownership and custody of their passwords and related access codes to web resources.

Consent to the processing of personal data

The data controller processes the data of its users / customers exclusively with their consent. However, if the user does not consent to the processing of data or requests the cancellation of their data, it will not be possible to access the restricted areas of the Company’s website / portal.

Optional supply of data

Apart from that specified for navigation data, the user has the right to provide or not the personal data contained in the request and / or registration forms of the website / web portal of the data controller. Failure to provide them may make it impossible to obtain what is requested. For the sake of completeness, it should be noted that in some cases (not subject to the ordinary management of this site) the Authority may request news and information pursuant to art. 58 GDPR, for the purpose of controlling the processing of personal data. In these cases, the reply is mandatory under penalty of an administrative sanction.

Right to access personal data and other rights

Users of the website / web portal can always contact the Data Controller to assert their rights as provided for by articles 15 to 21 of the GDPR on the basis of which:

1. The interested party has the right to obtain confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:
   • the purposes of the processing;
   • the categories of personal data in question;
   • the recipients or categories of recipients to whom the personal data have been or communicated, in particular if they are recipients of third countries or international organizations;
   • when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
   • the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
   • the right to challenge a supervisory authority;
   • if the data are not collected from the data subject, all available information on their origin;
   • the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the interested party.
2. The interested party has the right to obtain:
   • updating, rectification or, when interested, integration of data
   • the deletion of data concerning him for the reasons specifically provided for by art. 17 GDPR (right to be forgotten), the transformation into anonymous form or the blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were or subsequently processed;
3. The data controller, in the event that the personal data have been made public and is obliged to delete them at the request of the interested party, takes reasonable measures, including technical ones, to inform those who are processing the personal data of the request of the ‘interested in deleting any link, copy or reproduction of his personal data, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.
4. The interested party has the right to object, pursuant to art. 21 GDPR, in whole or in part:
   • for reasons connected with his particular situation to the processing of personal data concerning him, even if pertinent to the purpose of the collection. The data controller refrains from further processing personal data unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court.
   • to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.

In accordance with these provisions, and in addition to the other rights specified here, the data controller provides users of its website / web portal with the following possibilities:

1. no collection of personal data:
   The user can choose not to provide personal data online to the data controller by deciding not to enter or release personal information in the registration forms or form fields on the web, or in this case by not using any of the personalized services available. on the Company’s website / portal. Some of the contents and / or services of the site / portal are offered exclusively to users who release personal information or who use personalized services.
2. limitations on the use and communication of personal data for different purposes:
   Access to certain sections of the content and / or services of the website of the data controller may require the user’s consent to use and release personal data in order to implement the contact list and / or to identify and offer additional services and promotions considered interesting for the user. Users can limit the further processing of such information that can be carried out by verifying or choosing the options to be set at the time of data entry.

Furthermore, the information provided after the first registration can be modified or deleted by changing the settings previously entered in the registration form on the website / web portal of the data controller, by accessing the appropriate “Newsletter” section on the home page. It is also possible for users to access their personal data, released and stored online and, where permitted, it is also possible to update and modify personal data online.

Cookies

The “cookie” technology is used to obtain information about the experience had on the website / web portal and to allow the operation of some services that require the passage of the user to be identified on the various pages.

What are cookies?

A “cookie” constitutes information sent by a server to a browser and allows the server to collect information from the browser and vice versa. The cookie will help the website / portal to recognize your device if the website / portal is visited again. Cookies serve many functions. For example, they can help us remember your usernames and preferences, analyze the performance of our website or even allow us to recommend content that we think may be of interest to you.

Our cookies are normally anonymous and cannot be linked to the user’s personal data. First-party cookies are associated with the domain name of the page you are visiting and allow you to identify the person by cross-referencing our database, they can only be assigned upon explicit request by users and in order to allow their immediate identification for access restricted areas of the website, without users having to manually enter the login and password. In any case, the user’s identity is never included directly in the cookie and cannot be intercepted.

Each time you access the website / web portal, regardless of the presence or absence of a cookie, we record the type of browser, the operating system and the host together with the visitor’s source URL, as well as the information on the requested page. These data can, therefore, be used in aggregate and anonymous form to perform statistical analysis on the use of the website.