- This section contains information on the management procedures of Associazione Italiana Investor Relations - AIR, with registered office in Milan (MI), via E. Toti 2, Tax Code 04794080962, with reference to the processing of data of the users of the website www.associazioneir.it.
- This policy is also valid for the purposes of Article 13 of Legislative Decree 196/2003, the Personal Data Protection Code, and for the purposes of Article 13 of Regulation (EU) 2016/679, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, for those who interact with Associazione Italiana Investor Relations (Italian Investor Relations Association - AIR) and is available at the home page www.associazioneir.it
- The policy applies exclusively to the website www.associazioneir.it and not to other websites that may be consulted by the user via links contained therein.
- The purpose of this document is to provide indications on the methods, timing and nature of the information with which data controllers must provide users when they connect to the webpages of Associazione Italiana Investor Relations - AIR regardless of the purpose of connection, according to Italian and European legislation.
- If the user is under sixteen years of age, in accordance with Article 8(1) of Regulation (EU) 2016/679, they will have to legitimise their consent by means of parental or guardian authorisation.
II - DATA PROCESSING
A. Data Controller
- The data controller is the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the data processing. The data controller also deals with security aspects.
- With regard to this website, the data controller is Associazione Italiana Investor Relations - AIR and the user may contact the data controller for any clarification or for the exercise of their rights at the following email address: firstname.lastname@example.org
B. Data processor
- The processor is the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller.
- Pursuant to Article 28 of Regulation (EU) 2016/679, upon appointment of the data controller, the data processor of the website www.associazioneir.it is Ms Maria De Luca.
- Place of data processing: the data processing resulting from the use of www.associazioneir.it takes place at the registered office of the company (Milan, via E. Toti 2)
- If necessary, the data connected to a newsletter service, if any, may be processed by the data processor or persons charged by the latter with this task at the relevant offices.
III - COOKIES
A. Type of cookies
- A cookie consists of a small set of data transferred to the user’s browser from a web server and can only be read by the server that made the transfer. It is not an executable code and does not transmit viruses.
- Cookies do not record any personal data and any identifiable data shall not be stored. Users may prevent some or all cookies from being saved. However, this may affect the operation of the website and the services it offers. To proceed without changing the cookie options, users should just continue browsing.
Below are the types of cookies used by the website:
- Numerous technologies are used to store information on the user’s device, which is then collected by other websites. Among these, the best known and used is the HTML technology. Such cookies are used for browsing and to facilitate access to, and use of, the website by the user. They are necessary for the transmission of communications via an electronic network or for the supplier to provide the service requested by the client.
- The settings for managing or disabling COOKIES may vary depending on the web browser used. In any case, the user can manage cookies or request that they be disabled or deleted by changing the settings of their browser. Disabling cookies may slow down or prevent access to certain parts of the website.
- The use of technical cookies allows for the safe and efficient use of the website.
- COOKIES that are inserted in the browser and retransmitted through Google Analytics or through the statistics service of bloggers or similar services are technical only if used for site optimization purposes directly by the site owner, which may collect information in aggregate form on the number of users and on how they visit the website. Under these conditions, Analytics COOKIES are subject to the same rules on information and consent as those applicable to technical cookies.
- In terms of duration, a distinction can be made between temporary session cookies, which are automatically deleted at the end of the browsing session and are used to identify the user and thus avoid logging in for every single page visited, and permanent cookies that, conversely, remain active in the device until expiry or deletion by the user.
- Session cookies may be installed in order to allow an authenticated user to access and surf the reserved area of the portal.
- Session cookies are not stored permanently but only for the duration of navigation until the browser is closed and disappear when the browser is closed. Their use is strictly limited to the transmission of session identifiers consisting of random numbers generated by the server, which are necessary to allow for the safe and efficient surfing of the website.
Third Party Cookies
- Depending on origin, there is a distinction between cookies that are sent to the browser directly from the website the user is visiting, and third party cookies that are sent to the user’s device from other websites and not from the one the user is visiting.
- Permanent cookies are often third party cookies.
- Most third party cookies are tracking cookies used to identify online behaviour, understand interests and then customize advertising proposals for users.
- Third party analytics cookies may be installed. They are sent from third party domains that are not part of the website.
- Third party analytics cookies are used to collect information about user behaviour on www.associazioneir.it. Information shall be collected anonymously in order to monitor performance and improve site usability. Third party profiling cookies are used to create user profiles on www.associazioneir.it, in order to propose advertising messages in line with the choices made by users.
- The use of these cookies shall be governed by the rules established by the third parties themselves. Therefore, users are invited to read the privacy policies and the instructions on how to manage or disable cookies published in the relevant web pages.
- Profiling cookies are aimed at creating user profiles and are used to send advertising messages in line with the preferences shown by the user while surfing the Internet.
- The use of these types of COOKIES requires the user’s explicit consent.
- Article 22 of Regulation (EU) 2016/679 and Article 122 of the Data Protection Code shall apply.
IV - DATA PROCESSED
A. Method of processing
- Like all websites, this website too uses log files in which information is stored that is collected automatically during user visits. The information collected could include:
Internet protocol (IP) address;
- browser type and device parameters used to connect to the website;
- name of the internet service provider (ISP);
- date and time of the visit;
- referer and exit page; and
- possibly the number of clicks.
- The aforesaid information is processed in automated form and collected in aggregated form only, in order to verify the correct operation of the website and for security reasons. This information shall be processed based on the controller’s legitimate interests.
- For security purposes (anti-spam filters, firewalls, virus detection), the automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with the laws in force, to block attempts to damage the website or cause damage to other users or harmful or criminal activities. Such data shall never be used for user identification or profiling purposes; they shall be used exclusively to protect the website and its users, according to the controller’s legitimate interests.
- The information that site users decide to disclose to the public through the services and tools made available to them shall be provided by users knowingly and voluntarily, exempting this website from any liability for breach of law. It is the user’s duty to verify that they have permission to enter personal data of third parties or content protected by domestic and international regulations.
B. Purposes of data processing
- The data collected by the website while operating shall be used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the specified activities and, in any case, for no longer than 2 years.
- The data used for security purposes (namely, to block attempts to damage the website) shall be kept for the time strictly necessary to achieve the purpose previously specified.
C. Data provided by the user
- As reported above, the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website shall involve the subsequent acquisition of the sender’s address, which is necessary to reply to their requests, and of any other personal data included in the message.
- Specific summary information shall be progressively reported or displayed on the site pages set up to provide special services on request.
D. Support in configuring the user’s browser
- Users may also manage cookies through their browser settings. However, when a user deletes cookies from their browser, the preferences they have set for the website may be removed. For more information and support users can also visit the specifically dedicated help page of the web browser they are using:
- Internet explorer
E. Social Network Plugins
- The collection and use of information obtained through the plugin shall be governed by the respective privacy policies of social networks, to which reference must be made:
- Facebook: https://www.facebook.com/help/cookies
- Twitter: https://support.twitter.com/articles/20170519-uso-dei-cookie-e-d-altre-tecnologie-simili-da-parte-di-twitter
- Google +: http://www.google.com/policies/technologies/cookies
- Pinterest: https://about.pinterest.com/it/privacy-policy
- AddThis: http://www.addthis.com/privacy/privacy-policy
- LinkedIn: https://www.linkedin.com/legal/cookie/policy
V - USER RIGHTS
- Article 13(2) of Regulation (EU) 2016/679 lists the rights of users.
- This site www.associazioneir.it therefore intends to inform the user that they have the following rights:
- the right of the data subject to ask the data controller for access to personal data (Article 15 EU Regulation), their updating (Article 7(3) subparagraph a) of Legislative Decree 196/2003), rectification (Article 16 of EU Regulation), integration (Article 7(3) subparagraph a) of Legislative Decree 196/2003), restriction of processing (Article 18 of EU Regulation) or the right to object to the processing of their data on legitimate grounds (Article 21 of EU Regulation), in addition to the right to data portability (Article 20 of EU Regulation);
- the right to obtain the erasure of data (Article 17 of EU Regulation), transformation into anonymous form or blocking of data processed in breach of law, including data whose storage is unnecessary for the purposes for which the data were collected or subsequently processed (Article 7(3) subparagraph b) of Legislative Decree 196/2003);
- the right to obtain certification that the operations involving the updating, rectification, integration, erasure, blocking of data or data transformation have been notified, also as regards their contents, to those to whom the data were disclosed or communicated, unless this requirement proves impossible or involves the use of clearly disproportionate means in view of the protected right (Article 7(3) subparagraph c) of Legislative Decree 196/2003).
- Requests can be sent to the data controller to the above-mentioned email address (without formalities) or by using the form provided by the Garante Privacy (Italian Data Protection Authority).
- Where the processing is based on Article 6(1) subparagraph a) - express consent to the use - or on Article 9(2) subparagraph a) - express consent to the use of genetic, biometric, health-related data or data concerning religious or philosophical beliefs or trade union membership, or data consisting of racial or ethnic origin or political opinions - the user has the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawal.
- Likewise, in case of breach of law, the user has the right to lodge a complaint with the Garante Privacy as the authority responsible for monitoring the data processing in the Italian State.
- For a more detailed examination of user rights, reference must be made to Articles 15 et seq. of Regulation (EU) 2016/679 and Article 7 of Legislative Decree 196/2003.
VI - FORMALITIES
- The data controller shall notify the Garante Privacy of the processing of personal data it intends to carry out, only if the processing regards:
- genetic or biometric data or data indicating the geographical position of persons or objects via an electronic communication network;
- data capable of revealing the subject’s state of health and sex life, processed for the purposes of assisted reproduction, provision of health services by telecommunication technologies related to databases or the supply of goods, epidemiological investigations, detection of mental, infectious and transmissible diseases, seropositivity, organ and tissue transplantation and monitoring of health expenditure;
- data capable of revealing the subject’s sex life or psychological life, processed by political, philosophical, religious or trade associations, bodies and non-profit organizations, even not recognized;
- data processed with the help of electronic means aimed at defining the profile or personality of the data subject or at analysing consumption habits and choices or at monitoring the use of electronic communication services with the exclusion of processing operations that are technically essential to provide users with these services;
- sensitive data recorded in databases for the purpose of recruiting personnel on behalf of third parties, as well as sensitive data used for opinion polls, market surveys and other sample-based research; and
- data recorded in special databases managed with electronic instruments and relating to the risk of financial solvency and standing, correct fulfilment of obligations, illegal or fraudulent conduct.
VI - SECURITY OF DATA PROVIDED
- This site shall process user data in a lawful and correct manner, taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data. The data shall be processed with computer and/or telecommunication means, with organisational modalities and logics strictly connected with the specified purposes.
- In some cases, in addition to the controller, other persons may have access to the data, including categories of persons involved in website organization (administrative, marketing, and sales staff, legal advisors, system administrators) and external parties (such as third party providers of technical services, postal carriers, hosting providers, IT companies, and communication agencies).
VIII - AMENDMENTS TO THIS DOCUMENT
- It may be subject to changes or updates. Users shall be notified of any relevant changes and updates by means of appropriate notices.
- However, previous versions of this document shall be available for consultation on this page.
- This document was updated on 8 April 2020 to comply with the applicable provisions and in particular with Regulation (EU) 2016/679.