PRIVACY POLICY– DIGITAL OPEN DAYS

Dear Sir/Madam (hereinafter the Data Subjects)

The following paragraphs provide a series of information useful to understand how we process personal data, in compliance with the provisions on data protection and the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality.

Therefore, we encourage you to read this policy carefully, specifying that in order to obtain complete information about the processing of personal data by POLI.design, data subject are invited to view the privacy page of the website.

1. Definitions
Privacy legislation (applicable to the protection of personal data)
Set of all legislation referring to the protection of personal data: EU Regulation 679/2016 (GDPR or RGPD), D.Lgs. 196/2003 (Code), D.Lgs. 101/2018, D.Lgs. 51/2018, Guidelines of the EDPB (formerly WP29), deontological rules and general authorizations of the Data Protection Authority, measures of the Data Protection Authority where applicable, international regulations of scope
Processing
Any operation or set of operations, performed whether or not by automated means, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission/dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.
Data Controller
The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data.
Personal Data
Any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is any natural person who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more characteristic elements of his or her identity: physical physiological, genetic, mental, economic, cultural or social.
Special categories of personal data (formerly sensitive)
Personal information relating to ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health status, life or sexual orientation of the data subject, as well as genetic, biometric and geo-location information.
Data related to criminal convictions and offenses
Personal information related to criminal convictions, felonies, or related security measures.

2. THE DATA CONTROLLER

POLI.design Scrl (hereinafter POLI.design) – located in Via Don Giovanni Verità n. 25, 20158 Milan; VAT number 12878090153 – is the Data Controller, in the person of the pro-tempore Legal Representative, of your personal data as defined in the DEFINITIONS paragraph of this document. For any information you may contact him at the e-mail address privacy@polidesign.net.

The Data Controller has proceeded to identify and appoint a Data Protection Officer or Data Protection Officer (hereinafter DPO), who is available at the e-mail address dpo@polidesign.net.

3. ORIGIN OF HIS DATA and CATEGORY OF DATA COLLECTED.

The data being processed are those you provide when filling out forms on https://opendays22.polidesign.net/. The data collected are first name, last name, e-mail address telephone number and other personal and contact data, as well as navigation data.

4. INFORMATION COLLECTED WHILE NAVIGATING THE WEBSITE - COOKIE

These data are transmitted in the use of Internet communication protocols, which are collected by hardware devices and software procedures supporting the site. This includes IP addresses, domain names of terminals used by users, information on which pages have been visited or other parameters related to the user’s operating system and computer environment. Technical cookies are used to enable efficient website navigation and user profiling cookies or other cookies from third-party vendors that may track your behaviour. Please refer to the Cookie Policy for an extended description of cookies.

4. INFORMATION COLLECTED WHILE NAVIGATING THE WEBSITE - COOKIE

These data are transmitted in the use of Internet communication protocols, which are collected by hardware devices and software procedures supporting the site. This includes IP addresses, domain names of terminals used by users, information on which pages have been visited or other parameters related to the user’s operating system and computer environment. Technical cookies are used to enable efficient website navigation and user profiling cookies or other cookies from third-party vendors that may track your behaviour. Please refer to the Cookie Policy for an extended description of cookies.

5. PURPOSE OF THE PROCESSING and LEGAL BASIS OF THE PROCESSING.

POLI.design processes your personal data that you voluntarily provide to us, such data are collected and processed on the basis of the execution of pre-contractual measures and subsequent contractual fulfilments for the purpose:

  1. To respond to specific messages from you;
  2. To provide feedback following completion of the “Register Now” registration form;
  3. To access online events.

The data are also used for POLI.design marketing purposes but only in the presence of express consent. In this regard, please note that consent can be revoked at any time without affecting the legitimacy of the processing carried out prior to the occurrence of such revocation.

POLI.design process, also, the navigation data of the data subject. These are data transmitted in the use of Internet communication protocols, which are collected by hardware devices and software procedures supporting the site. The range of such data includes IP addresses, domain names of terminals used by users, information on which pages have been visited or other parameters related to the user’s operating system and computer environment. These data are processed by POLI.design on the basis of the owner’s legitimate interest in the operation of the website or on the legal basis of consent, should the data subjects decide to consent to the installation of profiling and/or marketing cookies.

6. MANDATORY REPORTING OF DATA

The provision of the personal data requested when filling out the forms on the website https://opendays22.polidesign.net/, is not mandatory for the purposes contained in the paragraph PURPOSE OF THE PROCESSING and LEGAL BASIS OF THE PROCESSING points A, B and C of this policy, however, in the absence of the data requested when filling out the forms, POLI.design will not be able to follow up on your requests

7. PLACE OF DATA PROCESSING and MODALITIES OF DATA PROCESSING.

Your data are processed within the European Union. All processing operations are carried out by means of computer/electronic tools, including automated tools, and on paper. In case of transfer to non-EU territory, the Data Controller will take care to adopt all the guarantees provided by the GDPR in this regard.

8. SUBJECTS AUTHORIZED TO THE PROCESSING

Your data are processed by employees and collaborators (the authorized persons in charge of processing, i.e., former appointees) working under the authority of POLI.design.

9. COMMUNICATION OF YOUR DATA TO THIRD PARTIES

The Data Controller has outsourced the site development and maintenance services to a specialized provider. In addition, the site and the mail domain used to receive your messages are managed, by a specialized provider.

Outside of these subjects, who may come into contact with your personal data by virtue of their relationship with POLI.design, which has specifically appointed them as “Data Processors” in accordance with Article 28 of the RGPD, the aforementioned data will not be communicated to other subjects or disseminated. The list of Data Processors can be consulted upon request.

10. RETENTION PERIOD OF COLLECTED DATA

Personal data collected by means of messages sent through the website emails will be kept up to 1 year where, as a result of the request for information or contact, no commercial and/or contractual relationship is established. Otherwise, your data will be retained up to 10 years, in accordance with the prescriptive terms of the law. 

On the other hand, regarding the retention period of cookies, please refer to the cookie policy.

11. YOUR RIGHTS

The Data Subjects have the right to obtain, in the cases provided for, access to their personal data and the rectification and/or cancellation of such data and/or the limitation of the processing that concerns them and/or to oppose the processing (Articles 15 et seq. of the GDPR). The appropriate request is to be submitted directly to POLI.design at the contact details indicated in the paragraph DATA CONTROLLER of this policy. The Data Subjects who believe that the processing of personal data, carried out according to the methods indicated herein, takes place in violation of the provisions of the GDPR, have the right to lodge a complaint with the Supervisor Authority, as provided for in Art. 77 of the GDPR itself, or to take appropriate legal action (Art. 79 of the GDPR).