Foreword

Definitions

Information on the processing of your personal data

Cookies

Your rights

How to exercise your rights and/or request information

Foreword

Dear User,
this Privacy Policy is provided pursuant to art. 13 of Regulation 2016/679/EU - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, also "the Regulation" or "GDPR"). Within this Privacy Policy you will find information relating to the processing of your personal data, resulting from the navigation within the web spaces and the use of services made available to you through the website. You will be provided with specific and / or supplementary information on the processing of your personal data on each occasion in which we collect them, in your interaction with the site or by virtue of contractual relationships established with our company.

Warning: this Privacy Policy does not apply to web services provided by third parties, which you may use or consult and reached through hypertext links. In this regard, we invite you to consult the privacy policies provided by these third parties in the appropriate locations.

Definitions

Privacy Law:

The GDPR, the Privacy Code, the provisions of the Guarantor and in general all legislation on the protection of individuals with regard to the processing of Personal Data.

GDPR or Regulation:

European Union Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (General Data Protection Regulation).

Data Subject:

The identified or identifiable natural person to whom the Personal Data refers.

Navigation data:

The computer systems and software procedures used to operate the Web Services acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could allow, through processing and association with data held by third parties, to identify users. However, if the browsing session takes place after accessing the Reserved Area (c.d. log in), the data collected are associated with the User's personal account. Navigation data include:

• IP addresses or domain names of the computers used by the users who connect to the site;
• the addresses in URI (Uniform Resource Identifier) notation of the requested resources;
• the time of the request;
• the method used to submit the request to the server;
• the size of the file obtained in response;
• the numerical code indicating the status of the response given by the server (successful, error, etc.);
• other parameters relating to the User's operating system and computer environment.

Data provided by the user:

These are the data that the User voluntarily and knowingly transmits through communications (e.g., through e-mail, to addresses within the web domain) or through the completion of special forms, if present within the spaces provided by the Services. Data provided by the User are only those strictly necessary for the purposes from time to time pursued by the Services (for precise indications regarding the categories of data collected from time to time, please refer to the individual privacy policies of reference). By way of example, such data may include:

• personal details;
• contact details (e.g. e-mail address);
• data related to the contractual position of the User-Customer;
• geolocation data (if the User has expressed consent to the collection of data relating to his/her location);
• data concerning the use of individual Services made available to the User;
• data concerning facts and events exposed by the User in their messages (in this regard, and for their greater protection, the User is invited not to provide information that is not strictly pertinent to the subject of the request and the nature of the Services provided by the Company).

Data Controller:

The subject who decides on the purposes and methods of the processing of Personal Data. With reference to Web Services, it is the Company of the Unipol Group to which this site refers and of which you can find the references at the bottom of each page.

Services or Web Services:

The services provided through the internet network, used through the website and/or any APPs.

User:

The data subject (natural person) who browses, consults, accesses or uses the Web Services.

DPO:

The Data Protection Officer. The User may request clarification regarding the processing of Personal Data or exercise his/her rights by contacting the DPO, in the manner and form indicated in the section "How to exercise your rights and/or request information".

Garante Privacy:

The Italian National Supervisory Authority for the protection of personal data. Visit the Authority's website.

Cookies:

Cookies are pieces of information recorded on your device (e.g., within the memory of your browser) when you visit a website or use a web application. Each cookie may contain various data, such as, for example, the name of the server from which it comes, a numerical identifier, etc. See our Cookie Policy for more information.

Information on the processing of your personal data

Below we provide you with useful information regarding the processing of Personal Data carried out through the Web Services. In particular, we want to inform you about

• the identification and contact details of the Data Controller;
• the contact details of the Data Protection Officer (DPO);
• the categories of Personal Data processed through the Web Services;
• the purposes for which such Personal Data are processed from time to time;
• the assumptions that justify the processing of such data (so-called legal bases);
• the duration of their storage, which is always strictly necessary for the pursuit of the stated purposes; and
• the categories of recipients of the data communication.

Data Controller	Registered Office
Leithà S.r.l.	Via Stalingrado 37, 40128 Bologna (Italy)

Categories of Personal Data, purpose, legal basis of processing and retention periods

Category of Personal Data	Purpose of Processing	Legal basis	Storage Period
Navigation data	Allow web browsing and the provision of Services	Necessity to perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract	For the duration of web browsing within the Services
Data provided by the User: provision of Web Services	Request of information	Necessity to carry out data subject's requests (pre-contractual stage) or legitimate interest	For the time necessary to carry out the request

The provision Personal Data is free and optional. We remind you, however, that the provision of Personal Data is essential to fulfil certain purposes (e.g.to provide you with the appropriate feedback requested, or for the provision of individual services); in such cases, failure to provide Personal Data may result in the impossibility to carry out said purposes.

Means of processing and recipients of data

The above data will not be subject to disclosure and may be known by employees of our company specifically authorized to process them. They may also be acquired and/or processed by other companies of the Unipol Group and/or the companies. Processing operations may be carried out by external subjects to whom we entrust the performance of activities on our behalf, and with whom we sign specific agreements aimed at regulating the processing of data. Finally, the data may be communicated upon request to public authorities or law enforcement agencies. The processing of Personal Data is always subject to the adoption of appropriate security measures to ensure the confidentiality, availability and integrity of the data.

Cookies

Cookies are small text files that visited website transmit to the user's device (desktop, tablet, smartphone, notebook), where they are stored, to be retransmitted to the same websites on the user's next visit. Cookies are used to perform computer authentication, session monitoring and storage of information on the sites (without the use of "technical" cookies some operations would be very complex or impossible to perform). The cookies we use are divided into the following categories.

Technical Cookies

Technical cookies allow easy use of the website and easier retrieval of information, simplifying the connection and transmission of data between the user and the website; in particular, we use temporary and permanent navigation or session cookies: they guarantee normal navigation and use of the website allowing, for example, to save information inherent to navigation, to store data to keep the navigation session active and/or to save information inherent to the "full screen" on/off settings when navigating the site. For the installation of these cookies, which are automatically deleted when the browser is closed, the user's prior consent is not required. We also inform you that, at any time, you may authorize, limit or block cookies through your browser settings; however, if you set your device to refuse these cookies, some services on the website may not be displayed correctly or may not function optimally, in particular, the operations that allow the user to be identified and remain identified during the session may be more complex to perform and less secure in the absence of technical cookies.

Please note that you can authorize, limit or block cookies through your browser settings; however, if you set your device to refuse technical cookies, some services on the site may not display correctly or may not function optimally. In this section you will find information to disable cookies on your browser. If your browser is not listed below, please refer to the instructions on your browser regarding the handling of cookies.

Internet Explorer version 6 or later​

• Select "Tools" in your browser bar;​
• Select "Internet Options;​
• Select "Privacy" tab and then click on "Advanced"​;
• Select "Replace automatic cookie management" Disable "Cookies from displayed websites" by selecting "Block";
• Disable "Third Party Cookies" by selecting "Lock";
• Disable "Session cookies" by unchecking "Always accept session cookies";
• Click "OK".

Firefox version 9 or later

• ​Select "Tools" in your browser bar;
• ​Select "Options"​;
• ​Select "Privacy" tab;
• ​In the "History" section choose from the drop-down menu the option "Use custom settings";
• ​Disable cookies by unchecking "Accept cookies from sites";
• ​Click "OK".​

Google Chrome version 24 or later

• ​Select "Chrome Menu" in your browser bar;
• Select "Settings";
• Select "Show advanced settings";
• In the "Privacy" section click on "Content setting";
• Disable all cookies by selecting "Prevent sites from setting data" and "Block third party cookies and site data";
• Click "OK".

Your rights

Privacy Law (art. 15-22 of the Regulation) guarantees the User, in his/her capacity of data subject, the right to access the data concerning him or her, as well as the right to obtain the rectification and/or integration, ereasure or portability of personal data concerning him or her. The Privacy Regulation also gives the User the right to request from the controller restriction of processing and to object to processing, as well as the possibility to withdraw consent (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal).

Rights	What is it about?	When can you exercise the right?
Right of access	The data subject shall have the right to obtain from the controller: confirmation as to whether or not personal data concerning him or her are being processed, access to the personal data, information regarding the processing of personal data (e.g.purposes of the processing, the envisaged period for which the personal data will be stored, the recipients or categories of recipient to whom the personal data might be disclosed...).	At any time.
Right to rectification or integration	The data subject shall have the right to obtain from the controller the: rectification, integration, update of personal data concerning him or her.	When the personal data processed are inaccurate/incomplete.
Right to ereasure	The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her.	Where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing; the data subject objects to the processing pursuant to Article 21 and there are no overriding legitimate grounds for the processing; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Right to restriction of processing	The data subject shall have the right to obtain from the controller restriction of processing. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.	Where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to object	The data subject shall have the right to object at any time to processing of personal data concerning him or her which is based on legitimate interests or public interest (including processing for direct marketing purposes).	On grounds relating to the the data subject's particular situation (with the exception of processing for direct marketing purposes).
Right not to be subject to a decision based solely on automated processing	The data subject shall have the right not to be subject to automated individual decision-making processes. If the if the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller, is based on the data subject's explicit consent, or is authorised by Union or Member State law, the data subject shall have the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.	Where a decision is based solely on automated processing, including profiling, and it produces legal effects concerning the data subject or similarly significantly affects him or her.
Right to data portability	The data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format.	Where: the personal data were provided to the controller by the data subject; the processing is based on consent or on a contract; and the processing is carried out by automated means.
Right to withdraw consent	The data subject shall have the right to withdraw consent on which the processing is based, without affecting the lawfulness of processing based on consent before its withdrawal.	At any time.

How to exercise your rights and/or request information

The Data Protection Officer is at your disposal for any clarification you might need on your rights or to obtain an updated list of the subjects to which your data may be communicated; you may contact the Data Protection Officer at following e-mail address: privacy@leitha.eu. You can also file a complaint with the Italian Data Protection Authority lto protect your data and your rights.