Privacy Policy

Foreword
Definitions
Information on the processing of your personal data
Cookies
Your rights
How to exercise your rights and/or request information

Foreword

Dear User,
this Privacy Policy is provided pursuant to art. 13 of Regulation 2016/679/EU - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, also "the Regulation" or "GDPR"). Within this Privacy Policy you will find information relating to the processing of your personal data, resulting from the navigation within the web spaces and the use of services made available to you through the website. You will be provided with specific and / or supplementary information on the processing of your personal data on each occasion in which we collect them, in your interaction with the site or by virtue of contractual relationships established with our company.

Warning: this Privacy Policy does not apply to web services provided by third parties, which you may use or consult and reached through hypertext links. In this regard, we invite you to consult the privacy policies provided by these third parties in the appropriate locations.

Definitions

Privacy Law:
The GDPR, the Privacy Code, the provisions of the Guarantor and in general all legislation on the protection of individuals with regard to the processing of Personal Data.
GDPR or Regulation:
European Union Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (General Data Protection Regulation).
Data Subject:
The identified or identifiable natural person to whom the Personal Data refers.
Navigation data:
The computer systems and software procedures used to operate the Web Services acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could allow, through processing and association with data held by third parties, to identify users. However, if the browsing session takes place after accessing the Reserved Area (c.d. log in), the data collected are associated with the User's personal account. Navigation data include:
  • IP addresses or domain names of the computers used by the users who connect to the site;
  • the addresses in URI (Uniform Resource Identifier) notation of the requested resources;
  • the time of the request;
  • the method used to submit the request to the server;
  • the size of the file obtained in response;
  • the numerical code indicating the status of the response given by the server (successful, error, etc.);
  • other parameters relating to the User's operating system and computer environment.
Data provided by the user:
These are the data that the User voluntarily and knowingly transmits through communications (e.g., through e-mail, to addresses within the web domain) or through the completion of special forms, if present within the spaces provided by the Services. Data provided by the User are only those strictly necessary for the purposes from time to time pursued by the Services (for precise indications regarding the categories of data collected from time to time, please refer to the individual privacy policies of reference). By way of example, such data may include:
  • personal details;
  • contact details (e.g. e-mail address);
  • data related to the contractual position of the User-Customer;
  • geolocation data (if the User has expressed consent to the collection of data relating to his/her location);
  • data concerning the use of individual Services made available to the User;
  • data concerning facts and events exposed by the User in their messages (in this regard, and for their greater protection, the User is invited not to provide information that is not strictly pertinent to the subject of the request and the nature of the Services provided by the Company).
Data Controller:
The subject who decides on the purposes and methods of the processing of Personal Data. With reference to Web Services, it is the Company of the Unipol Group to which this site refers and of which you can find the references at the bottom of each page.
Services or Web Services:
The services provided through the internet network, used through the website and/or any APPs.
User:
The data subject (natural person) who browses, consults, accesses or uses the Web Services.
DPO:
The Data Protection Officer. The User may request clarification regarding the processing of Personal Data or exercise his/her rights by contacting the DPO, in the manner and form indicated in the section "How to exercise your rights and/or request information".
Garante Privacy:
The Italian National Supervisory Authority for the protection of personal data. Visit the Authority's website.
Cookies:
Cookies are pieces of information recorded on your device (e.g., within the memory of your browser) when you visit a website or use a web application. Each cookie may contain various data, such as, for example, the name of the server from which it comes, a numerical identifier, etc. See our Cookie Policy for more information.

Information on the processing of your personal data

Below we provide you with useful information regarding the processing of Personal Data carried out through the Web Services. In particular, we want to inform you about

Data Controller Registered Office
Leithà S.r.l. Via Stalingrado 37, 40128 Bologna (Italy)

Categories of Personal Data, purpose, legal basis of processing and retention periods

Category of Personal Data Purpose of Processing Legal basis Storage Period
Navigation data Allow web browsing and the provision of Services Necessity to perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract For the duration of web browsing within the Services
Data provided by the User: provision of Web Services Request of information Necessity to carry out data subject's requests (pre-contractual stage) or legitimate interest For the time necessary to carry out the request

The provision Personal Data is free and optional. We remind you, however, that the provision of Personal Data is essential to fulfil certain purposes (e.g.to provide you with the appropriate feedback requested, or for the provision of individual services); in such cases, failure to provide Personal Data may result in the impossibility to carry out said purposes.

Means of processing and recipients of data

The above data will not be subject to disclosure and may be known by employees of our company specifically authorized to process them. They may also be acquired and/or processed by other companies of the Unipol Group and/or the companies. Processing operations may be carried out by external subjects to whom we entrust the performance of activities on our behalf, and with whom we sign specific agreements aimed at regulating the processing of data. Finally, the data may be communicated upon request to public authorities or law enforcement agencies. The processing of Personal Data is always subject to the adoption of appropriate security measures to ensure the confidentiality, availability and integrity of the data.

Your rights

Privacy Law (art. 15-22 of the Regulation) guarantees the User, in his/her capacity of data subject, the right to access the data concerning him or her, as well as the right to obtain the rectification and/or integration, ereasure or portability of personal data concerning him or her. The Privacy Regulation also gives the User the right to request from the controller restriction of processing and to object to processing, as well as the possibility to withdraw consent (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal).

Rights What is it about? When can you exercise the right?
Right of access The data subject shall have the right to obtain from the controller:
  • confirmation as to whether or not personal data concerning him or her are being processed,
  • access to the personal data,
  • information regarding the processing of personal data (e.g.purposes of the processing, the envisaged period for which the personal data will be stored, the recipients or categories of recipient to whom the personal data might be disclosed...).
At any time.
Right to rectification or integration The data subject shall have the right to obtain from the controller the:
  • rectification,
  • integration,
  • update
of personal data concerning him or her.
When the personal data processed are inaccurate/incomplete.
Right to ereasure The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her. Where one of the following grounds applies:
  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21 and there are no overriding legitimate grounds for the processing;
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Right to restriction of processing The data subject shall have the right to obtain from the controller restriction of processing. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where one of the following applies:
  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to object The data subject shall have the right to object at any time to processing of personal data concerning him or her which is based on legitimate interests or public interest (including processing for direct marketing purposes). On grounds relating to the the data subject's particular situation (with the exception of processing for direct marketing purposes).
Right not to be subject to a decision based solely on automated processing The data subject shall have the right not to be subject to automated individual decision-making processes. If the if the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller, is based on the data subject's explicit consent, or is authorised by Union or Member State law, the data subject shall have the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. Where a decision is based solely on automated processing, including profiling, and it produces legal effects concerning the data subject or similarly significantly affects him or her.
Right to data portability The data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format. Where:
  1. the personal data were provided to the controller by the data subject;
  2. the processing is based on consent or on a contract; and
  3. the processing is carried out by automated means.
Right to withdraw consent The data subject shall have the right to withdraw consent on which the processing is based, without affecting the lawfulness of processing based on consent before its withdrawal. At any time.

How to exercise your rights and/or request information

The Data Protection Officer is at your disposal for any clarification you might need on your rights or to obtain an updated list of the subjects to which your data may be communicated; you may contact the Data Protection Officer at following e-mail address: privacy@leitha.eu. You can also file a complaint with the Italian Data Protection Authority lto protect your data and your rights.

Back