Privacy Policy

Privacy Policy

This information on the processing of personal data (hereinafter, “Disclosure”) is provided pursuant to Article 13 of EU Regulation 679/2016 (General Data Protection Regulation – hereinafter, “GDPR”).

The Disclosure describes in detail how and for what purposes your personal data will be processed when you browse the website https://www.inc-comunicazione.it (hereinafter, the “Website”) and use the various functions and services made available within it.

A) DATA CONTROLLER
The data controller of your personal data is the Istituto Nazionale per la Comunicazione S.r.l. with registered office in Viale Regina Margherita 290 – 00198 Rome – VAT no.: 01014351009. (hereinafter referred to as “Data Controller”).
You may contact the Data Controller, for questions, requests or clarifications concerning this Disclosure or the processing of your personal data in general, at the following addresses:

• email address (specfying ‘Privacy’ in the subject line): privacy@inc-comunicazione.it
• phone: +39 06 4416081

B) CATEGORIES OF PERSONAL DATA PROCESSED
The Data Controller processes the following categories of personal data while you browse the Website and use of its functions/services:

1. information and data relating to your browsing on the Website and the devices used by you to browse on the Website and use its functions and services (for example: information about the pages and sections visited and the activities carried out on the Website, the time spent on individual pages and sections, the IP address, browser and type of device used, information from cookies or similar tools released by the Website pages);
   
2. the personal data and information that may be required to manage your communication should you wish to interact in any capacity or for any reason with our Company (e.g.: name, surname, email address for any feedback, as well as the content of the information or requests you submit);
   
3. if you make use of the options of interaction between the Website content and your profiles on social media (e.g. “like” buttons, “tweet”), data and information relating to these profiles will also be processed;
   
4. The personal data referred to in point 1) are collected automatically by the Data Controller while you browse the Website. This information is not collected with the intent of associating it with identified users but, due to its nature, it may permit the identification of users through data processing and association with data held by third parties. These data are in any case used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check it is functioning correctly. Personal data belonging to all other categories are provided directly and voluntarily by you.

C) CONSEQUENCES OF NOT PROVIDING PERSONAL DATA
The personal data processing referred to in point 1. of the previous section is necessary for the Data Controller in order to provide you with the best possible browsing experience, and to provide you with all the functions and services provided through the Website. However, it is possible to limit the processing of such personal data through the use of certain functionalities made available by the Website (with reference, in particular, to the transmission of cookies or similar tools – on this point, please refer to the Website’s cookie policy) or by your device or browser/navigation application. In such an event, browsing on the Website may be restricted, and some of its functions/services may be inaccessible.

Processing of the personal data referred to in points other than 1) contained in the previous section is necessary in order to fulfil contractual (i.e. to allow you to access and use specific functions/services of the Website) and legal obligations (with reference to the fulfilment of regulatory obligations incumbent on the Data Controller); you are therefore obliged to provide said personal data in order to use the Website’s services and functions, as requested from time to time.

If you fail to provide the above-mentioned data, it will not be possible for the Data Controller to provide the Website functions and services that you request.

D) PURPOSE OF PROCESSING AND ITS LEGAL BASIS
Your personal data will be processed for the following purposes, and on the following legal bases.

	Purpose	Legal basis
1	Allow navigation on the Website, access to its pages and sections, use of its functions and services, including interactions via telephone, email and/or with profiles on social media	Processing necessary on a contractual basis (Art. 6(i)(b) GDPR)
2	Enable the Data Controller to respond to requests made by public authorities (by way of example, pursuant to Article 210 of the Code of Civil Procedure and Article 248 of the Code of Criminal Procedure)	Processing necessary to comply with legal obligations to which the Data Controller is subject (Art. 6(i)(c) GDPR)
3	Enable the Data Controller to ascertain, exercise or defend a right in court or out of court, or in the context of disputes or litigation (whether initiated by you, by the Data Controller, by third parties or by judicial or administrative authorities)	Processing necessary for the pursuit of the legitimate interest of the Data Controller (Art. 6(i)(f) GDPR), and in particular for the protection of its rights in case of disputes
4	Checking the proper functioning of the Website in order to carry out interventions and updates, as well as verifying the correct browsing of the Website by users.	Processing necessary to pursue the legitimate interest of the Data Controller (Art. 6(i)(f) GDPR), and in particular to improve the Website and provide users with a better browsing experience
5	Enable the Data Controller to contact the data subject following the latter’s request (manifested by delivery of a business card, provision of data by email, meetings and conferences, etc.).	Processing necessary for the pursuit of the legitimate interest of the Data Controller (Art. 6(i)(f) GDPR), and in particular to respond to requests from potential associates, partners, or persons otherwise interested in the services offered

If you would like more and more specific information about the assessment carried out by the Data Controller regarding the balance between the legitimate interests pursued and the interests or fundamental rights and freedoms of the data subjects, you may contact the Data Controller, at the contact details given in section A).

E) CATEGORIES OF RECIPIENTS OF PROCEDEED PERSONAL DATA
In order to fulfil the above-mentioned purposes, your personal data will also be processed by third parties other than the Data Controller. These parties will process your personal data both on behalf of the Data Controller (i.e. in their capacity as data processors) and in their capacity as autonomous data controllers, subject to appropriate notification by the Data Controller.

Specifically, the following categories of recipients will process your personal data:

• service providers necessary for the proper functioning of the Website and its functions/services (by way of example but not limited to, ICT service providers, hosting service providers, platform providers and computer application providers);
• third parties offering platforms for sharing information, news and events (e.g. social media such as Facebook, Instagram, Twitter, LinkedIn);
• jurisdictional, administrative and/or public security authorities, in accordance with legal provisions, for the purposes of investigating and prosecuting offences, preventing and safeguarding risks or threats to security and public order, as well as for any reason connected with the protection of the rights and freedoms of individuals.

Should you wish to know the details of all the recipients listed above by category, you may contact the Data Controller at the addresses given in section A).

F) TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC ARE
Within the scope of the purposes described in this Disclosure in section A, the Data Controller does not transfer or communicate your personal data to countries outside the European Union. 

G) RETENTION PERIOD OF PROCESSED PERSONAL DATA
Your personal data will be retained for a variable period depending on the type and purpose of processing. At the end of the retention period, personal data will be deleted or irreversibly anonymised. The retention periods for personal data are set out below:

1. data relating to your navigation on the Website and/or the devices used by you will be retained for no more than 7 (seven) days, except in cases where they are used to ascertain liability in the event of hypothetical offences against the Website or third parties;
2. data and information relating to contacts between you and the Data Controller will be retained until your requests have been dealt with and fulfilled;
3. data relating to the transmission of communications relating to news, initiatives and events promoted by the Data Controller will be retained until the data subject exercises his right to object to or delete the processed data (including by selecting the appropriate function within the sent communications).

Should personal data be processed for specific purposes at the end of the above-mentioned period (e.g. to protect the rights of the Data Controller in the context of litigation), they will be retained until such purposes have been fulfilled (e.g. until the litigation has been settled).
At the end of the above-mentioned retention periods, your personal data will be deleted or otherwise rendered unintelligible by the Data Controller.

Mailing List or Newsletters
By registering to any mailing lists or newsletters, the User’s email address is automatically included in a list of contacts to whom email messages may be sent containing information, also of a commercial and promotional nature, relating to this website or services provided by the Data Controller.

H) PROCESSING OF PERSONAL DATA BY AUTOMATED DECISIN-MAKING PROCESSES
Your personal data will not be processed by means of automated decision-making processes (including profiling within the meaning of Article 22, paragraphs 1 and 4, of the GDPR).

I) YOUR RIGHTS CONCERNING THE PROCESSING OF PERSONAL DATA
You have the right to request access to your personal data from the Data Controller, pursuant to Article 15 GDPR.
By exercising your right of access, you may request information about:

• purpose of the processing;
• the categories of personal data in question;
• e recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
• where possible, the intended period of retention of personal data or, where not possible, the criteria used to determine that period;
• lthe existence of the right to request from the Data Controller the rectification or deletion of your personal data or the restriction of the processing of your personal data or to object to their processing;
• the right to lodge a complaint with a supervisory authority;
• if personal data are not collected from you, all available information on their origin;
• the existence of an automated decision-making process, including profiling as referred to in Article 22, paragraphs 1 and 4, of the GDPR, and, at least in such cases, meaningful information on the logic used, as well as the significance and expected consequences of such processing for you.

You are also guaranteed the following rights:

1. the right to revoke the consent given, pursuant to Article 7(3) GDPR, without prejudice to the lawfulness of processing carried out before revocation, and the lawfulness of processing based on a different legal basis;
2. the right to obtain from the Data Controller the rectification of inaccurate personal data, or to have incomplete personal data completed, pursuant to Article 16 GDPR;
3. the right to obtain from the Data Controller the deletion of personal data, pursuant to Article 17 GDPR. The exercise of this right may not be guaranteed by the Data Controller (or the Data Controller may only partially comply with requests) to the extent that the processing of the personal data subject to the deletion request is required in order to comply with legal obligations or for the establishment, exercise or defence of legal claims;
4. the right to obtain from the Data Controller the restriction of processing, pursuant to Article 18 GDPR;
5. within the limits of the legislation, the right to obtain from the Data Controller the portability of personal data processed pursuant to consent or on a contractual basis pursuant to Article 6, paragraph 1, subparagraphs a) and b) of the GDPR; in the event of the exercise of this right, the Data Controller shall provide you with all data concerning you, acquired with your consent or in performance of a contractual obligation, in a structured and interoperable format; where technically possible, such personal data may also be transferred, in the same manner, to third parties selected by you and specified by special request;
6. the right to object to the processing of your personal data pursuant to Article 21 GDPR, unless the Data Controller demonstrates, upon receipt of a request to that effect, the existence of compelling legitimate grounds for processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

The above-mentioned requests should be addressed to the addresses in section A).
The Data Controller shall comply with requests without undue delay.
With specific reference to the right to withdraw consent, this may also be exercised by selecting the appropriate functions made available at the foot of each communication of a commercial nature (or relating to participation in market research or statistical surveys).
In the event of no response or negative, untimely or unsatisfactory response to your request, or if you consider in any event that the Data Controller is processing your data in an unlawful or non-transparent manner, you may refer the matter to a supervisory authority.
If you are an Italian citizen, habitually reside or work in Italy, or if you believe that the alleged infringement by the Data Controller with regard to the processing of your personal data has taken place in Italy, you may apply to the Italian Data Protection Authority – www.garanteprivacy.it – to obtain adequate protection of your rights.
If you are a citizen of another EU member state, or if you habitually reside or work in another EU member state, or if you believe that the alleged breach by the Data Controller with regard to the processing of your personal data took place in another EU member state, you may consult the following webpage http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for more information about the competent supervisory authority.

J) CHANGES AND UPDATES TO THE DISCLOSURE
Should this Disclosure be amended or supplemented, the Data Controller shall make every reasonable effort to inform the persons concerned of such changes (e.g. by means of appropriate notices – in the form of banners or otherwise – on the home page of the Website).

In any event, we invite you to periodically check this section of the Website, consulting the most recent text of the Disclosure.