D2A S.r.l. (“D2A”) is aware of the importance of data protection, and informs users (“Data Subjects”) that the information it obtains when they browse the website www.d2asolution.com (“Website”) will be processed in compliance with the applicable law. When using the other services on the Website, Data Subjects will receive more specific information about any further processing of their personal data by D2A.
Pursuant to article 13 of Regulation (EU) no. 2016/679 (“Regulation”), D2A provides the following information regarding the methods of management and processing of data.
Types of data collected (“Data”), purposes and legal basis for the processing of browsing Data
Browsing Data
I sistemi informatici e le procedure software preposte al funzionamento del Sito acquisiscono, nel corso del loro During normal operation, the IT systems and software procedures used to run the Website acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the terminals of the users who connect to the site, the MAC (Media Access Control) address, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment. These data are used for the following purposes:
- to obtain anonymous statistical information on the use of the website and to check the proper functioning thereof. These data are cleared immediately after processing; however, these data may be used to ascertain liability in the event of computer crimes against the Website. The legal basis for such processing is art. 6 paragraph 1, (b) of the Regulation, inasmuch as it is necessary to permit the Data Subject to use the service requested.
- to fulfil legal obligations or requests from the Judicial Authority. The legal basis for such processing is article 6, paragraph 1, (c) of the Regulation, inasmuch as it is necessary to fulfil a legal obligation of D2A.
Data provided voluntarily by Data Subjects
When an e-mail is sent voluntarily to the e-mail addresses on the website, D2A may process the sender’s e-mail address and any other personal data contained in the communication for the following purposes:
- to respond, by e-mail, to the requests of the Data Subject. Specific privacy policies will in any case be provided when particular tools of the Website are used. The legal basis for such processing is article 6 paragraph 1, (b) of the Regulation, inasmuch as it necessary to provide to the Data Subject the service requested;
- to fulfil legal obligations or requests from the Judicial Authority. The legal basis for such processing is article 6, paragraph 1, (c) of the Regulation, inasmuch as processing is necessary to fulfil a legal obligation of D2A.
Data Subjects are advised not to enter or send through the tools on the Website special data as defined by current legislation (i.e. data relating to racial or ethnic origin; political opinions, religious or philosophical beliefs, trade union membership, health data). Such personal data, if provided, will be immediately deleted.
Cookie
The Website uses technical (session and navigation) cookies to ensure normal browsing and use of the website (for example, to log into a personal area). For complete information about the processing of personal data through the use of cookies, please read the full cookie policy, click here or on the link to the Cookie Policy in the footer of each page of the Website.
Data Retention Period
Your Data will be retained for the time the service is provided and will in any case be erased or transformed into anonymous form within 7 days. Data sent autonomously by Data Subjects through the tools on the Website will be erased after the service requested has been provided or a reply has been sent to the Data Subject and, in any case, within 15 days from the end of this activity, with exception of any data that may be required to comply with tax, accounting and administrative laws or to fulfil other legal obligations and document the activities carried out.
Processing method
Your Data will be processed electronically by personnel who are expressly authorised to do so; your data are stored in a database and on appropriate storage media (e.g. computer and in hard copy format). Specific security measures are used to prevent any loss of data, illegal or improper use and unauthorised access. D2A does not use automated decision-making processes to process your data.
CProvision of Data
The provision of your browsing data is necessary to provide the service requested (browsing on the Website) and is obligatory for this purpose: should you fail to provide your data, D2A cannot allow you to browse the Website.
The provision of your Data for the other purposes is optional: failing to provide data does not imply any consequences for the Data Subject.
Disclosure of Data
Your Data may be disclosed to: (i) parties who have the right or interest in accessing the personal data of users by law or secondary legislation; (ii) companies, associations or professional firms that provide services and activities on behalf of D2A as Data Processor to fulfil legal obligations, and for any other organizational and administrative requirements that may be necessary to provide the services requested (“Data Processors”). The names of the Data Processors are indicated in an updated list available from D2A (that may be requested as indicated by point 9). Your Data will not be disseminated.
Transfer of Data outside the EU or to international organisations
D2A does not transfer the Data it collects through browsing or use of the services on the Website to countries outside the European Union or to international organisations.
Connection to third-party sites or services
This privacy policy is provided only for the processing of Data carried out through this website or the tools thereof, but does not apply to other websites that the Data Subject may visit through links on this website, whose managers operate as independent data controllers. Before using third-party services, the Data Subject is asked to read the applicable privacy policies thereof.
Rights of Data Subjects
Data Subjects may at any time enforce the rights provided by the Regulation, including:
- the right to request information about: (i) the origin of their Data; (ii) the purposes and methods of processing; (iii) the logic applied if electronic tools are used; (iv) the details of the data controller and data processors.
- the right to: (i) access, update, rectify or add to their Data; (ii) erase, transform into anonymous form or block any Data processed in breach of the law; (iii) restrict the processing of Data; (iv) obtain a copy of their Data in standard format.
- object, in whole or in part:
- to the collection of data for purposes of scientific, historical or statistical research that are relevant to the collection thereof, where such objection is based on reasons related to their particular situation;
- to the collection of data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the purposes of the legitimate interests pursued by the controller or by a third party;
- to the collection of data for the purpose of sending promotional, advertising and direct marketing material;
- withdraw, at any time, any consent given and on the basis of which processing is justified, without prejudice to the lawfulness of processing based on consent before their withdrawal.
- proporre, qualora ritengano che il trattamento dei Dati violi la normativa, reclamo all’autorità di controllo dello Stato membro in cui risiedono abitualmente o lavorano oppure del luogo ove si è verificata la presunta violazione.
The Italian Supervisory Authority may be reached at the addresses published on its website.
Data Controller – Contact details
The Data Controller is D2A S.r.l. (VAT No. 10532430963), with registered office at Piazza Castello 26, 20121 – Milan, represented by its pro tempore legal representative. You may contact D2A on: privacy@d2asolution.com. To exercise the above rights, the Data Subject may write to: privacy@d2asolution.com.
D2A reserves the right to update this Privacy Policy at any time.