The personal data of users who access and use the site www.goviceversa.com (hereinafter, also “Site”) are subject to processing in compliance with the legislation on the protection of personal data.
In accordance with the principle of transparency towards the data subjects and with a view to accountability, Viceversa S.r.l. makes available, in this section, the information relating to the processing of the personal data of the Site users.
This information is provided only for the Site indicated above and for the subdomain https://goviceversa.com/blog/ and not also for websites, apps or social media platforms accessible through hypertext links contained therein, also attributable to the domain goviceversa.com, so please refer to the relevant information on the processing of personal data.
1. Data Controller
The Data Controller is Viceversa S.r.l. (hereinafter, also “Data Controller”), with headquarters in Via Bernardo Quaranta, 40 – 20139 Milan; VAT number: 11364640968; REA: MI-2597618; e-mail address: [email protected]
2. Nature of data provision
To use the services offered through the Site, the user may be required to provide the personal data necessary to ensure its use: in particular, for the purposes of filling out the forms on the Site, the provision of the data marked with the asterisk is necessary for the management and response to the communications sent by the user. It should be noted, in any case, that the user is free to provide the requested data, in the sense that they are not legally obliged to provide them: failure to provide the data indicated as necessary, however, makes it impossible for the Data Controller to render the requested service.
4. Types of data processed, purpose and legal basis of the processing
The types of data processed include, in particular:
Web Browsing Data
During the user’s navigation on the Site, the computer systems in charge of its operation automatically acquire some information whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the operating system and the user’s computer environment.
These data are processed for purposes related to the provision of the services offered through the Site, including the guarantee of their correct operation. The legal basis of the processing is, therefore, the execution of a contract to which the data subject is a party or of pre-contractual measures requested by the data subject, pursuant to Article 6, para. 1, lett. b) of Regulation (EU) 679/2016 (GDPR).
In particular, navigation data are processed for the purpose of:
- ensuring the correct functionality of the Site and the usability of its services;
- obtaining aggregated and anonymized statistical information relating to the use of the Site (such as, for example, most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.);
- analyzing the navigation actions of users in order to group them into homogeneous profiles and send targeted commercial communications, i.e., communications in line with the preferences expressed in the context of browsing the Site. The use of navigation tracking tools for profiling purposes is, in any case, subject to the user’s consent, which constitutes the legal basis of the processing, pursuant to Article 6, para. 1, lett. a) of Regulation (EU) 679/2016 (GDPR).
Data provided by the data subject
Viceversa S.r.l. processes the data voluntarily provided by the user, through filling out the forms present in some sections of the Site or by sending email messages to the email addresses indicated or accessible through links on the Site, for purposes related to the provision of the services offered through the Site. In this case, the legal basis of the processing is the execution of a contract to which the data subject is a party, or of pre-contractual measures requested by the data subject, pursuant to Article 6, para. 1, lett.
b) of Regulation (EU) 679/2016 (GDPR). Some types of processing may also be based on the data subject’s consent, pursuant to Article 6, para. 1, lett. a) of Regulation (EU) 679/2016 (GDPR), on the need to comply with a legal obligation, pursuant to art. 6, para. 1, lett. c) of Regulation (EU) 679/2016 (GDPR), or on the legitimate interest of the Data Controller, pursuant to art. 6, para. 1, lett. f) of Regulation (EU) 679/2016 (GDPR), to use the data subject’s email information and personal data, acquired in the context of the offer of a service through the Site, for information purposes and direct promotion of similar services and initiatives.
In particular, the personal data provided by the data subject may be processed for the following purposes:
- in relation to the data provided by sending, optional and voluntary, email messages to the email addresses indicated on the Site (which include, in particular, the email address of the sender and any other personal data present in the message) in order to carry out the processing activities necessary to provide feedback to the user’s requests;
- in relation to the data provided by filling out the contact form (name, surname, telephone number, email address), in order to:
- evaluate and verify the user’s requests;
- allow commercial and marketing initiatives by Viceversa S.r.l. and third parties with whom Viceversa S.r.l. has commercial relationships (Business Partners), for the purposes of promotion / sale of products and services offered by the Business Partner. The processing of personal data for purposes of commercial and marketing initiatives and market research, direct offers of products or services by Viceversa S.r.l. and Business Partners is optional. In the event of opposition by the data subject, personal data will no longer be processed for this purpose.
- in relation to the data provided by filling out the form to book a call (name, surname, email address, company), in order to evaluate and verify the user’s appointment request. The user also has the option to express consent to receive informative newsletters and promotional communications on the services and initiatives of Viceversa S.r.l.
5. Method and duration of processing
The processing will be carried out using paper and/or IT tools, by individuals authorized to do so, who operate under the direct authority and according to the instructions given by the Data Controller, with processing strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data processed.
The processing operations are carried out in such a way as to guarantee the security of data and systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data, of unauthorized access, of processing that is not permitted or does not comply with the purposes indicated in these guidelines.
However, the security measures adopted do not allow for the risk of interception or compromise of personal data transmitted via telematic devices to be absolutely ruled out. It is therefore recommended to verify that the device employed by the user is equipped with software systems suitable for the protection of the telematic transmission of data, both inbound and outbound (such as, for example, updated antivirus systems, firewalls and spam filters).
The data being processed will be kept for a period of time not exceeding that necessary to achieve the purposes for which they were collected and subsequently processed. More specifically:
- the data under a) and b) of paragraph 4.2 will be stored for the time necessary to provide feedback to the data subject;
- the data processed to send informative newsletters and promotional communications shall be kept until any exercise of the right to oppose or revoke the consent by the data subject;
- the data processed in order to verify an appointment request (paragraph 4.2, lett. c) shall be stored for a maximum period of 12 months from their provision;
The Data Controller shall, after the expiry of the retention periods according to the indicated criteria, adopt measures prior to the deletion or anonymization of the data that must not be kept for specific regulatory obligations.
6. Categories of recipients
The personal data of the data subject may be communicated to:
- specifically authorized collaborators and employees of the Data Controller, within the scope of their duties;
- providers of the services offered through the Site or related to its operation, including Cloudflare Inc. and Google Inc. for the web analysis service; Google Inc., for the display service of content hosted on platforms, the tag management service and the advertising service; Cloudflare Inc., for traffic optimization and distribution services; Amazon Web Services Inc., for the website hosting service; HubSpot Inc., for the user database management service.
- third parties with whom Viceversa S.r.l. has business relations (Business Partners), namely: Ventive Srl; Via di affogalasino 34, 00148 Roma [email protected] VENTURO TECH ETS; Via Giacomo Leopardi n. 7, Milano
Under no circumstances shall personal data be communicated, disseminated, sold or otherwise transferred to third parties for illegal purposes and, in any case, without providing suitable information to the data subjects and obtaining their consent, where required by law. Any communication of data at the request of the judicial or public security authorities, in the manner and in the cases provided for by law, remains unaffected. Personal data shall not be transferred abroad, to Countries or international Organizations not belonging to the European Union that do not guarantee an adequate level of protection, as recognized, pursuant to Article 45 GDPR, through an adequacy decision of the EU Commission. Should it be necessary for the provision of the Services, the transfer of personal data to Countries or international Organizations outside the EU, for which the Commission has not made an adequacy decision pursuant to Article 45 GDPR, shall take place only in the presence of adequate guarantees provided by the recipient Country or Organization, pursuant to Article 46 GDPR and provided that the data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision by the Commission, pursuant to Article 45 GDPR, or adequate guarantees, pursuant to Article 46 GDPR, including binding corporate rules, the cross-border transfer shall take place only if one of the conditions indicated in Article 49 GDPR is fulfilled. In particular, it should be noted that, according to recent interpretations provided by some European Supervisory Authorities, the use of Google Analytics could involve the transfer of the user’s personal data to the United States, whose legal regime does not guarantee a level of protection equivalent to that in force within the European Union in accordance with the GDPR. By accepting the placement of Google Analytics cookies, therefore, the user is aware of the possible risks of such transfer, in any case not requested or authorized by the Data Controller, due to the lack of an adequacy decision pursuant to Article 45, para. 3 of the GDPR, or adequate guarantees pursuant to Article 46 of the GDPR.
7. Rights of the data subject
The data subject has the right to access their personal data, to request their correction, updating and deletion or limitation, if incomplete, erroneous or collected in violation of the law, as well as to oppose the processing for legitimate reasons or obtain portability of the data.
Specifically, the data subject is entitled to receive confirmation as to the existence or non-existence of their personal information, even if it has not yet been recorded, and to its communication in intelligible form.
The data subject also has the right to obtain information on:
- the purposes and methods of data processing;
- the logic applied in case of processing carried out with the aid of electronic devices;
- the identification details of the Data Controller, of the managers and of the individuals or categories of individuals to whom the personal data may be communicated or who may learn about them in their capacity as individuals authorized for processing.
The data subject has the right to obtain:
- the updating, correction or integration of their data;
- the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes of the processing;
- the limitation of processing, when one of the situations referred to in Article 18 GDPR occurs;
- the attestation that the operations referred to in letters a), b) and c) have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
- the transmission of data concerning them, provided to the Data Controller and processed on the basis of the express consent of the data subject for one or more specific purposes, in a structured format, commonly used and readable by an automatic device. Pursuant to Article 20 GDPR, the data subject also has the right to transmit such data to another data controller without impediments and, if technically feasible, to obtain the direct transmission of personal data from one data controller to another.
- if the processing is based on consent, to withdraw their consent at any time (pursuant to Article 7, paragraph 3 of the GDPR).
The data subject has the right to oppose, in whole or in part:
- the processing of personal data concerning them for legitimate reasons, even if pertinent to the purpose of collection;
- the processing of personal data concerning them for the purpose of sending advertising or direct sales material, or for carrying out market research or commercial communication;
- the communication of personal data to the co-organizers of the training courses (see the indications provided in the previous point 4.2, lett. e), in the event that this communication is based on the need to pursue a legitimate interest of the Data Controller or co-organizers;
- automated decision-making processes that significantly affect their person.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their usual residence, place of work or place of the alleged infringement.
8. Exercise of rights
The above rights are exercised with a request addressed to the Data Controller, by sending an email message to the address [email protected]. The request is formulated freely and without formalities by the data subject, who has the right to receive suitable feedback within a reasonable timeframe, depending on the circumstances of the case.
The data subject may make use, for the exercise of their rights, of non-profit bodies, organizations or associations, whose statutory objectives are of public interest and which are active in the field of protection of the rights and freedoms of the data subjects with regard to the protection of personal data, providing, for this purpose, a suitable mandate. The data subject may also be assisted by a person of trust. It is possible to receive more information on the purposes and methods of processing personal data by writing to the email address [email protected] and indicating “Privacy” in the subject line.
To find out about their rights, lodge a complaint and always be updated on the legislation on the protection of individuals with regard to the processing of personal data, the data subject can contact the personal Data Protection Authority, by consulting the website at the following address http://www.garanteprivacy.it/.
Policy updated in March 2023