Information on the processing of personal data
This Information (hereinafter, “Information”) is intended to describe the methods of processing the personal data of users and / or visitors who consult the website of INWIT S.p.A. (hereinafter “INWIT” or “Company”) and is provided pursuant to Regulation 2016/679 / EU (General Data Protection Regulation, hereinafter “GDPR”) and in line with the provisions of the Data Protection Organizational Model adopted by the Company.
This Information is provided only for the site mentioned above (hereinafter “Site” or “this Site”) and related possible subdomains, and not for other websites that may be consulted by users through special hypertext links that may be published on the Site but referred to external web domains.
Before submitting any type of personal information and / or filling in any electronic form on the Site, users / visitors are invited to read this Information carefully.
Identification details of the Data Controller and the Data Protection Officer
The Data Controller is INWIT S.p.A. with registered office in Largo Donegani n. 2, 20121 – Milan. The Data Protection Officer, appointed by the Data Controller, can be contacted by e-mail at the following address: firstname.lastname@example.org
Type of data processed purpose of processing and legal basis
a. Navigation data
The computer systems and software procedures used for the normal operation of this Site acquire data that are transmitted in the use of Internet communication protocols. These data are not collected to be associated with identified subjects; however, by their nature and also through processing with data held by third parties, they could allow the identification of users / visitors (e.g. IP address, domain names of the computers used by users who connect to the Site, the code indicating the response status given by the server, type of browser, time indications for the beginning and end of the browsing session, any identification of the account and the activities carried out on the Site, etc.). These data allow navigation on the Site, interaction with its content, registration and access to the reserved area and the provision of all other services made available by the Data Controller, including the management of the security of the Site and the processing of statistical information. The legal basis for the processing of personal data is Art. 6, par. 1, letter b) of the GDPR, as the processing is necessary to ensure the provision of the services requested, safe navigation on the Site and checking the proper functioning of the latter. Failure to provide such data would make it impossible to browse the Site and activate the services requested.
Please refer to the dedicated information https://www.inwit.it/en/cookie-policy/
c. Data provided voluntarily by users/visitors
If users / visitors, by connecting to this Site, provide their personal data to request information, access certain services, submit their application, make requests to the Investor Relator or to other contacts reported on the Site, INWIT acquires the sender’s address and / or any other personal data that will be processed exclusively to respond to the request or necessary for the provision of the service. Those personal data will be communicated to third parties only if necessary to comply with the requests of users / visitors themselves.
The legal basis for the processing of personal data is Art. 6, par. 1, letter b) of the GDPR, as the processing is necessary for the provision of the services requested by the users. The provision of personal data for these purposes is optional, however, if not provided, it will not be possible for INWIT to activate the services requested.
d. Commercial and marketing purposes
The personal data of the user / visitor (e.g., personal data and contact details) may be processed – only after obtaining his consent – for purposes related to marketing activities, market surveys or surveys relating to the services and product offered by INWIT. In this case, the legal basis of the processing is constituted exclusively by express consent of the user / visitor which will be at any time revocable pursuant to Article 6 letter a) GDPR.
e. Defensive requirements and fulfillment of legal obligations
Data could also be used by INWIT for any defensive needs, possibly related to the detection, prevention, mitigation and detection of fraudulent or illegal activities in relation to the services provided on the Site. This treatment is aimed at satisfying any defensive needs of the Data Controller pursuant to Articles. 6.1.f) and 9.2.f) of the GDPR.
To fulfill the legal obligations which the Data Controller is subject to, personal data may be processed to fulfill any obligations provided for by current laws, regulations or community legislation, or satisfy requests from the authorities.
The processing of data is carried out through IT and telematic tools and / or manually for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the relevant legislation in force.
Retention of personal data
INWIT keeps the acquired personal data for a period of time not exceeding the achievement of the purposes for which they are collected or subsequently processed, except for the revocation of consent by the interested party (where provided), as well as for the period provided for by law for administrative purposes, management of any complaints / disputes or for criminal purposes.
Scope of communication and dissemination of data
Personal data will be processed by employees of the competent company functions of INWIT, whom have been authorized to process personal data and have received, in this regard, adequate operating instructions.
In addition to INWIT employees, some processing of personal data may also be carried out by third parties to whom the Company entrusts the activities (or part of them) related to the aforementioned purposes, as Data Processors, pursuant to art. 28 of the GDPR.
Transfer of personal data abroad
Personal Data will be processed within the European Union and stored on servers located within the European Union or in countries outside the European Union, in the latter case provided that an adequate level of protection is guaranteed, as recognized by an ad hoc adequacy decision by the European Commission.
Any transfers of Personal Data to non-EU countries, in the absence of an adequacy decision by the European Commission, will be performed only if adequate contractual or agreed safeguards are provided by the Data controller and the Data Processor involved, including binding corporate rules and standard data protection contractual clauses.
Rights of the interested parties
Interested parties, in the cases provided, have the right to obtain access to their personal data and the correction or cancellation of the same or the limitation of the processing that concerns them or to oppose the processing (articles 15 and following of the GDPR). These rights can be exercised through a specific request to be addressed by registered mail to the Data Controller or by email to the address: email@example.com.
Interested parties also have the right to lodge a complaint with the Guarantor by:
- registered mail with return receipt addressed to the Guarantor for the Protection of Personal Data, Piazza Venezia, 11, 00187 Rome;
- e-mail to the address: firstname.lastname@example.org.
Last update: July 2022