PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 CONCERNING THE PROTECTION AND PROCESSING OF PERSONAL DATA (GDPR)
The Data Controller is Cogenio S.r.l. with registered office at Viale di Tor di Quinto n. 45/47, Rome, Italy, in the person of its pro-tempore legal representative (hereinafter the “Data Controller” or “Cogenio”).
For the purpose of exercising your rights or obtaining any information about them and/or about this Policy, you can contact the Data Controller at the following address: firstname.lastname@example.org.
The personal data that you provide directly or that is collected when you browse www.cogenio.it (hereinafter “Website”), will be processed by Cogenio for the following purposes.
When you browse the website, the IT systems and software procedures on which it runs acquire certain items of personal data, transmission of which is implicit in the use of Internet communication protocols. These include, for example, the IP addresses or domain names of users’ computers and devices, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the size of the file obtained and other parameters relating to users’ operating systems, in order to:
The legal basis for processing your data for the purposes set out in points 1, 2 and 3 is the fulfilment of a request from you, pursuant to Article 6(1)(b) of the GDPR. Should you refuse to provide this data, you will be unable to consult the Website.
The “Contact Us” section of the Website contains a contact form that you can use to voluntarily provide certain items of basic personal data (e.g. email address, telephone number, name and surname, etc.) in order to request the information you need about the selected service. If you decide to fill in the contact form, the Data Controller will process your personal data for the sole purpose of responding to your request for information.
The legal basis for processing your data for this purpose is the fulfilment of a request from you, pursuant to Article 6(1)(b) of the GDPR.
Providing your personal data for the aforementioned purpose is optional. Should you decide not to provide your personal data, however, you will be unable to obtain the information you need.
For this purpose, the personal data provided through the Website will be kept for the time necessary to fulfil the request.
If you provide your personal data for information purposes (para. 2.2), the Data Controller will assume that you are potentially interested in receiving information about Cogenio's initiatives and services.
In these circumstances, the Data Controller’s intention is to use your personal data (name, surname, telephone number, email address) to send you promotional communications about Cogenio initiatives and services. These communications may be by traditional (e.g. telephone calls) and/or automated means of contact (e.g. email, fax, pre-recorded telephone calls, SMS, MMS, instant messaging, etc.).
Your personal data will only be used for promotional communication purposes if you give your express consent (on the legal basis set down in Article 6(1)(a) of the GDPR), by selecting the checkbox that appears when you submit your data.
Each time you receive an email communication, however, you can opt out of receiving any further communications from Cogenio by simply clicking the opt-out link (“If you no longer want to receive these emails, click here”) that appears in all electronic commercial communications, or by contacting the Data Controller at the address given in point 1 above.
Your personal data will be processed for this promotional purpose until you decide to withdraw your consent or object to the continuation of processing by contacting the Data Controller at the address given in point 1 of this Policy.
Signing up for promotional initiatives is optional and opting out of doing so will have no consequences on the other purposes of processing mentioned in this policy. It will, however, prevent Cogenio from keeping you informed of any of its further initiatives and services.
If you provide your personal data for information purposes (para. 2.2), Cogenio may disclose or transfer your personal data to third parties (companies involved in commercial partnerships with Cogenio), which may process it for the purpose of sending you commercial or promotional communications or newsletters.
You can request a copy of the full, up-to-date list of the Cogenio partner companies to which your personal data may be disclosed, by contacting the Data Controller at the address provided in Article 1 of this Policy.
The processing of your data for this purpose is based on the condition of lawfulness set down in Article 6(1)(a) of the GDPR, i.e. your consent.
Your personal data will be processed for the specified purposes in accordance with the GDPR, using hard-copy and ICT systems, in such a way as to ensure an adequate level of security and confidentiality, in accordance with the requirements of Article 32 of the GDPR.
The processing of personal data means collecting, recording, organising, storing, processing, editing, selecting, extracting, comparing, using, interconnecting, blocking, communicating, disseminating, erasing or destroying personal data, or any combination of two or more of the above operations, including by automated means of storing, managing and transmitting said data, using appropriate tools to ensure its security and confidentiality.
In pursuit of the purposes described in para. 2 above, the processed personal data will be accessible to employees, equivalent personnel and external contractors operating on behalf of Cogenio as persons authorised to process personal data.
Furthermore, in pursuit of the purposes described in para. 2 above, your personal data may be processed by third parties belonging, by way of example, to the following categories:
In some cases, the parties belonging to the aforementioned categories operate with full autonomy as distinct Data Controllers, whereas in others, they operate as Data Processors specifically appointed by the Data Controller in accordance with Article 28 of the GDPR.
The disclosure of your data to parties belonging to the aforementioned categories and operating as autonomous Data Controllers does not require your consent, because it is based on the legitimate interest of the Data Controller, insofar as the said disclosures are necessary for the purposes mentioned in paragraph 2 above. You can request a full, up-to-date list of the parties to whom your personal data may be communicated, by contacting the Data Controller at the address provided in para. 1 of the Policy.
The Data Controller does not intend to transfer your personal data to countries outside the European Union.
In relation to the processing described in this Policy, you may, as a Data Subject and under the conditions specified in the GDPR, exercise the rights set down in Articles 15 – 21 of the GDPR, namely:
The right to erasure shall not apply where processing is necessary for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.
The above rights may be exercised, in relation to the Data Controller, by contacting the reference persons indicated in para. 1 above. The Data Controller will take charge of your request and provide you, without undue delay and, in any event, within one month of receipt of your request, with information regarding the action taken in connection therewith.
You may exercise your rights as a Data Subject free of charge pursuant to Article 12 of the GDPR. However, where requests are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may charge you a reasonable fee taking into account the administrative costs of dealing with your request, or refuse to act on the request.
Lastly, you are advised that the Data Controller may request any further information necessary to confirm the identity of the Data Subject.