ISC LAB S.c.a.r.l. , with registered office in Turin, CAP 10137, Corso Orbassano 402/15, at the Innovation Center SIGIT, C.F. 12374560014, from now on referred to as “ISC LAB”, as Data Controller (hereinafter also referred to as “Owner”) informs Users, following E.U. Regulation 2016/679 (“GDPR”) and national legislation on data protection currently in force, their data will be processed in the manner and for the purposes indicated below:
Owner and object of the treatment
1.1. The Data Controller is ISC LAB S.c.a.r.l., with a registered office in Turin, CAP 10137, Corso Orbassano 402/15, at the Innovation Center SIGIT, C.F. 12374560014.
1.2. The Data Controller processes the Users’ data (in particular name, surname, e-mail address, telephone number, I.P. address, etc. – from now on “Personal Data”) provided while browsing the website HTTP: // www.isclab.it/ (hereinafter “Website”), to use the services provided within the ISC LAB Incubator.
Purpose and legal basis of the processing
The data will be processed for the following purposes:
2.1. Without prior consent, for the following service purposes:
a) the fulfilment of contractual and/or pre-contractual obligations and commitments: management of registration requests; management of navigation on the Website;
b) the fulfilment by the Owner of the obligations provided for by laws, regulations or imposed by the Authorities;
c) the pursuit of a legitimate interest by the Data Controller for the management and maintenance of the Website; the prevention and identification of fraudulent activities or damaging events for the Website; the exercise of the rights of the Data Controller.
2.2. Only with the consent of the User for the following marketing purposes:
a) sending by the Data Controller to the e-mail address provided by the User during registration, of communications and materials, with advertising content, e-mail, SMS or other messages, newsletters and/or multimedia services relating to the services offered by the Data Controller.
Methods of processing
3.1. The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
3.2. The processing is carried out using I.T. and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects are involved in the organization of this Website (administrative, commercial, marketing, legal, and system administrators) or external subjects (such as third-party technical service providers and hosting providers) may have access to the data. , I.T. companies, communication agencies) appointed if necessary as Data Processors by the Data Controller. The Data Controller can always request the updated list of the Managers mentioned above.
3.3. The treatments connected to the web services offered by this site, physically placed “in hosting” at the company ………, are carried out at the headquarters of the data controller.
4.1. The Data Controller processes the User’s data for the time required by the purposes for which they were collected.
4.2. Personal Data collected for purposes related to the execution of a contract between the OwnerOwner and the User will be retained until this contract is executed.
4.3. Personal Data collected for purposes related to the Data Controller’s legitimate interest will be retained until this interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the OwnerOwner in the relevant sections of this document or by contacting the OwnerOwner.
4.4. When the processing is based on the User’s consent, the Data Controller may keep the Personal Data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a more extended period in compliance with a legal obligation or by order of an authority.
4.5. At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
Access to data
5.1. Users’ data may be accessible, for the purposes indicated above, to:
employees and/or collaborators of the Data Controller, in their capacity as persons in charge of processing and/or internal contact persons and/or system administrators;
third-party companies or other subjects (e.g. I.T. assistance, consultants, suppliers, banking institutions, external consultants, etc.) who carry out outsourced activities for the Data Controller as Data Processors as required by Article 27 of the GDPR.
6.1. Personal data may also be disclosed, even without prior consent and for the purposes indicated above, to supervisory bodies, police or judicial authorities, upon their explicit request, which will treat them as independent data controllers for institutional and/or law during investigations and checks. The data may also be disclosed to third parties (e.g. partners, professionals, agents, etc.) as independent data controllers for the performance of activities instrumental to the purposes above.
Provision of data
7.1. The provision of personal data is essential for service purposes. If the User decides not to provide his data, the Data Controller will not be able to carry out his requests relating to providing the services offered by the latter.
7.2. The provision of data for other marketing purposes is discretionary, and the lack of consent does not prevent the User from using the Owner’sOwner’s services. If the User decides not to provide their data, they will not be able to receive news about the Data Controller’s initiatives.
Rights of Users
9.1. The Data Controller informs Users that in the absence of limitations provided for by law, they have the right to:
a) obtain confirmation of the existence of their data, even if not yet registered, and its communication in an understandable way;
b) obtain information and, if necessary, a copy of: a) source and category of personal data; b) logic applied in case of treatment carried out with electronic instruments; c) purposes and methods of the processing; d) the identification references of the Data Controller and Data Processors; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them, in particular, if the recipients are non-EU countries or international organizations; e) the period for which the personal data will be stored or, if this is not possible, the criteria used to determine this period; f) existence of an automated decision-making process and, in this case, information on the logic involved, the meaning and consequences for Users; g) existence of adequate guarantees in the event of the transfer of personal data to a non-EU country or an international organization;
c) obtain, without undue delay, the updating, correction or integration of incomplete data; exercise the right to withdraw consent at any time, quickly and without hindrance, using, if possible, the same means used to provide consent;
d) obtain the cancellation or oblivion of data: processed in violation of the law; no longer necessary concerning the purposes for which they were collected or subsequently processed; for which the consent on which the processing is based has been revoked, and there is no other legal basis for the processing; for which there has been opposition to the processing, and there are no legitimate imperative reasons for the processing; in compliance with a legal obligation.
e) the Data Controller may refuse to delete the data when the processing is necessary: to exercise the right to freedom of expression and information; in fulfilment of a legal obligation, for the execution of a task of public interest or in the exercise of public authority; for reasons of public interest; for the achievement of purposes of public interest, scientific or historical research or statistics; e) to make legal claims;
f) obtain the limitation of processing when: the accuracy of personal data is disputed; the processing is unlawful, and the Users oppose the cancellation of their data; Users request the data for the exercise of legal actions; pending the verification of whether the legitimate interests of the Data Controller prevail over those of the Users;
g) to receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and legible format, personal data concerning him to transmit them to another holder or, if technically possible, to obtain direct transmission by from the OwnerOwner to another owner;
h) object, in whole or in part: for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of data collection; to the processing of personal data concerning him to send advertising material or for market research or commercial communication, through automated call systems without the intervention of an operator, e-mail and/or traditional marketing methods by telephone and/or paper mail; file a data protection complaint with the competent supervisory authority.
9.2. In the cases mentioned above, where necessary, the Data Controller communicates any exercise of the Users’ rights to each third party to whom the personal data have been disclosed, except for specific cases such as, for example, if this is impossible or involves an effort. Disproportionate.
9.3. Users also have the right to complain to the supervisory authority if they believe that the processing of their data violates a law in force. As known in Italy, the guarantor of personal data is the guarantor for protecting personal data (https://www.garanteprivacy.it/).
How to exercise rights
Users may exercise their rights at any time by sending a registered letter with a return receipt to the Data Controller’s registered office or by sending an e-mail to email@example.com.
0) Consent to the processing of data for marketing purposes
SOCIAL NETWORK PLUG-IN
The Owner’s Website is integrated with some social network plug-ins, in particular Facebook, Linkedin, Google+, and Twitter, to allow users to share the portal’s contents that they find interesting publicly. When the User visits a site page, the plug-ins establish a direct connection between the User’s browser and social networks. Through this connection, social networks acquire information relating to the User, such as I.P. address, date and time of the visit, browser used, etc. Furthermore, if the User is connected (and therefore authenticated) on one of these social networks, the information collected can be linked to their profile.
12.2. If the changes concern treatments whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.
What we trace
We do not use intrusive cookies on sites to collect personal information. We use standard cookies to monitor online behaviour and obtain statistical information at an aggregate level in the following ways:
• we record the number of visits to the site, where each visitor comes from (i.e. which Website he visited before arriving at ours) and where he will go next (i.e. the site he visits after ours);
• a cookie is stored by the User’s device, connected to his I.P. address, for no more than two years. Cookies are small text files that the browser stores on the User’s device. That allows us to detect if the User returns to the site.
How to manage cookies
Unless browser settings to reject cookies are changed, our systems will send cookies on each access to our Website.
Cookies can be rejected by activating the specific settings in the browser that abolish the saving of cookies. That will delete all data from the cookie. However, if that setting is on, it may be impossible to access some parts of the site or use certain features.
The cookies used on the site
The site may contain links to third-party websites. If a link to any of these third-party sites is followed, it must be noted that they have separate privacy and cookie policies; therefore, we take no responsibility for such information. Please review these policies before submitting personal data to these third-party websites.
Here are some examples of cookies used by the site, with some details on their purpose and other information that may be useful. Please note, however, that if third-party sites are accessed, the policy of cookies at hand may not be exhaustive.
Google Analytics: Collect statistical information. Link to the Policy
GOOGLE WEBMASTER: Collect statistical information relating to organic indexing by Google. Link to the Policy
The conditions of this Notice may change from time to time. We will inform our users of any substantial changes through appropriate communication on this Website or by contacting the User through other channels.
Questions, comments and requests relating to this information are welcome and should be addressed to ISC LAB s.c.a.r.l. at the following e-mail address: firstname.lastname@example.org.