Information on the processing of personal data of users consulting the Company's website pursuant to Article 13 of Regulation (EU) 2016/679

 
WHY THIS INFORMATION

Pursuant to Regulation (EU) 2016/679 (hereinafter the "Regulation"), this page describes the methods for processing

• of the personal data of users consulting the website (hereinafter the "Site") of Italian Bond Hub (hereinafter the "Company") accessible electronically at the following address http://italianbond.it/it/;
• personal data entered or collected through the Company's social pages.

This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the site but which refer to resources outside the Company's domain.


WHO PROCESSES USER DATA

DATA CONTROLLER

The data controller is:

Name, VAT number, E-mail, Telephone

DATA PROTECTION OFFICER

The Company has appointed a Data Protection Officer (DPO) to verify the compliance of processing with Italian and European legislation.

The Data Protection Officer can be reached at the following address:

Owner's email address:
 

LEGAL BASIS OF THE PROCESSING

The Company will only process personal data if it has a legal basis for doing so.

The Data Protection Act states that the processing of personal data is lawful only if and to the extent that at least one of the following conditions (set out in Article 6 of the Regulation) is met:

1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes
2. the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request;
3. processing is necessary for compliance with a legal obligation to which the data controller is subject;
4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests or the fundamental rights and freedom of the data subject requiring the protection of personal data are not overridden, in particular where the data subject is a child.

The legal basis for the processing will therefore depend on the reasons for which the company has collected and uses the data.

These reasons consist, in some cases (such as, for example, for requests received through the contact section), in the need to provide due response to the requests received (in this case, therefore, the legal basis is the performance of a contract and/or pre-contractual measures), in other cases in the duty to comply with legal and/or regulatory obligations, or, in other cases still, in the possibility of pursuing the legitimate interest of the Company that will be identified from time to time. Where, on the other hand, the consent of the data subject is required, said consent will be requested in the form required by law.


TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING

Personal data means all information relating to the user, by means of which the user can be identified. Personal data is therefore, for example, the user's first name, last name, contact details, telephone number, e-mail address, IP address and information concerning the user's access to the Site.

Following the consultation of the Site, as well as following the use of the services made available through the same, the Company may collect personal data of users following telephone communications to the addresses given on the Site, following the receipt of e-mails to the addresses given on the Site, or through the filling in of the forms in the contact section, or even through the use of social network plug-ins in use on the Site.

In particular, the types of data processed can be classified as follows:

NAVIGATION DATA

The computer systems and software procedures used to operate the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the user's operating system and computer environment.

This data, which is necessary for the use of web services, is also processed in order to:

• obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.)
• check the proper functioning of the services offered; 
• identify anomalies and/or abuses.

Browsing data do not persist for more than seven days (except in the event of the need to ascertain crimes by the judicial authorities).

PERSONAL DATA PROVIDED VOLUNTARILY BY USERS

The optional, explicit and voluntary sending of messages to the Company's contact addresses, private messages sent by users to institutional profiles/pages on social media (where this option is available), as well as the completion and submission of forms on the Company's website, entail the acquisition of the sender's contact data, necessary for replying, as well as all the personal data included in the communications.

Specific information will be published on the pages of the Site set up for the provision of certain services.

CONSEQUENCES IN THE EVENT OF FAILURE TO PROVIDE DATA

Failure to provide data necessary to respond to requests may make it impossible for the Company to provide a comprehensive response or the services available.

If necessary, the Company will inform the user, from time to time, about the compulsory or optional nature of providing personal data (e.g. to make a specific request).

In particular, the compulsory or optional nature of the provision of data will be highlighted by means of a notice or a special character to the information of a compulsory nature.


RECIPIENTS OF THE DATA

The recipients of the data are the Company's staff, who act on the basis of specific instructions provided regarding the purposes and methods of data processing.

The recipients of the data collected following consultation of the Site are also the subjects designated by the Company, pursuant to Article 28 of the Regulation, as data processors.

In the event of use of the social media plug-ins present on the Site, the data will be shared with the social media service and possibly with the user's profile present on the social media themselves. In this case, please refer to the Information on the processing of personal data published by the social media themselves.

In any case, the personal data processed will not be disseminated.

This is without prejudice to the communication or dissemination of data requested by Police Forces, Judicial Authorities, information and security bodies or other public entities for purposes of defence or State security or for the prevention, detection or suppression of crimes, in accordance with the provisions of the law.


PROCESSING METHODS AND SECURITY

The data will be processed:

• by manual, computerised and telematic means and in such a way as to guarantee the availability, integrity and confidentiality of the data
• with organisational methods and logics strictly related to the purposes indicated, in compliance with the principle of minimisation;
• by persons specifically appointed, identified and authorised, duly instructed and made aware of the constraints imposed by the legislation in question;
• with the use of technical and organisational security measures designed to prevent and/or reduce the risks of unlawful access and destruction or loss of the data.

PLACE OF PROCESSING

The management and storage of personal data will take place in Italy and, in any case, within the European Union.

Currently, the servers used by the Company are located within the European territory.

The data will not be transferred outside the European Union.

It is in any case understood that, should it be deemed necessary and/or appropriate, the Company will have the right to change the location of the servers in Italy and/or the European Union and/or non-EU countries. In this case, the Company will ensure that the transfer of the data outside the EU will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection, and/or adopting the standard contractual clauses provided for by the European Commission, and/or, in any case, complying with the conditions provided for by the applicable regulations.



RETENTION PERIODS 

The data collected by the Site during use, will be used exclusively for the purposes indicated and will be kept for the time strictly necessary to carry out the Company's activities.

Data will not be retained for longer than is necessary to fulfil the purpose for which it was processed. In determining the appropriate retention period, the Company will take into consideration the quantity, nature and sensitivity of the personal data, the purposes for which they are processed and the possibility of achieving those purposes by other means.

The data collected from the Site will, therefore, be kept for as long as is necessary to respond to requests and, even after termination, to manage all possible contractual, pre-contractual, administrative, or legal obligations, connected with or deriving from them, or for the time permitted by Italian law to protect the legitimate interests of the Company.


RIGHTS OF THE INTERESTED PARTIES

The interested parties have the right to obtain from the Company, in the cases provided for, access to their personal data and the rectification or cancellation thereof or the limitation of the processing concerning them, to oppose the processing or to request the so-called portability of the data.

Data subjects may also, at any time, revoke the consent given (see Articles 15 et seq. of the Regulation).

The appropriate application to the Company is made by contacting the Data Protection Officer, at the contact details given above.

Data subjects who consider that the processing of personal data relating to them carried out through the Site is in breach of the provisions of the Regulation have the right to lodge a complaint with the Garante, as provided for by Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).

CHANGES AND UPDATES TO THIS PRIVACY POLICY

The Company may amend or simply update, in whole or in part, this policy, also in consideration of any relevant legislative and/or regulatory changes.

The Company undertakes not to limit any previously recognised rights without first obtaining the express consent of the interested party.

Changes and updates will be made available on the home page of the Site. The most relevant changes will be highlighted by means of a more prominent notice (for example, where the services and data collected allow it, by means of an email notification).