WEBSITE PRIVACY POLICY

ABOUT OUR PRIVACY POLICY
This Website Data Privacy Statement describes what we do with any information (“personal data”) about you that is collected when you visit and use this website.
The statement is provided in accordance with article 13 of the Personal Data Protection Code (see D. Lgs. n. 196/2003 – Codice in materia di protezione dei dati personali – italian regulations about the personal data protection) to the visitors to and users of the services available at http://www.gstengineering.it

which leads to the home page of the G.S.T. Gestioni Servizi Tecnologie S.r.l. Site.
The statement applies only to the GST Site alone and not to other websites linked to it.
The statement also refers to the EU Recommendation 2/2001 adopted, on 17th May 2001, by the Working Party on the Protection of Individuals with regard to the Processing of Personal Data (established by article 29 of Directive 95/46/EC), for the purpose of laying down certain minimum requirements for collecting personal data on-line in the European Union and, in particular, for determining the procedures, time frame and nature of the information that data controllers must provide to website visitors or users when they access a web page, regardless of the reasons for which they do so.
Where possible, users must view all the specific regulations present in the various sections of this website.

THE DATA “CONTROLLER”
The personal data of visitors to or users of this site may be processed.
The data “controller”, with respect to any personal information, is G.S.T. Gestioni Servizi Tecnologie S.r.l., che ha sede in Roma (Italia), Viale Castello della Magliana n. 38,  00148.

DATA PROCESSING LOCATION
The personal data collected in connection with the web services provided through this site are processed at the headquarters of G.S.T. Gestioni Servizi Tecnologie S.r.l. only by the duly authorised employees, collaborators or members of G.S.T. Gestioni Servizi Tecnologie S.r.l., or by any persons responsible for occasional maintenance operations, and shall not be circulated or disclosed to third parties, except as provided for in the statement and/or by the law and, in any case, in accordance with the conditions and procedures set out therein.
No information collected in relation the web services will be disclosed or circulated.
The personal data collected in connection with any requests submitted through the website is processed solely for the purpose of fulfilling the request or providing a service and will be disclosed to any third parties only to the extent that this is necessary for achieving the above mentioned purpose, or if required by law.

TYPES OF PROCESSED DATA

Browsing data
Generally speaking, the information systems and software procedures used to operate this website acquire and store personal information, the transmission of which is inherent in the use of the Internet communication protocols.
This information is not collected in order to be associated with the person concerned, although it could lead to the identification of the user, due to its nature and through subsequent processing and association with the data possessed by third parties.
This data group includes the IP addresses or domain names associated with the computer used by the website visitors, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used for submitting the request to the server, the size of the file received in reply, the number code indicating the server reply status (success, mistake, etc.), and other parameters relating to the user’s operating system and IT environment.
This type of data is used only for the purpose of collecting anonymous statistical information on the website, and for making sure that the site is working properly, and are erased immediately after being processed. The data, however, may be used in connection with any investigations, in the case of computer related offences against the site: except as regards this possibility, web contact information is generally kept for no more than seven days.

Personal data may be processed on paper, digitally or telematically.

Information provided voluntarily by the user
The optional, explicit and voluntary sending of emails to the email addresses provided in this site, or the provision of information through online forms, entails the acquisition of the sender’s email address, in order to send a reply, and of any other personal information included in the text of the email or the online form.
Specific short personal data protection statements are provided in the site pages relating to certain special requests.
GST disclaims any liability arising from the unlawful disclosure of the personal data of third parties by unauthorized users.

COOKIES
In computing, a cookie is a small piece of text stored on a user’s computer by a web browser, if this has been enabled to accept them.
The purpose of cookies is to signal visits to a certain website and to enable web applications to send information to individual users, providing them with certain specific functionalities, as well as to improve the service by verifying the pathways used by visitors.
No personal information of the user is collected by the website through a cookie.
Cookies are not used to transmit information of a personal nature, nor are so-called “persistent” cookies of any kind, or user-tracking systems, used.
The use of so-called “session” cookies (i.e., which are not permanently stored in the user’s computer, and which are erased when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server), which are necessary for safe and efficient browsing purposes.
Session cookies are used by this website to avoid using other computer techniques potentially prejudicial for browsing privacy and are unable to collect any personal user information.

VOLUNTARY PROVISION OF PERSONAL INFORMATION
Except for browsing data, users are free to provide personal data in connection with requests for information materials or other types of services provided by the company, or in respect of other notices.
The failure to provide certain personal information, however, may entail the impossibility, by the company, to fulfill a request.

DATA PROCESSING PROCEDURES
Personal data may be processed by us either manually, on paper, and/or electronically, and for an amount of time that is strictly necessary to fulfill the purposes for which it is collected.
We have put into place specific security measures to prevent the loss and improper or illegal use of and unauthorised access to the data.

DATA OWNERS’ RIGHTS
Data owners, within the meaning of article 7 of the Personal Data Protection Code (see D. Lgs. n. 196/2003), are entitled, at any time, to obtain: (i) confirmation of the existence of any personal data concerning them, and (ii) information as to the content and origin of the data, to verify the accuracy of the data or request that it be integrated, updated or corrected.
The same article entitles data owners to request the cancellation of any personal data concerning them, its transformation into an anonymous format or the blocking of any data processed in violation of the law; data owners may also oppose the processing of any personal information, for legitimate reasons.
Any requests made in relation to article 7, as mentioned above, must be sent to G.S.T. Gestioni Servizi Tecnologie S.r.l., Viale Castello della Magliana n. 38, 00148, Roma, or emailed to privacy@gstengineering.it.

Revision of 14 march 2011

 

D. Lgs. n. 196/2003 – Title II: Data Subject’s Rights

Article 7 – Right to access personal data and other rights

1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. A data subject shall have the right to obtain
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part,
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

 

D. Lgs. n. 196/2003 – Title III: General data processing rules – Chapter I: Rules applying to all data processing operations

Article 13 – Information to data subjects (1)

1. The data subject as well as any entity from whom or which personal data are collected shall be preliminarily informed, either orally or in writing, as to:
a) the purposes and modalities of the processing for which the data are intended;
b) the obligatory or voluntary nature of providing the requested data;
c) the consequences if (s)he fails to reply;
d) the entities or categories of entity to whom or which the data may be communicated, or who/which may get to know the data in their capacity as data processors or persons in charge of the processing, and the scope of dissemination of said data;
e) the rights as per Section 7;
f) the identification data concerning the data controller and, where designated, the data controller’s representative in the State’s territory pursuant to Section 5 and the data processor. If several data processors have been designated by the data controller, at least one among them shall be referred to and either the site on the communications network or the mechanisms for easily accessing the updated list of data processors shall be specified. If a data processor has been designated to provide responses to data subjects in case the rights as per Section 7 are exercised, such data processor shall be referred to.
2. The information as per paragraph 1 shall also contain the items referred to in specific provisions of this Code and may fail to include certain items if the latter are already known to the entity providing the data or their knowledge may concretely impair supervisory or control activities carried out by public bodies for purposes related to defence or State security, or else for the prevention, suppression or detection of offences.
3. The Authority may issue a provision to set out simplified information arrangements as regards, in particular, telephone services providing assistance and information to the public.
4. Whenever the personal data are not collected from the data subject, the information as per paragraph 1, also including the categories of processed data, shall be provided to the data subject at the time of recording such data or, if their communication is envisaged, no later than when the data are first communicated.
5. Paragraph 4 shall not apply:
a) if the data are processed in compliance with an obligation imposed by a law, regulations or Community legislation;
b) if the data are processed either for carrying out the investigations by defence counsel as per Act no. 397 of 07.12.2000 or to establish or defend a legal claim, provided that the data are processed exclusively for said purposes and for no longer than is necessary therefor;
c) if the provision of information to the data subject involves an effort that is declared by the Authority to be manifestly disproportionate compared with the right to be protected, in which case the Authority shall lay down suitable measures, if any, or if it proves impossible in the opinion of the Authority.

(1) Law 14/2009, amending and converting decreto-legge 207/2008, n. 207, has added the paragraph as follows:
Art. 44 – Provisions relating to the protection of confidentiality […]

1-bis – Any personal data stored in databases set up on the basis of telephone directories dating before 1 August 2005 may be legally used for promotional purposes only until 31 December 2009, notwithstanding articles 13 and 23 of the Personal Data Protection Code introduced by  the decreto legislativo of 30 June 2003, no. 196, solely by the data controllers who set up the databases before 1 August 2005.[…]
English