Privacy policy pursuant to Articles 13 and 14 of GDPR 2016/679

Data subjects: website users.

Pursuant to and for the purposes of EU Regulation 2016/679, hereafter ‘GDPR’, Spinto SRL, as the Data Controller, hereby informs you that the aforementioned regulation provides for the protection of data subjects with respect to the processing of personal data and guarantees that such processing is carried out under the principles of correctness, lawfulness, transparency and confidentiality of your data and your rights.

Your personal data will be processed in accordance with the provisions of the aforementioned regulation and the confidentiality obligations set forth therein.

Purposes and legal basis of the processing: more in particular, your data will be processed for the following purposes, relating to the execution of contractual or pre-contractual obligations:

• Technical and functional access to the website – no data is stored after closing the browser.

Your data will also be processed for the following purposes that are necessary for the pursuit of the legitimate interest of the Data Controller:

• Information requests you have submitted.

With your consent, your personal data may also be processed for the following purposes:

• Marketing and advertising purposes through the company newsletter.

The provision of your personal data with regard to the aforementioned purposes is optional and your opposition to its processing will not affect your consumer position in the relations with the company in any way nor the adequacy of the processing.

Processing methods. Your personal data may be processed as follows:

• Through computer systems, using software managed by third parties;
• Through computer systems, using software coded or managed in-house;
• Profiling of customers, suppliers and consumers;
• Processing through computer systems;
• Temporary anonymous processing.

All processing is carried out in compliance with the provisions set out in Articles 6 and 32 of GDPR, by adopting the appropriate security measures therein specified.

Your data will be processed only by personnel expressly authorised by the Data Controller, more specifically, by the following categories of employees:

• Programmers and analysts;
• Business partners;
• The marketing department.

Transmission: Your data may be transmitted to third parties for the proper handling of contractual arrangements, more specifically, to the following categories of Recipients, including all the duly-appointed Data Processors:

• Facebook: Advertising service, Targeted advertising, Content customisation.

Data dissemination: Your personal data will not be disclosed in any way.

Your personal data may be transferred, within the scope of the above-mentioned purposes, to servers located in the following countries:

• United States – Google Drive: pursuant to Article 45 of GDPR and the provisions of the Privacy Shield, your data may be transferred, on the basis of an adequacy decision, to cloud-storage servers with access restricted to Spinto personnel. In specific circumstances, the folder stored on Google Drive and the data therein contained, may be shared with other subjects (journalists, publicists or the customers themselves) for the purpose of drafting press releases and similar documents or for carrying out work tasks.

Data retention period. Pursuant to art. 5 of GDPR, we inform you that, in compliance with the principles of lawfulness, purpose limitation and data minimisation, the retention period of your personal data shall:

• not exceed the time necessary for the achievement of the purposes for which the data is collected and processed for the execution and fulfilment of the contractual arrangements.

Cookie management: if you have doubts or concerns about the use of cookies, you can prevent them from being set and read by changing the privacy settings in your browser to block certain cookie types.

Considering that all browsers are different (including different versions of the same browser), if you wish to modify the preferences of your browser autonomously, you can find detailed information on the procedure to follow in your browser’s documentation. For an overview of how to change the settings of the most common browsers, you can visit www.cookiepedia.co.uk.

If you wish to opt out of receiving targeted ads, we inform you that Advertising companies allow you to do so. This does not prevent them from setting cookies but does prevent them from using and collecting some of your data.

For more information and how to opt out, please visit www.youronlinechoices.eu/.

Data Controller: pursuant to current legislation, the Data Controller is Spinto SRL (headquartered in Corso Duca D’Aosta 1, 10129 – Turin; VAT No: 10122820011) through its pro tem legal representative.

You have the right to have the Data Controller cancel (right to be forgotten), limit, update, rectify, port and stop the processing of your personal data, in addition to the rights provided for by articles 15, 16, 17, 18, 19, 20, 21, 22 of GDPR.

You can also read the updated version of this policy at any time by visiting the website
https://www.privacylab.it/informativa.php?12991369226.

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the data subject

1. The Data Subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, even if not yet registered, to receive them in an understandable form and to lodge a complaint with the supervisory authority.
2. The Data Subject has the right to be informed on:
   1. the origin of their personal data;
   2. the purposes and methods of the processing;
   3. the policies applied in case the processing is carried out with electronic methods;
   4. the identity of the Data Controller, Data Processor and the authorised legal representative pursuant to article 5, paragraph 2;
   5. the subjects or categories of subjects to whom the personal data may be transmitted or who can have access to them in the capacity of appointed State representatives, Data Processors or agents.
3. The Data Subject has the right to:
   1. have his or her data updated, rectified or, where this is of interest, integrated;
   2. have his or her data erased, anonymised or their processing restricted when carried out unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
   3. the attestation that the operations referred to in letters a) and b), and their content have been communicated to all the parties to whom the data have been transmitted, except in the case in which their execution is impossible or requires the use of means manifestly disproportionate to the protected right;
   4. data portability
4. The Data Subject has the right to object to the processing of personal data concerning him or her, in whole or in part:
   1. for legitimate reasons, even when suitable to the purpose of the collection;
   2. for the purpose of sending advertising materials and offering direct sales or for carrying out market research or sending commercial communications.