Skip to main content
search

Privacy Policy

Information on the processing of personal data – Website

Pursuant to Articles 13 and 14 of the GDPR (General Data Protection Regulation) 2016/679

 

Innovio Spa, in its capacity as Data Controller, informs Users of the website www.innoviogroup.com (hereinafter Data Subjects) that to carry out the relationships between them, personal data relating to them are collected, pursuant to EU Regulation 2016/679 “General Data Protection Regulation” (hereinafter “GDPR”) and Italian Legislative Decree 196/2003 “Personal Data Protection Code” as amended by Italian Legislative Decree 101/2018.

As a result of the above-mentioned legislation, Innovio hereby informs the Data Subjects regarding what data is processed and the qualifying elements of the specific processing, which, in any case, must take place according to the principles of lawfulness, fairness and transparency, in protecting the rights and confidentiality of the Data Subjects themselves.

 

Data Controller and Data Protection Officer

The Data Controller is Innovio Spa, CF and P.IVA 04923180485, with registered office at Via Valentini n. 14, 59100 Prato (Italy).
The contact details of the Data Controller are as follows: Tel. (+39) 05527119, e-mail privacy@innoviogroup.com, innovio@pec.innoviogroup.com.
You can contact the Data Protection Officer (DPR or DPO), designated by the Data Controller, pursuant to art. 37 of the GDPR, at the e-mail address dpo@innoviogroup.com.

Purposes of processing and data processed

The Data Controller may process the data of the Data Subject for:


1 – activities related to navigation on the website by the Data Subjects

The computer systems and software procedures responsible for operating the website indicated above acquire, during their normal operation, certain personal data relating to navigation, the transmission of which is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified Data Subjects, but which by their very nature could, through processing and associations with data held by third parties, allow Users to be identified.
This category of data includes the IP addresses or domain names of computers used by users connecting to the site, the addresses in Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good purpose, error, etc.) and other parameters relating to the user’s operating system and computer environment.
The data, thus collected, could be used to establish liability in the event of any cyber crimes against the site.
Please also consult the Cookie Policy on the site.

2 – respond to requests for information

The processing of personal data is aimed at following up and providing feedback to the requests of the Data Subject sent through the form on the pages of the website (“Contact us”). Sending/communicating data is optional, explicit and voluntary.

3- trade promotion activities

The processing of personal data takes place by sending marketing and commercial communications relating to the initiatives, services and products offered by Innovio Spa. To this end, data processing (such as first name, surname, email address, telephone) can take place via e-mail or telephone.

 

Nature of data contribution and legal basis of processing

Purposes 1 and 2: navigation data and information requests are processed as they are necessary to implement IT and telematic protocols, the legal obligations to which the Data Controller is subject (e.g. contract management, invoicing, registry management, credit protection, administrative services, organizational services, and services functional to the execution of the contract), as well as to respond to the Data Subject’s requests.

The processing of personal data carried out by Innovio Spa is necessary to comply with pre-contractual measures and carried out at the request of the Data Subject himself (expressed during the browsing experience and expressed during the consultation of the website), pursuant to art. 6 par. 1, letters B) and C) of the GDPR.

Purpose 3 (commercial promotion): the legal basis for processing is the consent explicitly expressed by the Data Subject with the assent to receiving updates on initiatives, products and services. In the event that no such consent is given to the processing of personal data, this will not affect the processing of data for other purposes.

At any time, consent to the processing of data for promotional purposes may be revoked, without this having any harmful consequences or effects: the request for deletion from the newsletter can be made directly by clicking on the “Unsubscribe” option, located at the bottom of the email containing the newsletter, and entering your address to be deleted, pursuant to art. 6 par. 1 letter A) of the GDPR.

 

Modalities of data collection and processing

Innovio Spa, as the Data Controller, collects and/or receives information regarding the Data Subject released while browsing the website www.innoviogroup.com.

The data collected through the above website are processed through computer and telematic procedures.

The processing of this information is necessary for the Data Controller to manage the site and to respond to requests for information from the Data Subjects, including commercial ones, where consent is granted.

Any refusal to provide the personal data results in the inability of the Data Controller to manage and detect the communication or request for information.

 

Categories of Data Recipients

Without prejudice to communications carried out in compliance with legal obligations, all data collected and processed may be communicated exclusively for the purposes specified above to the following categories of recipients: • employees and collaborators of the Data Controller, who operate under his direct responsibility pursuant to art. 2-quaterdecies of Italian Legislative Decree 196/2003, and who have been adequately trained, appointe78d, instructed on the methods of processing the data of the Data Subjects, pursuant to art. 29 of the GDPR, and committed to confidentiality; • third parties, identified as Processor under art. 28 of the GDPR, with whom the Data Controller has entered into specific agreements governing the data processing activities of the Data Subjects, also providing specific written instructions on the methods of processing. By way of example and not limitation, computer assistance companies and hosting companies. In any case, these are entities that present sufficient guarantees to implement appropriate technical and organizational measures, so that the processing meets the requirements of current legislation and ensures the protection of the rights of the Data Subject.

The complete and updated list of recipients, i.e., those Processors for processing identified pursuant to Article 28 of the GDPR, and authorized personnel, can be consulted at the Data Controller’s offices, or upon explicit and reasoned request to the Data Controller.

Under no circumstances, your personal data will be disclosed.

 

Place of processing and data retention period

For the purposes described above, personal data may be processed and stored on company or third-party servers located within the European Union. The Data Controller reserves the possibility to make use of cloud services located in non-European third countries, selecting the providers of these services from among those who will provide adequate guarantees as required by Article 46 of EU Regulation 2016/679.

Personal data provided by navigation is not retained.

The data provided for the purposes related to points 2 and 3 will be retained for the time necessary to fulfill the purposes of the processing and in any case for the duration established by current legislation, and may also be retained even after the termination of the contract, for the fulfillment of all any obligations related to or resulting from the conclusion of the contract, including events involving the intervention of the competent authorities. In the case of judicial litigation, personal data will be processed for the duration of the same, until the conclusion of the legal proceedings is reached.

 

Rights of the Data Subject

Data Subjects may exercise the rights referred to in Articles 15 to 22 of EU Regulation 2016/679, except to preliminarily evaluate and verify their applicability. In particular, pursuant to those articles the Data Subject may exercise

  • the right of access (art. 15), that is to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain access to the personal data;
  • the right to rectification (art. 16), that is to obtain from the Data Controller without undue delay the rectification and/or integration of inaccurate or incomplete personal data concerning him or her;
  • the right to erasure (“right to be forgotten”, art. 17), that is to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay;
  • the right to restriction of processing (art. 18), where applicable, that is to obtain restriction of processing from the Data Controller;
  • the right to receive notification, in case of rectification or erasure of personal data or in case of restriction of processing (art. 19);
  • the right to data portability (Article 20), where applicable, i.e. the right of the Data Subject to receive in a structured, commonly used and machine-readable format the personal data concerning him or her provided to the Data Controller, as well as the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided;
  • the right to object (Article 21), that is to object , on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her pursuant to Article 6, paragraph 1, letters e) or f), including profiling based on those provisions;
  • the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (art. 22).

Data Subjects may at any time exercise the above rights, contacting the Data Controller and his Data Protection Officer at the contact details set out in this notice. Finally, pursuant to Article 77 of the GDPR and without prejudice to any other administrative or judicial remedy, if you consider that the processing of your personal data infringes GDPR, Data Subjects have the right to lodge a complaint with the Italian Data Protection Authority, as described on the institutional website www.gpdp.it.

Finally, where the processing of personal data is based on the consent of the Data Subject, he or she has the right to withdraw the consent given; the withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.

 

Prato (Italy), 01/01/2025

Data Controller – Innovio Spa

Close Menu