Genus S.r.l. respects the privacy of all users who visit the Site and use the Services.
The Policy does not apply to third party sites accessible via links on the Owner’s Site.
Users’ personal data is processed in full compliance with the General Data Protection Regulation (EU) no. 679/2016.
1. Identity and contact details of the Data Controller
The Data Controller is the company Genus S.r.l. – Largo Verdi, 19 – 20082 Binasco (MI) – P.IVA | C.F. 09713410968 – e-mail: firstname.lastname@example.org
2. Categories of personal data processed
The Data Controller may process the following categories of Users’ personal data:
– data communicated by the user: identification and contact data (mainly name, e-mail) entered voluntarily by the user when filling in the data request form on the site and/or through the optional, explicit and voluntary sending of messages to the various addresses/contact channels of the Data Controller, entail the acquisition of the sender’s contact data, necessary to process the request forwarded by the interested party, as well as all the personal data included in the communications; if necessary, specific information is published on the web pages set up for the provision of different services and different purposes;
– navigation data: during normal operation, the computer systems and software procedures used to operate this site acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform ResourceIdentifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data, necessary for the use of web services, are also processed in order to
– obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
– checking the correct functioning of the services offered
– in the event of hypothetical computer crimes committed to the detriment of the site, in agreement with the judicial authorities, such data could be used to ascertain responsibility.
3. Purposes and legal bases of personal data processing
The Owner processes Users’ data mainly to allow them to access, register and navigate its Site, as well as to use the Services. The Owner processes Users’ data in order to allow them to navigate its Site and to be able to respond to any requests sent voluntarily by the User.
Any further processing takes place only on the basis of legal obligations and on the basis of legitimate interest. For all other processing purposes, explicit consent provided by the User to the Data Controller is required.
In particular, Genus S.r.l. collects and processes the personal data of Users for the following purposes
a) purposes strictly connected and instrumental to administrative-accounting management;
b) purposes connected to legal and fiscal obligations provided for by laws, regulations, community standards, as well as provisions issued by Authorities and supervisory and control bodies;
c) to allow the user to navigate on the Site, to respond to User requests sent through the Site
d) improve the presentation, features and functionality of the Site and the Services;
e) provide assistance on the use of services/products, upon request of the Users;
f) with prior consent, contact Users by e-mail, newsletter, mailing list, sms, messaging to send them commercial and promotional communications, special initiatives and discounts. The User is automatically included in a list of contacts to whom email/messaging messages may be sent through Mailchimp platforms (please see the policy on data processing https://mailchimp.com/legal/privacy). Each communication will specify how to object to the processing and no longer receive further communications. In these cases, the provision of the data is optional and failure to provide the data will result in the failure to send commercial communications.
For the purposes referred to in letters (a) to (e) the legal bases identified are art. 6.1.b) GDPR for processing necessary to execute pre-contractual/contractual measures/execution of specific requests by the user – art. 6.1.c) GDPR for processing necessary to comply with legal obligations – art 6.1.f) GDPR for the pursuit of legitimate interest.
For the purposes of letter (f) Genus S.r.l. will process the personal data of Users on the basis of their consent – art.6.1.a) consent for marketing purposes (sending newsletters, market research, on and off line promotional activities).
4. Data retention times
Personal data processed by Genus S.r.l. will be kept for the time strictly necessary to achieve the purposes for which it was originally collected and, in any case, will no longer be processed if consent is revoked.
Where the processing of personal data is required to comply with legal, fiscal or judicial obligations, the data may be stored for up to ten (10) years.
Surfing data shall not be kept for more than seven days and shall be deleted immediately after their aggregation (except for any need to ascertain crimes by the judicial authorities).
5. Provision of data
Apart from that specified for navigation data, the user is free to provide his/her own personal data. However, failure to provide them may make it impossible to obtain what has been requested.
6. Processing methods
All personal data will be processed with the aid of paper and computerised tools.
The Data Controller has adopted all the necessary technical and organisational measures to ensure a high level of security in order to minimise the risks inherent in the confidentiality, availability and integrity of the personal data collected and processed, based on Articles 24, 25 and 32 of the GDPR.
7. Recipients of personal data – Communication and dissemination of personal data
The personal data processed will be communicated to clearly defined subjects. On the basis of their roles and duties, internal and external staff are authorised to process data within the limits of their competences and in accordance with the instructions given to them by the Data Controller.
The same data may be communicated to legitimate subjects with functions of systems administration, hosting services and maintenance of the technological part of the site, managers of platforms for sending newsletters and messaging, subjects appointed as data processors (professional firms providing accounting services etc.), partners (Souri Srl, Sgs Srl, Sport Dream Srl SSD) and subjects whose legal provisions or EU regulations recognise the right to access the data.
The web hosting service is located in the EU.
8. Transfer of personal data abroad
The management and storage of personal data will take place on servers located within the European Union but also through the use of cloud services in non-EU countries. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by entering into, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission. With regard to the processing of personal data processed through the newsletter management platform MailChimp, the place of processing is in the United States and the Subject is a member of the Privacy Shields.
9. Processing of personal data of minors
The use of the Site and Services is reserved only for Users of legal age. Genus S.r.l. does not process the personal data of minors.
10. Rights of the interested party and withdrawal of consent
The Data Controller can be contacted freely for any request concerning this Policy by writing to email@example.com.
The user may, at any time, exercise the rights under Articles 15/16/17/18/20/21 of the GDPR 679/16.
The aforementioned rights may be exercised by sending a specific request to the Data Controller through the contact channels indicated in this Policy.
With reference to Article 7 of the GDPR 679/16, the data subject may revoke the consent given at any time by notifying the Data Controller or by using the specific function according to the instructions at the end of each newsletter.
12. Links to third party sites
Genus S.r.l. cannot in any case be held responsible for processing carried out through or in relation to these third party sites.
Users are therefore invited to pay the utmost attention in this regard, reading the conditions of use and privacy and cookie policies published on the various sites visited.
13. Amendments and updates
This Policy is updated and applicable as of 25/10/2019.
Any further changes will be communicated to Users by the means and at the times deemed most appropriate by the Owner, in particular by publication on the Site.