Privacy policy
Pursuant to Article 13 of the EU Regulation 2016/679 and the applicable Italian legislation on the processing of personal data, the following information is provided regarding the processing of personal data resulting from browsing this website.
Data Controller
The Data Controller is EVOLVE di A. Gandino & S. Maranzana, represented by the pro tempore legal representative (VAT No. 02331730990), with its registered office at Piazza De Marini 3, 16123 Genoa, Italy. The company can be reached at the following contacts: tel. 010/265507- 3484394450 - email contact@studioevolve.it – pec evolvesnc@pec.it.
Personal Data Processed
The personal data processed by Evolve, either independently or through third parties, include only common data: identifying data (name, surname), contact details (email address), browsing data (Country, cookies).
Browsing Data
The IT systems and software procedures used to operate this website acquire, during their normal course of operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified individuals but, through processing and associations with data held by third parties, could allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.), and other parameters related to the user’s operating system and IT environment.
These data are used solely to obtain anonymous statistical information about the use of the site and to ensure its proper functioning. The data is deleted immediately after processing.
Cookies
In addition to data expressly provided to the Data Controller, other data deriving from the user’s browsing of the site may be recorded. When the user accesses the site, a “cookie” may be sent to the user’s computer. A “cookie” is a small text file that the site may automatically send to the user’s computer when they view our pages. Cookies make browsing easier, in addition to providing information about the user’s navigation within the site and enabling the operation of some services that require identifying the user’s path through different pages on the site.
We invite you to read the Cookie Policy, available on this website, to better understand the types of cookies used and how to give or deny consent to their use.
Purpose of Data Processing and Retention Period
Your personal data, explicitly collected or obtained by the Data Controller during navigation on this website, will be processed exclusively for the purposes outlined below:
A) To allow access to and navigation of the website;
Retention period: Until the purpose for which they are processed is achieved.
B) To provide our products/services;
Retention period: For the duration of the current contract and for 10 years following its termination.
C) To fulfill pre-contractual, contractual, and tax obligations arising from the relationship with you;
Retention period: For the duration of the current contract and for 10 years following its termination.
D) To comply with legal, regulatory, or EU obligations;
Retention period: Until the purpose for which they are processed is achieved and, in any case, no longer than 10 years after their provision.
E) To respond to any requests for information, assistance, or quotations;
Retention period: Until the purpose for which they are processed is achieved.
F) To exercise the Data Controller’s rights (e.g., the right to defense in court);
Retention period: Until the purpose for which they are processed is achieved and, in any case, no longer than 10 years after their provision.
Legal Basis for Processing
Your data will be processed:
- On a contractual/pre-contractual basis (Art. 6, para. 1, letter b) GDPR) for the purposes outlined in points B), C), and E) above.
- On a legal basis (Art. 6, para. 1, letter c) GDPR) for the purposes outlined in point D) above.
- Based on the legitimate interest of the Data Controller (Art. 6, para. 1, letter e) GDPR) for the purposes outlined in points A) and F) above.
Nature of Data Provision
For the purposes outlined in point A), data provision is necessary for website navigation, and failure to provide them would prevent such navigation.
Data provision for the purposes outlined in points B), C), and E) is always optional, but failure to provide them may prevent the Data Controller from delivering the requested product/service.
Recipients of Personal Data
Your personal data may be disclosed to the following categories of recipients:
- Companies, consultants, or professionals responsible for the installation, maintenance, updating, and, in general, the management of the hardware and software used by the Data Controller for providing its services (such as web hosting companies and IT support providers), who will be appointed as external Data Processors or System Administrators in accordance with Article 28 of the European Regulation 2016/679 or who will act as independent Data Controllers;
- All those subjects, public or private, whose communication is necessary or functional to the proper fulfillment of the obligations assumed or arising from the law.
Transfer of Data to Third Countries
Your personal data will not be transferred to third countries. Should access to your data by such countries be allowed, the most stringent logistical and IT security measures will be adopted to prevent and impede the risk of access to the same by unauthorized persons or for purposes other than those stated in this document.
Data Processing Methods
Personal data are processed by manual, IT, and telematic tools. Data is also processed in an automated manner and will be stored in a way that minimizes, through the adoption of suitable and preventive security measures, the risks of destruction or loss, even accidental, of the data, of unauthorized access, or of processing that is not allowed or does not comply with the purposes for which they were collected.
Data Retention Duration
The data provided by you will be processed and stored for the time strictly necessary to achieve the purposes for which they are processed, in accordance with the principle of storage limitation (Art. 5 GDPR) or based on the deadlines established by law. The retention period differs depending on the purpose of the processing, as detailed above.
All maximum retention periods indicated above may be exceeded in the event of a request for an extension by the Judicial Authority or Law Enforcement or in the case of the exercise of a right in judicial proceedings by the Data Controller.
The obsolescence of the data stored concerning the purposes for which they were collected is periodically checked by the Data Controller.
Rights of the Data Subject
The Data Subject may exercise, at any time, under Article 7 of Legislative Decree 196/2003 and Articles 15 to 22 of the EU Regulation 2016/679, the right to:
i. Obtain confirmation as to whether or not personal data concerning him/her is being processed, and obtain a copy of such data;
ii. Obtain the following information: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic tools; d) the identifying details of the Data Controller, the Processors, and the Data Protection Officer (if applicable); e) the recipients or categories of recipients to whom personal data may be communicated or who may become aware of it as designated representatives in the State’s territory, as processors, or persons in charge of processing;
iii. Obtain: a) the updating, rectification, or integration of the data; b) the erasure, anonymization, or blocking of data that have been processed unlawfully; c) certification that the operations as per letters a) and b) have been notified, also with regard to their contents, to those to whom the data were communicated or disseminated, unless this proves impossible or involves a disproportionate effort; d) obtain from the Data Controller personal data in a structured, commonly used, and machine-readable format and, where technically feasible, have the data transmitted directly from one controller to another;
iv. Object: a) to the processing of their personal data, even if pertinent to the purpose of collection; b) to the processing of personal data for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through automated calling systems without the intervention of an operator, by email and/or traditional marketing methods by telephone and/or postal mail. The right to object may also be exercised in part, allowing the Data Subject to choose to receive only communications via traditional methods or only automated communications or neither of the two types of communication;
v. Lodge a complaint with the supervisory authority, the Italian Data Protection Authority, by emailing: garante@gpdp.it, by fax at 06 696773785, or by post to Piazza di Monte Citorio n. 121, 00186 Rome, Italy.
How to Exercise the Rights of the Data Subject
The exercise of the rights detailed above may occur by sending a request to the Data Controller at the following contacts: EVOLVE di A. Gandino & S. Maranzana, Piazza De Marini 3, 16123 Genoa, Italy - email contact@studioevolve.it – pec evolvesnc@pec.it.
Final Clauses
This privacy policy may be subject to changes over time – also due to the possible entry into force of new sector regulations, the updating or provision of new
Issue Date: October 14, 2024