Privacy policy pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)
This Privacy Policy is provided to users of this website (“Data Subjects”) pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and applies exclusively to the processing of personal data carried out through this website and related services.
This Policy does not apply to third-party websites that may be accessible through links on this website, for which the respective data controllers are solely responsible.
1. Data Controller
The Data Controller is:
SUBSTRING di Matteo Contrini
VAT no. IT02632420226
Email: matteo@dmarcwise.io
The Data Controller has not appointed a Data Protection Officer, as the legal conditions for such appointment do not apply.
2. Categories of personal data processed
The Data Controller may process the following categories of personal data:
- common personal data, such as identification, contact and similar information;
- personal data voluntarily provided by the Data Subject through forms, messages or other interactions with the website;
- technical and navigation data related to the use of the website and its services.
Personal data may be collected directly from the Data Subject, from automated systems used to operate the website, or, where applicable, from publicly available sources or third parties connected with the Data Subject.
The Data Controller observes strict confidentiality and professional secrecy obligations in relation to all personal data processed.
3. Purposes of processing
Personal data are processed in accordance with the GDPR for the following purposes:
- to allow the use of the website and its services;
- to manage communications and requests sent by users;
- to perform activities connected and instrumental to the operation of the website;
- to comply with legal, regulatory and contractual obligations;
- to protect the rights and legitimate interests of the Data Controller;
- for any further purposes that are connected or compatible with those listed above.
4. Legal bases of processing
The processing of personal data is carried out on the basis of one or more of the following legal grounds:
- Article 6(1)(b) GDPR – processing is necessary for the performance of a contract or pre-contractual measures requested by the Data Subject;
- Article 6(1)(c) GDPR – processing is necessary to comply with a legal obligation to which the Data Controller is subject;
- Article 6(1)(f) GDPR – processing is necessary for the legitimate interests of the Data Controller, including the exercise of its business activities and the protection of its rights, provided such interests are not overridden by the fundamental rights and freedoms of the Data Subject;
- Article 6(1)(a) GDPR – consent of the Data Subject, where required.
Where processing is based on consent, such consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.
5. Nature of data provision
The provision of personal data is necessary for the use of the website and for the handling of requests made by the user.
Failure to provide required data may result in the impossibility for the Data Controller to provide the requested services or to process the request.
6. Recipients of personal data
Personal data may be communicated, within the limits of the stated purposes, to:
- employees and collaborators of the Data Controller;
- service providers, consultants and professionals acting as data processors or independent controllers;
- public authorities and other entities where required by law.
In all cases, personal data are processed by authorised persons subject to appropriate confidentiality obligations.
Personal data will not be disclosed to the public.
7. Data retention
Personal data are retained for the time strictly necessary to achieve the purposes for which they were collected and, in any case, for the period required by applicable legal, accounting, fiscal and contractual obligations.
Where processing is based on consent, the data will be retained until such consent is withdrawn, unless longer retention is required by law.
8. Transfers to third countries
Personal data may be transferred to, stored or processed in countries outside the European Union or the European Economic Area where the Data Controller or its service providers are located or operate.
Such transfers shall in all cases take place in accordance with Articles 44 et seq. of the GDPR and only where one of the following conditions applies:
- the European Commission has adopted an adequacy decision for the recipient country; or
- the transfer is subject to appropriate safeguards, including Standard Contractual Clauses approved by the European Commission; or
- the transfer is permitted under one of the derogations provided for in Article 49 of the GDPR, including where it is necessary for the performance of a contract or where the Data Subject has explicitly consented.
Where required, the Data Controller also implements additional contractual, technical and organisational measures to ensure an adequate level of protection in line with EU law and the principles established by the Court of Justice of the European Union.
9. Data Subject rights
Pursuant to Articles 15 to 22 of the GDPR, the Data Subject has the right to:
- obtain access to their personal data;
- request rectification or erasure of personal data;
- request restriction of processing;
- receive their personal data in a structured, commonly used and machine-readable format;
- object to the processing of their personal data;
- withdraw consent, where applicable;
- not to be subject to a decision based solely on automated processing, including profiling.
Requests may be sent to the Data Controller at the contact details indicated above.
The Data Controller will respond within the time limits set by Article 12 of the GDPR.
10. Right to lodge a complaint
The Data Subject has the right to lodge a complaint with a supervisory authority pursuant to Articles 77 et seq. of the GDPR.
For Italy, the competent authority is the Garante per la Protezione dei Dati Personali.