The following information is provided pursuant to:
• Art. 13 Code of privacy Legislative Decree 30.6.2003 n. 196
• Art. 13 EU General Regulation n. 679/2016 on the processing of personal data (GDPR);
• of the Recommendation n. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by art. 29 of the directive n. 95/46 / EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to the users when they connect to web pages, regardless of the purpose of the connection;
and is valid for the chiaragiorleo.com site (from this moment “site”) and not for other websites that may be consulted by the user through links on the site.
This page describes how to manage the site in relation to the processing of personal data of users who consult it, browse it or use it according to the possibilities granted and the services offered by the site itself.
The treatment is always based on principles of lawfulness and fairness in compliance with all current regulations and appropriate security measures are adopted to protect the data.
1) CONTROLLER, RESPONSIBLE AND DELEGATE FOR THE TREATMENT
Following consultation, navigation or use of this site, data relating to identified or identifiable natural or legal persons may be processed.
The controller of their treatment is:

Chiara Giorleo
Partita Iva 05324410652
giorleochiara@gmail.com

Responsible for the processing of data, is Netsons, which takes care of the maintenance of the technological part of the site and that, for this purpose, could become aware of the data. As stipulated between the owner and the manager, the latter undertakes not to disclose in any way and for any reason the data processed by the owner’s website.
Persons in charge of data processing are: other subjects or the categories of subjects who, in the scope of the purposes illustrated in this statement, may become aware of the data or to which they may be communicated, as they are involved in the organization of the site and in the management of the activity, appointed by the data controller or by the controller, external parties, also appointed, if necessary, Data Processors by the Data Controller.
The data may also be communicated to Public Authorities, Police Forces or other Public and Private Subjects, but only if it is indispensable for the purpose of fulfilling legal obligations, regulations or Community legislation.
Users are encouraged to avoid the inclusion of sensitive data (that is, data capable of revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data capable of revealing the state of health and sex life) and superfluous judiciary because this could lead to the destruction of the message.
2) PLACE AND MODE OF DATA PROCESSING
The processing connected to the web service of this site takes place at the aforementioned office and is carried out by the Data Controller, by the Data Processors and by the data processors appointed by them, at their offices. Eventually, a further processing site may also be elected, including the hosting service provider, due to site maintenance needs.
The data will be treated in confidence, through automated tools, and will in no way be disseminated to unauthorized third parties, will not be disclosed, disseminated or transferred abroad, or to third countries (non-EU).

3) PURPOSE AND LEGAL BASIS OF TREATMENT, STORAGE TIMES OF PERSONAL DATA COLLECTED AT THE INTERESTED PARTY
No personal data is collected at the interested party on this site.
– Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mail and / or ordinary mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
If the sender sends his / her curriculum to submit his / her professional application, he / she remains solely responsible for the relevance and accuracy of the data sent. It should be noted that any curriculum without the authorization to process data will be immediately deleted.
4) PURPOSE AND LEGAL BASIS OF TREATMENT, STORAGE TIMES OF PERSONAL DATA NOT OBTAINED AT THE INTERESTED PARTY
Personal identification data will be processed exclusively by the Data Controller, Data Processor and Trustees of the processing, which are duly authorized unless otherwise specified.
Such data may be necessary for the data subject to take advantage of certain features and services made available by the site, for the following purposes:
– Access log
Purpose and legal basis of processing: access logs are used to keep track of entries on the site, for control and security operations. The IP addresses and access times are saved. These data are not directly related to an identified or identifiable person, due to the widespread use of dynamic IP.
Data retention period: the logs are kept for 10 years or until cancellation on any request or need, which may occur before the scheduled time frame.
Scope of communication: the data are processed by the owner, responsible and in charge of processing regularly authorized. Only in the case of an investigation can they be made available to the competent authorities.
Conferment: The data are not conferred by the interested party but acquired automatically by the technological systems of the site.
– Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified individuals, but which by their very nature could – through processing and association with data held by third parties – allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment. By visiting the site the following information is automatically collected:
1. User hostname. The hostname or Internet Protocol address of the user requesting access to the site.
2. HTTP header, and the string “user agent” which includes: the type and version of the browser used and the operating system with which the browser works.
3. System date. The date and time of the user’s visit.
4. Complete request. The exact request formulated by the user.
5. Content lenght. The consistency, in bytes, of every document sent to the user.
6. Method. The request mode used.
7. Universal Resource Identifier (URI). The location of resources on the server.
8. The Request string of the URI, that is, everything that is after the question mark in the URI.
9. Type of device used for consulting the site.
10. Protocol. The transmission protocol and the version used.
Purpose and legal basis of processing: These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in case of hypothetical computer crimes against the site (legitimate interests of the owner).
Data retention period: The data are normally kept for short periods of time, ie from a single session up to 2 years from the page visit, with the exception of any extensions connected to investigations.
Scope of communication: the data are processed by the owner, responsible and in charge of processing regularly authorized. Only in the case of an investigation can they be made available to the competent authorities.
Conferment: The data are not conferred by the interested party but acquired automatically by the technological systems of the site.

5) PRIVACY REGARDING COOKIES
Cookies are small text strings that the sites visited by the user send to his terminal (usually the browser), where they are stored before being re-transmitted to the same sites at the next visit of the same user. For more detailed information, please refer to the page of this website dedicated to the extended information on Cookies, also visible via the link at the bottom of all the pages of the Website.

Cookies that do not identify the user
For these cookies, of a technical nature, there is no consent, but only the dedicated information, as they do not identify the user or make it identifiable, and are necessary for the proper use of the site.
– Navigation cookies or first-party session: guarantee the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas): our site uses non-persistent technical cookies for the sole purpose improve your browsing experience and allow faster access later.
– Functionality cookies, which allow the user to navigate according to a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided.
– Analytical cookies, similar to technical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site;

Cookies that can identify the user
For these Cookies, consent is given by the user.
This site does not use cookies that can recognize the user or profiling. Google Analytics has been implemented anonymously so as not to track and identify users who browse the site.
They are mostly third-party cookies, created, installed and readable by a site other than the one the user is visiting, and whose data are stored at the third party and for which the cookies and data processing policy of the third.
The duration of these cookies goes from the single session to two years from the page visit.
Users can check which cookies are used by third parties, and if necessary deactivate them by visiting the link related to the information on Cookies.
Please note that the deactivation or blocking of some or all cookies can affect the complete use of the site or, more generally, its consultation.
6) DATA SECURITY MEASURES
Specific security measures are observed to prevent data loss (through the use of backups), illicit or incorrect use and unauthorized access (through the use of passwords).
The physical server, on which the personal data resides, is located in Milan (Italy), protected by a double UPS system, an uninterruptible power supply for prolonged blackouts, temperature and humidity monitoring, distributed extinguishing system, 24-hour surveillance on 24 and 365 days a year, accesses registered and checked.

7) NOTIFICATION OF VIOLATIONS OF PERSONAL DATA (articles 33 and 34 GDPR)
Pursuant to art. 33 GDPR The Data Controller or the Data Processor will notify the Supervisory Authority of any violation of personal data of which they become aware and if from such violation risks arise for the rights and freedoms of the data subjects, within 72 hours and in any case without unjustified delay.
Pursuant to art. 34 GDPR if the breach of data security presents a high risk for the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the violation, without justified delay, with the exception of the cases referred to in paragraph 3 of the art. 34 GDPR.
8) RIGHTS OF THE INTERESTED PARTIES
Right of withdrawal of consent (reference Art. 7 GDPR)
The interested party has the right to revoke the consent previously granted, considering that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation. In the event of a request for revocation, the data of the interested party will be deleted, except for the need to continue the processing (for a different legal basis or for example tax obligations).

Right to access data of the interested party (reference Art. 15 GDPR)
The interested party can view his personal data independently from the panel dedicated to him, if registered.
Furthermore, the data subject has the right to obtain from the data controller confirmation that the processing of personal data concerning him is underway and, in this case, to obtain access to his / her data.
Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the existence of adequate guarantees relating to the transfer.

Right of rectification (reference Art. 16 GDPR)
The interested party can modify his personal data independently from the panel dedicated to him, if registered.
The interested party also has the right to obtain from the data controller the correction of their personal data not accurate without unjustified delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right of cancellation or right to be forgotten (Reference Art. 17 GDPR)
The interested party has the right to obtain from the data controller the cancellation of their personal data without undue delay. The holder will delete such personal data, upon request, without undue delay.
If the data controller has made public personal data is obliged to delete them, taking into account the available technology and implementation costs, taking reasonable steps to inform the other data controllers who are processing the personal data of the data subject, the request for the latter to delete any link, copy or reproduction of his personal data.
It is emphasized that the right of cancellation may not apply if the treatment is necessary for:
• exercising the right to freedom of expression and information,
• for the fulfillment of a legal obligation,
• for reasons of public interest in the public health sector,
• for public archival purposes, scientific, historical or statistical research,
• for the assessment, exercise or defense of a right in court.
Right to limit the processing (reference Art. 18 GDPR)
With the right to limit the processing, the interested party may request the limitation of use of their data, excluding the storage of the same. This limitation can be exercised not only in case of violation of the conditions of lawfulness of the processing, but also if the person concerned appeals to the right of rectification (pending the latter) or opposes the processing of his data (pending evaluation by the holder of this opposition).

Notification obligation (reference Art. 19 GDPR)
The data controller will communicate to each of the recipients to whom the personal data have been transmitted, any corrections, deletions or limitations on the processing requested by the interested party, provided that this is not impossible or involves a disproportionate effort.
The data controller, if requested by the interested party, will inform the recipient of the recipients of his personal data to which he / she must transmit his / her wishes for the exercise of the right.

Right to data portability (reference Art. 20 GDPR)
The interested party has the right to receive, in a structured format, in common use and readable by automatic device, the data concerning him and provided by him to the data controller, without impediments, provided they do not affect the rights and liberties of others and if they are processed in an automated format (paper archives are excluded).
Portability does not result in data deletion.

Opposition right (reference Art. 21 GDPR)
The interested party has the right to oppose at any time, for reasons connected with his particular situation, to the processing of personal data concerning him / her, including profiling. In this case the holder will refrain from further processing the personal data of the data subject who availed himself of the right of opposition, unless he demonstrates the existence of legitimate and mandatory reasons for proceeding with the processing that prevails over the interests, rights and freedom of the interested party or for the establishment, exercise or defense of a right in court.

Complaints and remedies before the competent administrative and judicial authorities.
If the interested party considers that the processing of data concerning him / her has not respected, for any reason, the provisions prescribed by Legislative Decree no. n. 196/2003 and by the EU Reg. N. 679/2016, or believes that the rights enjoyed on the basis of the aforementioned provisions of the law have been violated, may promote Complaints before the Supervisory Authority and / or promote Appeals before the competent judicial bodies, pursuant to art. 77, 78 and 79 (GDPR), as well as the right to obtain compensation for any damage as per art. 82 (GDPR).
9) MODALITIES OF EXERCISE OF RIGHTS BY THE INTERESTED PARTIES
The interested party may also exercise all the other rights envisaged under No. 8) of this information by means of a specific communication, without formalities, to be sent to the data controller Chiara Giorleo to mail address giorleochiara@gmail.com
The deadline for the reply to the interested party is, for all rights (including the right of access), 1 month, which can be extended up to 3 months in cases of particular complexity (pursuant to Article 12 of the GDPR). The Data Controller or the Data Processor will in any case give feedback to the data subject within 1 month of the request, even in the case of denial.
The exercise of rights is, in principle, free for the data subject, but there may be exceptions. It is up to the owner to evaluate the complexity of the reply to the interested party and to establish the amount of the contribution to be requested from the interested party, but only if the requests are manifestly unfounded or excessive, in particular due to their repetitive nature; if more “copies” of personal data are requested in the case of the right of access, the holder could take into account the administrative costs incurred.
The holder has the right to request information necessary to identify the person concerned, and the latter has the duty to provide it, in an appropriate manner.
The reply to the interested party, unless otherwise indicated by the interested party, will normally be in writing, in an electronic format in common use. The feedback can be given orally if so requires the interested party.

10) MINORS
The consent of minors is valid from 16 years; before this age, the consent of the parents or of those who take their place must be collected.
To guarantee greater protection of children’s rights and to ensure that the services provided by the www.svapoworld.com site are used exclusively on the basis of the consent given by subjects deemed suitable pursuant to Legislative Decree no. n. 196/2003 and of the EU Reg. N. 679/2016, it may be required that the user declare their date of birth during registration and to be able to use the services provided there.

Updating the Privacy Policy
It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence, therefore, the interested party is invited to consult periodically this policy.
This page is visible, through the link at the bottom of all the pages of the Site pursuant to art. 122 second paragraph of Legislative Decree no. 196/2003 and following the simplified procedures for the information and the acquisition of consent for the use of cookies published in the Official Gazette No. 126 of June 3, 2014 and the related register of measures No. 299 of May 8, 2014.

Last updated: May 2018

Share: