This Privacy Policy describes how we collect, use, and manage data personal data in accordance with Articles 13 and 14 of European Regulation 679/2016 (hereinafter also "GDPR") and Article 13 of Legislative Decree No. 196/03 (Personal Data Protection Code) as amended by Legislative Decree No. 101 of August 10, 2018.

The information is provided for this website and not also for other websites that may be consulted by the user through links. The policy is inspired by the guidelines and recommendations of the EDPB, which replaced the Article 29 Working Party (WP29) established by Directive 95/46/EC and ensures the consistent application of the GDPR. We therefore invite you to review our Privacy Policy, outlined below.

1. Data controller

The data controller is Di Paola & Partners, with registered office in Corso Italia, 171 Catania, email info@dipaola.it, phone +39 095 722 1027.

2. Data controller

The data controller is Di Paola & Partners. For any request related to the processing of your personal data, you can contact Di Paola & Partners at the email address or phone number +39 095 722 1027.

3. Types of personal data collected

This site collects the following personal data:

• Identifying data (first name, last name, email address, phone number, etc.).
• Browsing data (IP address, browser type, usage data).
• Payment and billing information, if applicable.
• Other information voluntarily provided by users through forms or direct communications.

It is useful to know that the site's software procedures acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

Although this information is not intended to be associated with identified users, by its nature, if it is associated with other data held by third parties (e.g., its internet service provider), it could allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URL (Uniform Resource Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

This data is used only for the purpose of anonymous statistics on the use of the site and to check its proper functioning.

The Data Controller And, depending on the service required, the Designated Officer retain, for a limited period in accordance with legal regulations, the trace (LOG) of connections/navigations made in order to respond to any requests from the judicial authority or other public body entitled to request said trace for the purpose of ascertaining possible liability in the case of computer crimes.

Apart from what is specified for navigation data, the user is free to give or not to give the personal data requested on the registration form for services. On that form, however, some data may be marked as mandatory; it should be understood that these data are necessary for the provision of the requested service. If these data are not provided, the requested service cannot be provided.

At the time of any provision of data, in accordance with the provisions of Article 13 of Legislative Decree No. 196/03 (as amended by Legislative Decree No. 101 of August 10, 2018) and Articles 13 and 14 of the GDPR, the interested party is provided with a brief but complete and transparent information on the purposes and methods of processing, on the mandatory or optional nature of the provision of data, on the consequences of failure to provide data, on the subjects or categories of subjects to whom the personal data may be communicated and the scope of dissemination of such data, on the rights recognized by Art. 15 et seq. of Regulation (EU) 2016/679 (GDPR) (including the rights to rectification, erasure, restriction, portability and objection to processing), the identity and location of the data controller and data processors.

The data subject is then called upon to express his or her informed, free consent, expressed in a specific form and documented in the form required by law, where required by law. If the conferments of personal data take place at later stages, additions may be provided to the information already rendered previously and new processing consents provided by the Privacy Code and the GDPR may be requested.

4. Purpose of processing

Personal data will be processed for the following purposes:

• To provide services requested by the user.
• Improve the user experience and our website.
• Responding to user requests.
• Fulfilling legal or regulatory obligations.
• Handle any disputes or complaints.

Any new data processing, if unrelated to the stated purposes, shall be activated subject to new information to the data subject and possible request for consent, when required by Regulation (EU) 2016/679 (GDPR) and Legislative Decree No. 196 of June 30, 2003, as amended by Legislative Decree No. 101 of August 10, 2018. In any case, personal data will not be disclosed to third parties or disseminated without the prior consent of the data subject, except in the cases provided for in Article 6 of the GDPR, that is, within the limits allowed by current legislation.

5. Legal basis for processing

The processing of your personal data is based on:

1. User consent for the specified purposes.
2. The need to perform a contract or take pre-contractual measures at the request of the data subject.
3. The fulfillment of legal obligations to which we are subject.
4. The legitimate interest of the data controller, such as improving our services and security.

6. Recipients of personal data

Your personal information may be shared with:

• Service providers acting on behalf of the owner (e.g., hosting, IT maintenance, etc.).
• Competent authorities, if required by law.

In any case, your personal information will not be sold or given to third parties for commercial purposes without your
explicit consent.

7. Data retention

Personal data will be kept as long as strictly necessary to achieve the purposes for which it was collected, taking into account applicable legal or regulatory obligations.

8. User Rights

You have the right to:

• Access your personal information.
• Request rectification or deletion of data.
• Oppose the processing or request its restriction.
• Achieving data portability.
• Withdraw consent at any time, without affecting the lawfulness of the processing based on the consent before withdrawal.

To exercise your rights, you can contact the data controller.

 

9. Security measures

The Data Processor takes appropriate technical and organizational measures to ensure the security of personal data and prevent unauthorized access, loss or damage.

 

These security measures meet the security criteria stipulated in Art. 32 of the Regulation (EU) 2016/679 (GDPR) taking into account the nature of the data processed, the context, the purposes of the processing, as well as the risks associated with their management. The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification under Article 16 of the GDPR. Pursuant to Art. 17 et seq. of the same regulation, the data subject also has the right to request deletion of data, restriction of processing, portability, as well as to object, for reasons related to his or her particular situation, to the processing itself.

The Company also assumes no responsibility for: the rules and methods of handling personal data of other Web sites, which can be reached from our pages through links and cross-references; the contents of any e-mail services, Web spaces, chat forums provided to users.

Processing related to the web services offered by this site takes place at the Company, and possibly at the offices of the Data Processors, and is handled by data processors in charge of managing the services requested, marketing activities - where requested by the user - data storage activities and occasional maintenance operations.

 

10. Changes to the Privacy Policy

This Privacy Policy may be updated periodically. Users will be notified of any changes by notice on the website or other appropriate means.