CSIL (VAT number 04825320155), with registered office in Milan, at 15 Corso Monforte, as Data Controller pursuant to art. 4, par. 1, no. 7 and art. 24 of EU Regulation 2016/679 (hereafter GDPR) regarding the protection of personal data, in compliance with the obligations contained in art. 13 GDPR, provides this Notice which details the scope and methods of treatment of your personal data.

Specifically:

• by personal data (pursuant to art. 4, par. 1, no. 1 GDPR) we mean ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’;
• by processing of personal data (pursuant to art. 4, par. 1, no. 2 GDPR) we mean ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction’.

1. Data Controller and contact details

The Data Controller pursuant to art. 24 of the GDPR, i.e. the one who determines the purpose and means of processing, is CSIL (VAT number: 04825320155), with registered office in Milan, at 15 Corso Monforte; e-mail address: csil@csilmilano.com

2. Data processed

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user's operating system and computer environment.

This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site, as well as the completion of the contact form or the transmission of data through other sections of the site, involves the subsequent acquisition of the sender's address, necessary to respond to the requests, as well as any other personal data entered by the user.

3. Purpose of the processing and legal basis

3.1 Your personal data will be used for the following purposes:

a) respond to your specific requests;
b) carry out fiscal, administrative and accounting obligations;
c) to fulfill the pre-contractual, contractual and fiscal obligations relating to the conclusion and/or execution of contracts of which you are a part, including through e-commerce;
d) protect credit.

3.2 The processing of your personal data is based on art. 6, par. 1 letters b) and c) of the GDPR.

 

4. Nature of the provision

For the purposes referred to in art. 3.1, letters a), b), c) and d) of this Notice the provision of data is necessary to respond to your requests and for the execution of the services provided by the Controller and any refusal determines the impossibility to provide them. To carry out the processing referred to in art. 3.1, letters a), b), c) and d) of this Notice it is not necessary to obtain the consent of the interested party.

5. Processing methods

The data processing takes place through paper, IT and electronic media, also with the aid of electronic means, by specially authorised internal subjects and/or through third parties, according to logic strictly connected to the purposes referred to in this letter. The data is stored in electronic archives and, on a residual basis, in paper form, in such a way as to guarantee the security and confidentiality of the data. The processing of personal data is carried out in compliance with the principles underlying the GDPR.

6. Data recipients

By Data recipients we mean, pursuant to art. 4, par. 1, no. 9 of the GDPR, ‘the natural or legal person, service or other body that receives communications of personal data, be they third parties or not. However, public authorities that may receive communications of personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as recipients; the processing of such data by said public authorities is in compliance with the applicable data protection laws according to the purposes of the processing’.

It should be noted that, in relation to the aforementioned purposes, personal data may be communicated to recipients in a relationship of collaboration with the Data Controller or for the fulfillment of legal obligations. These recipients are bound by the most absolute confidentiality with regard to any information they may acquire and we list the categories below by way of examples.

- Authorities, public administrations and supervisory and control bodies for their institutional purposes.
- Associated companies, subjects, consultants, consultancy companies and professional firms that collaborate with the Data Controller to achieve the purposes indicated above and to fulfil legal obligations.
- Subjects that provide services for the management of the owner's IT system
- Qualified professionals for the purpose of study and resolution of possible legal and contractual problems

- Banks or similar organisations.

 

7. Place of data processing

The data processing is carried out within a member State of the European Union (EU) or within a member State of the European Economic Area (EEA).

8. Dissemination and communication of data

Your personal data are not subject to disclosure or transfer.

The communication to third parties other than the Data Controller and the Data Supervisors - internal or external to the owner's organisational structure - identified and appointed in accordance with articles 24 and 28 of the GDPR, is provided where necessary.

In any case, the processing by third parties will be carried out in compliance with the principles of correctness, proportionality and necessity, as well as in compliance with the laws in force.

9. Retention of data

The data will be stored in compliance with the principle of proportionality and in any case for a period necessary for the accomplishment of the purposes referred to in art. 3.1. of this Notice.

10. Data security

The Data Controller adopts the appropriate technical and organisational measures for data protection in order to prevent the loss of the same, unlawful or incorrect use and unauthorised access.

11. Rights of the data subject

We inform you that, pursuant to art. 13, par. 2, let. b) of the GDPR, in relation to the processing of the personal data in question, in order to guarantee correct and transparent processing, the following rights may be exercised:

11.1. Right to information and access (pursuant to art. 15 GDPR): in order to obtain from the Data Controller information on the existence or otherwise of data processing concerning you and access to your personal data and information on the purposes of the processing, on the recipients or categories of recipients to whom the data is transmitted.

11.2. Right to rectification (pursuant to art. 16 GDPR), to cancellation (pursuant to art. 17 GDPR) and to limitation (pursuant to art. 18 GDPR): in order to request that the Data Controller rectify and delete your personal data and restrict processing of the same.

11.3. Right to portability (pursuant to art. 20 GDPR): in order to receive in a structured, commonly used and automatically readable format your personal data provided to the Data Controller and you have the right to transmit such data to another holder, provided that this operation is technically feasible.

11.4. Right to object (pursuant to art. 21 GDPR): in order to object to the processing of personal data.

To exercise any of the rights contained in art. 13, par. 2, lett. b) and e) of the GDPR, you may write to CSIL  (VAT number 04825320155), with registered office at Corso Monforte 15, 20122 Milan; or by electronic mail to: csil@csilmilano.com. You may also contact the Data Controller by telephone on the following number +39 02 79 66 30

12. Right to complain and to appeal

Pursuant to art. 13, par. 2, let. d) of the GDPR and art. 140 bis of Legislative Decree no. 196/2003, as modified by Legislative Decree no. 101/2018, it should also be noted that, if the processing of data is deemed to violate the European Regulation or the Code regarding the protection of personal data, a complaint may be lodged with the Privacy Guarantor, pursuant to art. 77 of the GDPR or, alternatively, appeal to the judicial authority.

13. Consent

Pursuant to articles 6 and 7 of the GDPR your consent to the processing of personal data is necessary, for the purpose referred to in art. 3 of this Notice.

You may withdraw your consent at any time without having to give a reason, by sending a withdrawal of consent form to the following e-mail address: csil@csilmilano.com

Withdrawal of consent does not affect the lawfulness of the processing carried out based on consent given before its withdrawal.