Privacy Policy

In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide you with the necessary information regarding the processing of the personal data provided. The information is not to be considered valid for other websites that may be consulted via links on the websites in the domain of the Data Controller, who shall not to be deemed in any way responsible for the websites of third parties.

Processable personal data:
«personal data»: any information relating to an identified or identifiable natural person («Data Subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characteristic of their physical, physiological, genetic, psychological, economic, cultural or social identity; (C26, C27, C30).
Browsing data.
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
Data communicated by the Data Subject.
The optional, explicit and voluntary sending of messages to the contact addresses, as well as the compilation and forwarding of the forms on the Data Controller’s website, involves the acquisition of the sender’s contact data, necessary to respond, as well as all the data personal information included in communications.
Specific information.
Specific information will be present on the pages of the Website in relation to particular services or processing of the Data provided.
Cookies.
For more information on the cookies used by this website, refer to the cookie policy.

Legal basis, data retention period and nature of the provision

3. Purpose of the Processing

A. NAVIGATION ON THE WEBSITE

– Legal Basis: legitimate interest art. 6 lett. f) and recital 47: the processing of personal data is strictly necessary for the purposes of carrying out the legitimate interest of the Data Controller or third parties, provided that the interests or the fundamental rights and freedoms of the Data Subject are not overriding, taking into consideration the reasonable expectations of Data Subjects based on their relationship with the Data Controller. Activities strictly necessary for the functioning of the website and the provision of the navigation service on the platform.
– Data Retention Period: until the duration of the browsing session. For navigation, refer to cookie policy.
– Nature of the Provision: with the exception of what is specified for navigation data (which are necessary to allow navigation of the website), the user is free to provide personal data.

COMPILATION OF FORMS AND DATA COLLECTION FOR CONTACTS

– Legal Basis: based on the execution of pre-contractual measures adopted also at the request of the Data Subject.
– Data Retention Period: 1 year
– Nature of the Provision: providing data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide the data marked with the symbol* or wording (required) will make it impossible to obtain what is requested or to use the services of the Data Controller.

B. DIRECT MARKETING

If the Data Subject fills out dedicated forms for data collection, in specific areas with the purpose of: following consent and until his/her opposition, direct marketing activities of the Data Controller, market research, direct sales, surveys of the degree of satisfaction, sending of newsletters and promotional, commercial and advertising material or relating to events and initiatives, by the Data Controller via automated means of e-mail, fax, text messages or other types of messages, as well as through telephone calls via operator, including automated means and paper mail and other information material. In order to compare and possibly improve the results of communications, the Data Controller uses systems to send newsletters and promotional communications with reports. Thanks to the reports, the Data Controller will be able to know, for instance: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; details on the activity of individual users; the details of the emails sent, delivered and undelivered emails, and those forwarded. All this data is used for the purpose of comparing, and possibly improving, the results of communications.

– Legal Basis: Consent art. 6 par.1 lett. a) EU Reg.2016/679: the Data Subject has expressed consent to the processing of his/her personal data.
– Data Retention Period: Until his/her opposition (opt-out/withdrawal of consent).
– Nature of the Provision: Providing data for the aforementioned purpose is optional and in its absence, his/her data shall not be processed for the continuation of the aforementioned purpose, the refusal of consent shall not affect navigation on this website.

To whom the personal data collected shall be communicated

4. Processing

The personal data provided will be shared with subjects, who will process the data as Data Processors (art. 28 of the Reg. EU 2016/679) and/or as natural persons acting under the authority of the Data Controller and Data Processor (art. 29 of the Reg. EU 2016/679), for the purposes listed above.

Specifically, the data shall be shared with:
– entities that provide services for the management of the information system used by Cosmoproject S.p.A and the telecommunications networks; including email, newsletter and website management, communication and marketing management, assistance in using the platform, freelancers, studios or companies in the context of assistance and consultancy relationships;
– competent authorities for the fulfillment of legal obligations and/or provisions of public bodies, upon request.
The list of Data Processors is constantly updated and available by email to info@cosmooproject.it or at the operational headquarters of Cosmoproject S.p.A with headquarters in Casale di Mezzani (PR), Strada Mazzabue 5.

Third parties established in non-EEA countries

5. Data transfer

The personal data provided shall not be transferred to non-EEA Countries.
Personal data is stored on servers located within the European Union.
Within the purposes indicated in this information, the personal data collected may be disseminated/transferred to third parties established in Countries belonging to the European Union or in non-EU countries in accordance with the provisions of the regulation, based on Article 44 – General principle for transfers; Article 45 – Transfers on the basis of an adequacy decision; Article 46 – Transfers subject to appropriate safeguards, specifically the data will be transferred: – towards third Countries, international organizations for which the Commission has intervened with an adequacy assessment (art. 45 Reg. EU 2016/679)
– towards third Countries or international organizations that have provided adequate safeguards and on condition that enforceable Data Subject rights and effective legal remedies for Data Subjects are available (art. 46 Reg. EU 2016/679, also with contractual clauses and the other provisions referred to in Article 46, paragraph 3)
– towards third Countries or international organizations on the basis of binding corporate rules for companies belonging to the same business group (art. 47 Reg. EU 2016/679)
– towards third Countries international organizations on the basis of derogations for specific situations (art. 49 Reg. EU 2016/679).
The Data Subject may obtain information regarding the safeguards for the transfer by writing to info@cosmooproject.it

7. Rights of the Data Subject

You will be able to assert your rights as expressed in the articles. 15, 16, 17, 18, 19, 20, 21 of EU Regulation 2016/679, by contacting the Data Protection Officer pursuant to art.38 paragraph 4, by contacting the address info@cosmoproject.it

Data Subjects have the right, at any time, to ask the Data Controller for access to their personal data, its rectification, erasure, limitation of processing and portability of their data, if applicable. Furthermore, they have the right to object, at any time, to the processing of their data based on consent and/or legitimate interest.

To no longer receive automated direct marketing communications (e.g. e-mail, text messages), simply write an e-mail at any time to the address info@cosmoproject.it with the subject “unsubscribe from automated” or use our automated unsubscribe systems provided for emails only. To no longer receive traditional direct marketing communications (telephone calls with an operator and paper mail), simply write an e-mail at any time to the address info@cosmoproject.it with the subject “unsubscribe from traditional”.

Without prejudice to any other administrative and jurisdictional appeal, if you believe that the processing of data concerning you violates the provisions of the Reg. EU 2016/679, pursuant to art. 15 letter f) of the aforementioned Reg. EU 2016/679, you have the right to lodge a complaint with the Guarantor for the protection of personal data (Supervisory Authority www.garanteprivacy.it).

1. Data Controller

2. Data Protection Officer

3. Purpose of the Processing

4. Processing

5. Data transfer

6. Is there an automated process?

7. Rights of the Data Subject

8. Additional information