Dear Data Subject (user),

With this document, Web Leaders S.r.l. Unipersonale provides you with information on the characteristics and methods of processing your personal data, pursuant to and for the purposes of the provisions of the GDPR and the privacy code currently in force.

Any processing of your personal data will be carried out in accordance with the principles of lawfulness, fairness, and transparency.

IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller (hereinafter also referred to as the “Controller” and/or the “Company”) is Web Leaders S.r.l. Unipersonale, with registered office at Corso Stati Uniti 23/F, 35127 Padua (PD), VAT No. 05276180287, R.E.A. PD 456689, represented by its legal representative pro tempore:

e-mail: info@webleaders.it, PEC: pec@pec.webleaders.it.

DATA PROTECTION OFFICER (so-called DPO)

The Data Controller has appointed Attorney Barbara Fortunato, VAT No. 07323970728, as the Data Protection Officer (DPO). Her office is located in Bari, Via N. Tridente, 22 – 70125, and her contact details are as follows: e-mail: dpo@webleaders.it; PEC: fortunato.barbara@avvocatibari@legalmail.it; Tel: +39 080 8645958 – +39 3477023651.

TYPE OF DATA SUBJECT TO PROCESSING

The Data Controller will process your identifying and contact personal data (such as name, surname, e-mail address, and phone number) directly provided by you by filling out the data collection form available in the “Contact Us” and “Free Analysis” sections on the Controller’s website.

– DEFINIZIONE DI TRATTAMENTO

Pursuant to Article 4(2) of the GDPR, “Processing” means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

PURPOSE AND LEGAL BASIS OF DATA PROCESSING

The Data Controller collects and processes your personal data for the following purposes:

to respond to your request for information or a free analysis; the legal basis for this purpose is the legitimate interest of the Controller pursuant to Article 6, paragraph 1, letter f) of the GDPR, identified as the reasonable expectation of the user that their personal data will be processed by the Controller to respond to their contact request.

Processing will be carried out using electronic, IT, and manual tools.

Processing is performed by the Data Controller and by the Controller’s collaborators and/or employees as authorized persons, as well as by data processors specifically appointed in writing, within their respective roles and in accordance with the instructions provided by the Controller. Appropriate measures are implemented to ensure data security and guarantee confidentiality.

In compliance with the Regulation, the processing carried out by the Controller will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality.

Your data will always be processed with the utmost respect for the principle of confidentiality, even when managed by third parties expressly appointed by the Data Controller.

Your data is not subject to any automated decision-making process or profiling.

DATA RETENTION PERIOD – NATURE OF PROVISION

For the purposes described, the provision of your personal data is mandatory in order to formulate a response to your request. Any refusal to provide such data will make it impossible for the Data Controller to respond to your message and fulfill your request for information.

The retention period of your personal data will last for the time necessary to process your information request.

Once this period has elapsed or the request has been fulfilled, your data will be destroyed or anonymized. The Controller will delete the data irreversibly—through secure destruction or deletion methods—or retain it in an anonymous form that does not allow identification, even indirectly, in accordance with technical deletion and backup procedures.

A periodic review will be carried out to assess the relevance of the stored data in relation to the purposes for which it was collected.

This privacy notice will also be considered valid for any subsequent services (where similar or related) that you may enter into with the Controller.

RECIPIENTS OF PERSONAL DATA

The personal data you provide may be accessed by the Data Controller, as well as by individuals authorized and/or appointed as data processors.

The communication of the Data Subject’s personal data mainly takes place with third parties and/or recipients whose activities are necessary for carrying out tasks related to the execution of the contractual relationship established and to comply with certain legal obligations. The possible categories of recipients who may have access to your personal data during or after the execution of the contract are:

a) entities that process data in compliance with specific legal obligations (national and governmental bodies, etc.);

b) software and hardware support companies;

c) internal and/or external consultants who provide services that are functional, derived from, or connected to the purposes described above, identified in writing and instructed in detail regarding the processing of personal data, including providers of management software, cloud services, and similar tools.

d) companies or professionals engaged in the judicial or extrajudicial protection of the Controller’s rights;

e) generally, all public and private entities to whom communication is necessary for the proper and complete fulfillment of the purposes indicated above.

The updated list of Data Processors may be requested from the Data Controller at any time.

DISCLOSURE OF DATA

Unless specifically requested in writing by you, or by express order of a judicial authority/legal obligation, the personal data you provide will not be disclosed.

TRANSFER OF DATA ABROAD

The data collected will not be transferred to third countries or international organizations.

Some personal data of the data subjects may be shared with recipients located outside the European Economic Area. Should this occur and the transfer of the provided data to servers located in non-EU countries become necessary, the Data Controller ensures that such transfer and processing will take place in compliance with applicable laws — meaning that transfers will be carried out using appropriate safeguards such as adequacy decisions, standard contractual clauses approved by the European Commission, or other lawful mechanisms.

DATA SUBJECT RIGHTS

The regulations grant the Data Subject the ability to exercise specific rights listed in Articles 15 to 22 of the GDPR, including the right to obtain confirmation from the Controller as to whether or not personal data concerning them exists (i.e., access), to receive such data in an intelligible form, as well as to request its rectification or deletion, or to restrict its processing in whole or in part. The Data Subject also has the right to object, for legitimate reasons, to the processing, and/or to withdraw consent to processing at any time (subject to the consequences described), to request the portability of their data with regard to data processed based on specific consent, and to request that their data be updated.

The Data Subject has the right to be informed of the origin of the data, the purposes and methods of processing, the logic applied to the processing, the identification details of the Controller, and the entities to whom the data may be communicated.

The Data Subject also has the right to request the anonymization, restriction, or blocking of data processed in violation of the law. Furthermore, they may file a complaint regarding the unauthorized processing of their data with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) according to the procedures published on the Authority’s website (http://www.garanteprivacy.it/).

Requests concerning the exercise of the aforementioned rights may be addressed to the Data Controller at the contacts indicated above, without any formalities or, alternatively, by using the form provided by the Italian Data Protection Authority available at: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

It should be noted that the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) is headquartered in Rome, Piazza Monte Citorio No. 121;
Fax: (+39) 06.69677.3785
Telephone switchboard: (+39) 06.696771
E-mail: garante@gpdp.it
Certified e-mail (PEC): protocollo@pec.gpdp.it.

RIGHT TO LODGE A COMPLAINT

If you believe that the processing of your personal data has been carried out in violation of the provisions of the Regulation, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) — either by e-mail at garante@gpdp.it or by post to the Authority’s office located in Rome (Italy), Piazza Venezia 11, Scala B, CAP 00187 — as provided for in Article 77 of the Regulation. You may also seek judicial remedy as provided for in Article 79 of the Regulation.

CHANGES TO THIS PRIVACY NOTICE

This privacy notice may be subject to changes over time due to the entry into force of new regulations, updates and/or the provision of new services, or technological developments.

Last updated: 25/11/2024