Policy statement pursuant to Regulation (EU) 2016/679 (GDPR) on the protection of personal data

This policy statement sets out the management methods utilized by this website for processing the personal data of users who browse the site.
This statement is provided exclusively in relation to the processing of data through this website and not for other websites or sections/pages/spaces operated by third parties, which users may access through links found on this website.

Section 1 – Data controller

The Data controller is Digit’Ed S.p.A. (VAT Reg. 07490560633), a single-member company subject to the management and coordination of Digit’Ed Holding S.p.A., in the person of its legal representative pro tempore, and headquartered in Via San Vigilio No. 1, 20142 Milan, Italy, email address: privacy@digited.it.

Section 2 – Data protection office (DPO)

Digit’Ed has designated a Data protection officer (“DPO”), who can be contacted via the following channels:
Email address: dpo@digited.it;
Postal service: Digit’Ed – Data Protection Officer, Via San Vigilio No. 1, 20142 Milan, Italy.

Section 3 – Type of data processed, purpose, and legal basis for processing

Browsing data.
The hardware systems and software procedures enabling the operation of this website acquire, in the course of their normal functioning and solely for the time of your connection, personal data, whose transmission is implicit in the use of Internet communication protocols (“browsing data”).
Such information is not collected for the purposes of being associated with an identified data subject; however, its nature is such that it may permit the identification of users if processed and cross-referenced to data held by third parties.
This category of data includes IP addresses or the domain names of the computers used by users connecting to this website, the URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method used for submitting the request to the server, the size of the file sent in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters concerning the user’s operating system and computing environment.
Such data are processed solely for the purposes of handling user requests in accordance with Article 6 (1)(b) of the GDPR, and for creating anonymous statistical information on the use of the website and to monitor its correct functioning in accordance with Article 6(1)(f) of the GDPR.
We advise that the aforementioned data may be utilized to investigate liability in the event of computer crime committed against the website or other websites connected or linked to it.
Browsing data collected is stored on servers for a period of 13 months. Where storage term limits are interrupted and/or suspended such as to justify the extended storage of data, personal data may be stored for a longer term.

Data provided voluntarily by the user.
The voluntary submission of requests via the sending of emails to the contact addresses provided in this website and/or via the completion of forms (e.g., “Contact Us” and/or “Download the Brochure”) entails the processing of the sender’s general personal data (e.g., given and family names, email address, telephone No., company) and any other personal data included in the message. In this case, the personal data provided by users will be processed solely for the purposes of following through on the requests received, in accordance with Article 6(1)(b) of the GDPR.
Only where users have given their consent by flagging the relative consent box, users’ personal data may additionally be used by Digit’Ed to send advertising material, commercial messages, brochures, and offers in accordance with Article 6(1)(a) of the GDPR. Consent for such purposes is optional and any previous consent given may be withdrawn at any time by writing to the controller and/or the DPO at the addresses provided in sections 1 and 2 of this policy statement and/or by clicking on the “unsubscribe” link provided at the bottom of each email received. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Digit’Ed advises that any third-party data provided will be disclosed by the user in his or her capacity as independent Data controller, and thus guaranteeing the legitimacy of the disclosure of such data and holding harmless the Data controller against any complaint, demand and/or claim for damages put forward by the third parties whose personal data is processed in response to the user’s requests in breach of applicable law.

Cookies and tracking tools.
For more information on the cookies used by this website, please refer to our cookie policy, available at the following link.

Section 4 – Recipients of personal data

In addition to the Data controller and duly authorized persons belonging to its organization, in some cases users’ personal data may be accessed by certain types of external entities (e.g., IT service providers, consultants, professionals, multi-sectoral funds, and/or companies operating in that field) or by other companies belonging to Intesa Sanpaolo Group, in their capacity as data processors or independent data controllers. An updated list of said entities may be requested at any time from the Data controller or the DPO by writing to the contact addresses provided in sections 1 and 2 of this policy statement.

Section 5 – Transfer of personal data to third countries or to international organizations outside the European Union

Users’ personal data will be processed within the borders of the European Union and will not be disclosed. Where necessary, for reasons of a technical or operational nature, Digit’Ed reserves the right to transfer users’ personal data to recipients in countries outside the European Union for which “adequacy” decisions have been adopted by the European Union, or on the basis of adequate guarantees or the specific derogations provided by Regulation (EU) 2016/679 (GDPR).

Section 6 – Processing methods and storage period for data

In processing users’ personal data, the controller adopts appropriate security measures to prevent unauthorized access to the data or their disclosure, alteration, or unauthorized destruction.
Users’ personal data are processed manually and by means of computers and electronic tools in full accordance with the proportionality principle, on the basis of which the data and the various methods for processing them are pertinent to and do not exceed the purposes pursued.
Users’ personal data will be stored for a period no longer than the time necessary for fulfilling the purposes for which they are processed, unless a different storage period is required by law.

Section 7 – Rights of the Data subjects

Users may exercise at any time, in relation to the controller, the following rights contemplated by Articles 15, 16, 17, 18, 20, and 21, of the GDPR:
– the right of access, whereby the Data subject has the right to obtain from the Data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the data;
– the right to rectification, whereby the Data subject has the right to obtain from the Data controller the rectification and/or integration of inaccurate and/or incomplete personal data concerning him or her;
– the right to erasure, whereby the Data subject has the right, in the specific cases envisaged in Article 17 of the GDPR, to obtain from the Data controller the erasure of personal data concerning him or her;
– the right to restriction of processing, whereby the Data subject has the right, in the specific cases envisaged in Article 18 of the GDPR, to restrict the processing of personal data concerning him or her by the Data controller;
– the right to object, whereby the Data subject has the right to object to the processing of personal data concerning him or her under certain conditions;
– the right to data portability, whereby the Data subject has the right, in certain cases, to receive the personal data concerning him or her, which he or she has provided to a Data controller, in a structured, commonly used, and machine-readable format.

To exercise the rights set out in this section, users may send their requests at any time to the DPO at the email address dpo@digited.it.
Against the unlawful processing of their personal data, users additionally have the right to lodge a complaint with the competent data protection supervisory authority or seek effective judicial remedy.

Updated: 12 October 2022