Locationmilano.it (hereinafter “Location Milano”) protects the confidentiality of personal data and ensures the necessary protection against any event that could put such data at risk of breach. As required by European Union Regulation No. 2016/679 (“GDPR”), and in particular by Article 13 thereof, the information below is provided to the user (”Data Subject”) regarding the processing of their personal data.
Who We Are and What Data We Process (Art. 13, para. 1, subparagraph a; Art. 15, subparagraph b of the GDPR)
The processing of the data subject’s personal data is carried out by Location Milano (Location Milano), in the person of its current legal representative, of the company ASK4 Srl, with registered office at Via Lecco 22 – 20124 Milan, which, as the Data Controller—contactable at info@locationmilano.it—collects and/or receives information concerning the data subject, such as:
| Data category | Examples of Data Types |
|---|---|
| Personal Information | first name, last name, physical address, nationality, province and municipality of residence, landline and/or cell phone number, fax number, tax ID number/VAT number, email address(es) |
| Telematics Traffic Data | Log, source IP address. |
Location Milano does not require the data subject to provide so-called “special categories” of personal data—that is, as defined in Article 9 of the GDPR, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, and data concerning the individual’s health, sex life, or sexual orientation. In the event that the service requested from Location Milano requires the processing of such data (see Section IV below for specific details), the data subject will first receive a specific privacy notice and will be asked to provide explicit consent.
For any information or requests, the data subject may also contact the Data Controller at the following email address: info@locationmilano.it
For what purposes do we need the data subject’s data (Art. 13, Paragraph 1 of the GDPR)?
The Data Controller uses the data to process the request for registration in the registry and the contract for the provision of the selected Service, to manage and fulfill contact requests submitted by the data subject, to provide assistance, and to comply with the legal and regulatory obligations to which the Data Controller is subject in connection with its business activities. Under no circumstances does Location Milano sell the data subject’s personal data to third parties or use it for purposes other than those stated.
Specifically, the data subject’s personal data will be processed for the following purposes:
a) registration in the registry and requests for contact information and/or informational materials
The data subject’s personal data is processed to carry out the activities leading up to and following the request for registration in the civil registry, to manage requests for information and contact and/or to send informational materials, as well as to fulfill any other resulting obligations.
The legal basis for this processing is the fulfillment of services related to registration requests, information requests, and contact requests, and/or the sending of informational materials, as well as compliance with legal obligations.
b) the management of the contractual relationship
The processing of the data subject’s personal data is carried out to carry out the activities preceding and following the purchase of a Service, to manage the related order, to provide the Service itself, to handle related billing and payment processing, to address complaints and/or reports submitted to customer support and to provide such support, to prevent fraud, and to fulfill any other obligations arising from the contract.
The legal basis for this processing is the performance of services related to the contractual relationship and compliance with legal obligations.
c) promotional activities regarding Services/Products similar to those purchased and/or used by the data subject (Recital 47 of the GDPR)
The data controller may, even without the data subject’s explicit consent, use the contact information provided by the data subject for the purposes of direct sales of its Services and/or promotional communications regarding its Services, limited to cases where such Services are similar to those being sold and/or used, unless the data subject explicitly objects.
d) commercial promotion activities related to services other than those purchased by the data subject
The data subject’s personal data may also be processed, subject to consent, for commercial promotion purposes, as well as for market surveys and research regarding Services offered by the Data Controller that are different from those purchased by the data subject.
This processing may be carried out automatically in the following ways:
– email;
– text messages;
– phone call
and can be performed:
1. if the data subject has not withdrawn his or her consent to the use of the data;
2. if the processing is carried out through contact with a telephone operator, provided that the data subject has not registered with the opt-out registry referred to in Presidential Decree No. 178/2010;
The legal basis for such processing is the consent given by the data subject prior to the processing, which the data subject may freely revoke at any time (see Section III).
e) cybersecurity
The Data Controller, in accordance with Recital 49 of the GDPR, processes the data subject’s personal data relating to network traffic—including through its suppliers and/or customers (third parties and/or recipients)—to the extent strictly necessary and proportionate to ensure network and information security, that is, the ability of a network or information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of personal data stored or transmitted.
The Data Controller will promptly notify the data subjects if there is a particular risk of a breach involving their data, subject to the obligations set forth in Article 33 of the GDPR regarding notifications of personal data breaches.
The legal basis for such processing is compliance with legal obligations and the Data Controller’s legitimate interest in processing data for the purposes of protecting the company’s assets and ensuring the security of its facilities and systems.
f) profiling
The data subject’s personal data may also be processed for profiling purposes (such as analyzing the data transmitted and the Services selected, and offering advertisements and/or commercial proposals in line with the choices expressed by the users themselves) exclusively if the data subject has provided explicit and informed consent. The legal basis for such processing is the consent provided by the data subject prior to the processing itself, which the data subject may freely revoke at any time (see Section III).
(g) fraud prevention (Recital 47 and Article 22 of the GDPR)
(h) the protection of minors
The posting on the Website of minors’ personal data—and, in particular, their likeness—requires the person responsible for such posting to expressly and unreservedly declare the following:
Disclosure to Third Parties and Categories of Recipients (Article 13, Paragraph 1 of the GDPR)
The data subject’s personal data is disclosed to third parties whose activities are necessary for the performance of the contractual relationship and to comply with certain legal obligations; specifically:
| Target Audience Categories | Purpose |
|---|---|
| Administrative and Legal Service Providers | Administrative, accounting, and contractual obligations |
| Third-party suppliers and customers of Location Milano* | Provision of the requested services and benefits, support, maintenance, and provision of additional services related to the requested service |
| Credit and digital payment institutions, Banks and postal institutions | Management of collections, payments, and refunds related to the requested service |
| External Professionals/Consultants | Provision of requested services and benefits; compliance with legal obligations; exercise of rights; protection of contractual rights; debt collection |
| Tax Administration, Public Entities, Judicial Authorities, Supervisory and Regulatory Authorities | Provision of requested services and benefits; compliance with legal obligations; protection of rights; lists and records maintained by public authorities or similar entities in accordance with specific legislation, in connection with the contractual service |
| Persons who have been formally authorized or who have recognized legal standing | Legal representatives, trustees, guardians, etc. |
* The Data Controller requires all of the aforementioned parties and the Data Processors to comply with security measures equivalent to those adopted by the Data Controller for the processing of the data subject’s data; the scope of the Data Processor’s activities is, in any case, limited to processing operations related to the requested service.
The legal basis for this processing is the performance of services related to the established relationship, compliance with legal obligations, and Location Milano’s legitimate interest in carrying out the processing necessary for these purposes.
What happens if the data subject does not provide the personal data identified as necessary for the performance of the requested service? (Art. 13, paragraph 2, subparagraph e of the GDPR)
The collection and processing of personal data are necessary to fulfill the requested services and to provide the Service. If the data subject does not provide the personal data expressly indicated as necessary in the order form, registration form, or information request form, the Data Controller will not be able to carry out the processing operations related to the management of the requested services and/or the contract and the Services associated with it, nor fulfill the obligations arising therefrom; consequently, in essence, the Data Controller will not be able to execute the contract or provide and/or deliver the requested service.
What happens if the data subject does not consent to the processing of personal data for commercial promotional activities related to services other than those purchased and/or used?
If the data subject does not consent to the processing of personal data for these purposes, such processing will not be carried out for those purposes, without this affecting the provision of the requested services, nor for those purposes for which the data subject has already given consent, if requested.
If the data subject has given consent and subsequently revokes it or objects to the processing of their data for commercial promotional purposes, their data will no longer be processed for such purposes, without this resulting in any adverse consequences or effects for the data subject or for the services requested.
How We Process the Data Subject’s Data (Art. 32 of the GDPR)
The Data Controller implements appropriate security measures to safeguard the confidentiality, integrity, and availability of the data subject’s personal data and requires third-party service providers and Data Processors to implement similar security measures.
Where We Process the Data Subject's Data
The data subject's personal data is stored in computerized and electronic databases located in countries where the GDPR applies (EU countries)
How long is the data subject’s data retained? (Art. 13, paragraph 2, subparagraph a of the GDPR)
Unless the data subject explicitly expresses a desire to have them deleted, the data subject’s personal data will be retained for as long as necessary for the legitimate purposes for which they were collected.
Regardless of the data subject’s request for their deletion, personal data will in any case be retained in accordance with the terms set forth in applicable laws and/or national regulations, for the sole purpose of ensuring compliance with the specific requirements of certain Services.
Furthermore, personal data will in any case be retained to fulfill obligations (e.g., tax and accounting obligations) that remain in effect even after the termination of the contract (Art. 2220 of the Italian Civil Code); for these purposes, the Data Controller will retain only the data necessary to fulfill such obligations.
This is without prejudice to cases in which rights arising from the contract and/or registration in the civil registry must be asserted in court; in such cases, the data subject’s personal data—and only those necessary for such purposes—will be processed for the time strictly necessary to pursue those purposes.
What are the data subject’s rights? (Articles 15–20 of the GDPR)
The data subject has the right to obtain the following from the data controller:
a) confirmation as to whether or not personal data concerning him or her is being processed and, if so, access to the personal data and the following information:
1. the purposes of the processing;
2. the categories of personal data in question;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organizations;
4. whenever possible, the planned retention period for personal data or, if that is not possible, the criteria used to determine that period;
5. the data subject’s right to request that the data controller rectify or erase personal data concerning him or her, restrict the processing of such data, or object to its processing;
6. the right to file a complaint with a supervisory authority;
7. if the data are not collected directly from the data subject, all available information regarding their source;
8. the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic involved, as well as the significance and the anticipated consequences of such processing for the data subject.
9. the appropriate safeguards provided by the third country (outside the EU) or an international organization to protect any data that may be transferred.
b) the right to obtain a copy of the personal data being processed, provided that this right does not infringe upon the rights and freedoms of others; If the data subject requests additional copies, the data controller may charge a reasonable fee based on administrative costs.
(c) the right to obtain from the data controller the rectification of inaccurate personal data concerning the data subject without undue delay.
d) the right to obtain from the data controller the erasure of personal data concerning the data subject without undue delay, if the grounds set forth in Article 17 of the GDPR apply, including, for example, if the data is no longer necessary for the purposes of the processing or if the processing is deemed unlawful, provided that the conditions set forth by law are met; and in any case, if the processing is not justified by another equally legitimate reason;
e) the right to obtain from the data controller the restriction of processing, in the cases provided for in Article 18 of the GDPR, for example, if you have contested the accuracy of the data, for the period necessary for the data controller to verify its accuracy.
(f) the right to obtain from the controller information regarding the recipients to whom requests for any rectification, erasure, or restriction of processing have been transmitted, unless this proves impossible or involves a disproportionate effort.
g) the right to receive personal data concerning the data subject in a structured, commonly used, and machine-readable format, and the right to transmit such data to another data controller without hindrance from the data controller to whom the data subject provided the data, in the cases provided for in Article 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
For any further information, or to submit a request, please contact the Data Controller at info@locationmilano.it. In order to ensure that the rights mentioned above are exercised by the data subject and not by unauthorized third parties, the Data Controller may ask the data subject to provide any additional information necessary for this purpose.
How and when can the data subject object to the processing of their personal data? (Art. 21 GDPR)
For reasons related to the data subject’s particular situation, the data subject may object at any time to the processing of their personal data if such processing is based on a legitimate interest or is carried out for commercial promotion purposes, by sending a request to the Data Controller at info@locationmilano.it.
The data subject has the right to have his or her personal data erased unless the Data Controller has a legitimate reason that overrides the reason that gave rise to the request, and in any case if the data subject has objected to the processing for commercial promotion purposes.
To whom may the data subject file a complaint? (Art. 15 GDPR)
Without prejudice to any other administrative or judicial action, the data subject may file a complaint with the competent supervisory authority in Italy (the Italian Data Protection Authority) or with the authority that performs its duties and exercises its powers in the Member State where the GDPR violation occurred.
General Information, Disabling, and Managing Cookies
Cookies are pieces of data sent by a website and stored by the user’s web browser on their computer or other device (such as a tablet or cell phone). Technical cookies and third-party cookies may be set by our website or its subdomains. In any case, you can manage cookies—that is, request their general deactivation or deletion—by changing your web browser settings. However, deactivating cookies may slow down or prevent access to certain parts of the site. The settings for managing or disabling cookies may vary depending on the web browser used; therefore, for more information on how to perform these actions, we recommend that you consult your device’s manual or the “Help” function of your web browser. Below are links explaining how to manage or disable cookies for the most popular web browsers:
– Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
– Google Chrome: https://support.google.com/chrome/answer/95647
– Mozilla Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
– Opera: http://help.opera.com/Windows/10.00/it/cookies.html
– Safari: https://support.apple.com/kb/ph21411?locale=it_IT
Technical cookies
The use of technical cookies—that is, cookies necessary for transmitting communications over an electronic communications network, or cookies strictly necessary for the provider to deliver the service requested by the customer—enables the secure and efficient use of our website. Session cookies may be installed to allow you to access and remain in the portal’s restricted area as an authenticated user.
Technical cookies are essential for the proper functioning of our website and are used to allow users to navigate normally and to take advantage of the advanced services available on our website. The technical cookies we use are divided into session cookies, which are stored only for the duration of your browsing session until you close your browser, and persistent cookies, which are stored on your device until they expire or are deleted by you. Our website uses the following technical cookies:
• Technical navigation or session cookies, used to manage normal navigation and user authentication;
• Functional technical cookies, used to store the user’s personalization settings;
• Technical analytics cookies, used to understand how users interact with our website so that we can evaluate and improve its performance.
Third-party cookies
Third-party cookies may be installed: these include analytical and profiling cookies from Google Analytics, Google DoubleClick, Vimeo, YouTube, Yahoo, Bing, and Facebook. These cookies are sent by the websites of the aforementioned third parties, which are external to our site. Third-party analytics cookies are used to collect information about user behavior on the site. This data is collected anonymously to monitor performance and improve the site’s usability. Third-party profiling cookies are used to create user profiles in order to deliver advertisements tailored to the users’ expressed preferences. The use of these cookies is governed by the rules established by the third parties themselves; therefore, users are encouraged to review the privacy policies and instructions for managing or disabling cookies published on the following web pages:
For Google Analytics cookies:
– Privacy Policy: https://policies.google.com/privacy?hl=it
– Instructions for managing or disabling cookies: https://support.google.com/accounts/answer/61416?hl=it
For Facebook cookies:
– Privacy Policy: https://www.facebook.com/privacy/explanation
– Instructions for managing or disabling cookies: https://www.facebook.com/help/cookies/
Profiling cookies
Profiling cookies may be installed by the Data Controller(s) using so-called web analytics software; these cookies are used to generate detailed, real-time analytical reports containing information on: website visitors, referring search engines, keywords used, language used, the most visited pages.
They may collect information and data such as IP address, nationality, city, date and time, device, browser, operating system, screen resolution, referral source, pages visited and number of pages, duration of the visit, and number of visits.