Data Protection Policy

This privacy policy is intended to provide all information on the processing of personal data carried out by Adasta Media S.r.l. when the user browses the website (as better indicated below).

1. INTRODUCTION – WHO ARE WE? 

Adasta Media S.r.l. with registered office in Viale Premuda, 46, 20129 Milan, Italy, Tax Code/VAT no. 10128870960 and registration number in the Milan Register of Companies, 10128870960 (hereinafter, “Data Controller”), owner of https://www.adasta.it (hereinafter, the “Site”), as Data Controller of the personal data of users browsing the Site (hereinafter, “Users”) provides below the privacy policy pursuant to Art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulation”, or “Applicable Regulations”).

2. HOW CAN YOU CONTACT US?

The Data Controller takes the utmost care to protect its Users’ right to privacy and personal data. 

Users   can contact the Data Controller at any time, using the following methods:

  • By sending a registered letter with return receipt to the registered office of the Data Controller in Viale Premuda, 46, 20129 Milan, Italy;
  • By sending an email to: info@adasta.it

Users can also contact the Data Protection Officer (DPO) at the following email address: dpo@adasta.it.

3. WHAT DO WE DO? – PURPOSE OF THE PROCESSING

By browsing the Site, the User can discover and learn more about the activities carried out by the Controller (hereinafter, the ‘Service’). In relation to the activities that can be carried out through the Site, the Data Controller collects personal data relating to Users. 

This Site and any services offered through the Site are reserved for individuals who are eighteen years or over. The Data Controller does not collect personal data relating to minors. At the request of Users, the Data Controller will promptly delete all personal data involuntarily collected and related to subjects under 18 years.   

Users’ personal data will be processed lawfully by the Data Controller for the following processing purposes: 

  1. provision of the Service, or to allow the User to browse the Site. The User’s data collected by the Data Controller for this purpose includes all personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and softwareprocedures used to operate the Site acquire during their normal operation: the IP addresses or domain names of the computers used by the Users, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server(successful, error, etc.) and other parameters relating to the operating system and the User’s IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to allow it to function properly. Without prejudice to the other provisions contained within this Privacy Policy, the Data Controller will not make Users’ personal data accessible to other Users and/or third parties under any circumstances;
  2. legal obligations, or to comply with obligations provided for by law, by an authority, by a regulation or by legislation and to ascertain responsibility in the event of hypothetical computer crimes against the Site.

The provision of personal data for the purposes of processing indicated above is optional but necessary, since failure to provide the same will make it impossible for the User to access the Site and use the Service. 

4 . LEGAL BASIS

Provision of the service (as described in par. 3, let. a)): the legal basis consists of Art. 6 paragraph 1 let. b) of the Regulation, or the processing is necessary for the execution of a contract to which the User is a party or for the execution of pre-contractual measures adopted at the request of the same. 

Legal obligations (as described in the previous par. 3, let. b)): the legal basis consists of Art. 6, paragraph 1, let. c) of the Regulation, as the processing is necessary to fulfil a legal obligation to which the Data Controller is subject.

5. PROCESSING METHODS AND DATA RETENTION PERIODS

Users’ personal data will be processed using manual and IT tools, as strictly necessary to achieve the purpose for which they are processed, and in any event, to ensure confidentiality of the data. 

Users’ personal data will be stored for the time strictly necessary to carry out the primary purposes (as described in paragraph 3 above), or in any case as necessary for the protection of the interests of the Data Controller and Users in civil law. 

6. SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA

The User’s personal data may be transferred outside the European Union and, in this case, the Data Controller will ensure that the transfer takes place in accordance with the Applicable Regulations and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation. 

The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Website. These subjects, who are instructed by the Data Controller in accordance with Article 29 of the Regulations, will process the User’s data exclusively for the purposes indicated in this Policy and in compliance with the provisions of the Applicable Regulations. 

Users’ personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller as Data Processors pursuant to Art. 28 of the Regulation, such as, by way of example, IT and logistics service providers functional to the operation of the Data Controller’s Site, outsourcedor cloud computing service providers, professionals and consultants. 

The User has the right to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller in the manner indicated in paragraph 7 below. 

7. RIGHTS OF THE DATA SUBJECT

The User may exercise the rights guaranteed by the Applicable Regulations at any time, by contacting the Data Controller in the following ways:

  • By sending a registered letter with return receipt to the registered office of the Data Controller in Viale Premuda, 46, 20129 Milan, Italy
  • By sending an email to: info@adasta.it

Users can also contact the Data Protection Officer (DPO) at the following email address: dpo@adasta.it.

Under Applicable Law, Users have:

  1. the right to withdraw consent at any time, if the processing is based on their consent;
  2. the right to access personal data;
  3. (where applicable) the right to data portability (right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restrict the processing of personal data, the right to rectification and the right to erasure (“right to be forgotten”);
  4. the right to object:
    1. in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of collection;
    2. in whole or in part, to the processing of their personal data for the purpose of sending advertising and direct marketing materials, or for carrying out market research or business communications;
  5. whereby it is believed that processing of the data is in breach of the Regulations, the right file a complaint with the Supervisory Authority (in the Member State in which the Data Subject normally resides, in which they work or in which the alleged violation has occurred). Supervisory Authority is the Guarantor for the protection of personal data, based in Piazza Venezia, n. 11, 00186 – Rome (RM) (http://www.garanteprivacy.it/).

The Data Controller is not responsible for updating all the links displayed in this policy; therefore, whenever a link is not functional and/or updated, the User acknowledges and accepts that it must always refer to the document and/or section of the websites referred to by this link