Privacy Policy
The company Biunivoca di Barone Daniele (P. IVA 11879181003), with registered office in Montecompatri (RM) at Via Mario Intreccialagli, 54, as the data controller (hereinafter the \"Data Controller\") of the Biunivoca platform (hereinafter the \"Platform\"), informs the users of the Platform (hereinafter the \"Data Subjects\") pursuant to Article 13 of the European Regulation No. 2016/679, the General Data Protection Regulation (GDPR).
The Owner is aware of the importance of the processing of the personal data of the Interested Parties and, for this reason, takes care to indicate what data is processed and how it is processed. By proceeding to browse the Platform or by indicating their wish to use the services provided by the same, the Interested Party declares that they have read and accepted this information notice (hereinafter \"Information Notice\"), thereby giving their consent for the processing of their personal data by the Controller.
For any information, doubt or request relating to this Policy, the Data Controller makes the following e-mail address available to Data Subjects: info@biunivoca.com
What are the data subject's rights in relation to the processing of personal data?
The data subject has the following rights:
- the right to be informed that there is an ongoing data processing operation concerning him/her and, if so, to have access to the processed personal data;
- right to rectification of personal data;
- right to the deletion (right to be forgotten) of personal data concerning him/her;
- right to restriction of the processing of personal data concerning him/her;
- the right to data portability to receive, or have transmitted to another controller, personal data concerning him in a structured, commonly used and machine-readable format;
- right to object to the processing of personal data;
- right to withdraw previously given consent;
- the right to lodge a complaint with the competent authorities for violation of personal data processing.
How to exercise rights?
The interested party may exercise his or her rights by writing to the above-mentioned e-mail address.
The Data Controller does not intend to charge Data Subjects for exercising any of their rights, but in
order to do so, the Data Controller may require specific information to follow up on the Data Subject's
communications in relation to the rights.
The aforementioned communications are usually acknowledged within 30 days of receipt of the
communication itself, but in the event that this deadline cannot be met (e.g. due to an excessive load of
requests or complexity of the response), it will be the responsibility of the Data Controller to notify the
Data Subject and keep him or her updated on the development of the communication sent.
What personal data are processed?
The Data Controller processes personal data provided to it by both the Data Subject and third parties
in order to be able to follow up the Data Subject's contact requests received via the Platform
(hereinafter the \"Services\").
a)Data provided directly by the data subject
| Category of personal data | Data types |
|---|---|
| Identification and contact details | e-mail address, first name, surname, date of birth |
| Job position | Job Status |
| Multimedia material | Images, videos |
| Technical Data | IP address |
b) Data collected by third parties
| Third party source of personal data | Data types |
| Analytics providers | Behavioural data - Technical Data |
Aggregate data
The Controller may collect, use and share aggregate data, such as statistical or demographic data, for any
purpose.
Aggregated data may be derived from the Data Subject's personal data, but once aggregated does not
constitute personal data under the GDPR as it is not capable of directly or indirectly identifying the Data
Subject. However, if the Data Controller combines or connects the aggregated data with the Personal Data of
the Data Subject in a way that allows the Data Subject to be identified, directly or indirectly, the Data
Controller will process the resulting data in accordance with the provisions of the Policy.
Particular Data
The Data Controller does not process any category of special data relating to the Data Subject (special
data means data relating to ethnic or racial origin, religious or philosophical beliefs, sexual orientation,
political opinions, trade union membership, genetic, biometric and health data), just as it does not process
any data relating to criminal convictions and offences relating to the Data Subject.
Why are personal data processed?
The Data Controller processes personal data for the purposes indicated in the table below.
The GDPR requires that, for each purpose of processing personal data, the controller has a legal basis
for carrying out the processing.
The Controller may process the personal data of Data Subjects by means of their consent as the legal
basis for the processing. Consent can be revoked at any time, but the processing carried out until consent
is revoked cannot be affected.
Below is a summary table of the aims and a description of them:
| Purpose | Description | Conservation |
|---|---|---|
| Delivering Services | The Data Subject may, via the Platform, request to be contacted in order to receive information, appointments or quantification of the activities carried out by the Controller. | Data will be stored until the provision of individual Services is completed |
| Providing support to stakeholders | Resolve technical issues encountered by Interested Parties while browsing, their requests for assistance, improve the Services and the Platform, and provide support requested by Interested Parties. | Data will be retained until the data subject's request for support is processed |
| Newsletter | The Data Controller may send updates, not with commercial content, to inform the Data Subject of developments in its business such as agreements with business partners and participation in events. | Data will be stored for 24 months |
| Comply with legal, regulatory and business protection obligations of the owner | The Data Controller may process the data subject's personal data in order to comply with legislative and regulatory obligations, such as to comply with the orders of judicial and administrative authorities. The data controller may also process the data in order to protect its rights and interests, such as, for instance, in the case of judicial protection or due diligence in the case of evaluations of changes in corporate structure. | Personal data will be stored for the period of time determined by law, regulation and/or authority. |
What happens if the data subject does not provide the necessary personal data?
Should the data be necessary to provide the Services and to provide support to the Data Subjects, the
Controller will not be able to provide the Services and support the Data Subject in his/her requests. In
this case, the Controller may, alternatively, request the integration of the personal data or delete the
personal data of the Interested Party preventing the provision of the Services.
For purposes other than the provision of Services and providing support to Data Subjects, the provision
of data is optional and failure to provide personal data will not affect the aforementioned purposes of Processing.
To whom are personal data communicated and disseminated?
a) Communication
The personal data of the Data Subjects may be communicated to third parties other than the Data
Controller, as better indicated in the table below:
| Recipients | Purpose of the communication |
|---|---|
| Suppliers | The Owner's suppliers support the Owner in the provision of the Services with, but not limited to, Platform development, hosting, maintenance, backup, virtual infrastructure. |
| External consultants | In the event of legal obligations or obligations relating to a relationship with the Data Subject, the Data Controller may communicate personal data to external consultants, such as, for example, the accountant and lawyer. |
| Authorities and legal proceedings | The Data Controller may disclose the personal data of data subjects to state and/or administrative and/or judicial authorities if this is required by law, regulation or authority order or in order to defend its own rights and/or interests. |
b) Dissemination
The personal data of Data Subjects will not be disseminated.
Where do we store personal data?
The Data Controller stores personal data in paper files within the Data Controller's premises, as
well as in computer files located both within the European Union and outside if this is instrumental to the
pursuit of the purposes set out above. In the latter case, the Data Controller shall ensure that companies
not based within the European Union are treating personal data with the utmost confidentiality in compliance
with the European Commission's adequacy decisions, with any Privacy Shields or, if necessary, by
entering into agreements that guarantee an adequate level of protection.
How are personal data processed?
The Controller processes the personal data of the Data Subjects by taking appropriate security measures
to prevent unauthorised access, disclosure, modification and destruction.
The processing of data is carried out by means of computerised procedures, telematic means and, as a
residual measure, on paper by specially authorised internal persons as well as by external data processors
if appointed, and this also on the basis of existing contractual
agreements.
What is the policy on data processing of minors?
The Data Controller is aware of the sensitive nature of the data processing of minors. The Services
will not be provided to minors under the age of 14: in this sense, it will not be possible to request the
provision of the Services, if minors under the age of 14, without the prior consent of the minor's
parent/responsible/guardian.
The Controller encourages those exercising parental responsibility over minors under the age of 14 to
check that they do not request the provision of the Services and, in any case, to educate minors under the
age of 14 not to release their personal data via the Platform without their prior consent.
What happens if there are links to other websites?
The Data Controller informs Data Subjects that this Policy applies only to the Platform and, in the
event that there are links to other websites, the Data Subject should check the policies of those sites
before releasing his or her personal data.
The Data Controller takes no responsibility for personal data provided by Data Subjects on other websites.
Changes to the Policy
The Data Controller reserves the right to change this Policy at any time. In the event of changes, the
Data Controller will upload the new Policy on this page and, in this respect, if it does so, it will urge
the Data Subject to check the changes to the Policy: the Data Subject can see the history of the Policy by
checking the date affixed.
By continuing to use the Platform after the changes, the Data Subject accepts these changes and consents to the data
processing as amended.