PRIVACY POLICY
pursuant to Article 13 of EU Regulation 2016/679
Dear User,
With this document (hereinafter referred to as the “Notice”), we aim to reaffirm our commitment to ensuring that the processing of personal data collected through the website https://icarex.ventures (the “Site”), conducted by any means (both automated and manual), is carried out in full compliance with the protections and rights recognized by Regulation (EU) 2016/679 (hereinafter referred to as “GDPR” or “Regulation”) and other applicable regulations regarding personal data protection.
The term personal data refers to the definition contained in Article 4, paragraph 1) of the Regulation, which states, “any information concerning an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more specific elements of their physical, physiological, genetic, mental, economic, cultural, or social identity” (hereinafter referred to as “Personal Data”).
This Notice – drafted based on the principle of transparency and all the elements required by Article 13 of the Regulation – aims to provide you, in a simple and intuitive manner, with all the useful and necessary information so that you can provide your Personal Data consciously and knowingly and, at any time, exercise your rights as outlined in the GDPR.
DATA CONTROLLER
The company that will process your Personal Data for the primary purpose set forth in Section B of this Notice, and therefore will act as the data controller according to the definition contained in Article 4, paragraph 7) of the Regulation, is iCareX S.r.l., with registered office at Strada Statale del Sempione, 170, Pero – 20016 (MI) (the “Controller”).
DATA PROTECTION OFFICER
The Controller, to facilitate relations with data subjects, has appointed a Data Protection Officer (the “DPO”), identified as SAPG Legal Tech S.r.l. with registered office at Corso Europa n.7, 20122 – Milan (MI).
As provided by Article 38 of the GDPR, you can freely contact the DPO for any matters concerning the processing of your Personal Data and/or if you wish to exercise your rights as provided in this Notice, by sending a written communication to the email address: [email protected].
PURPOSE AND LEGAL BASIS OF PROCESSING
While navigating the Site, some of your Personal Data may be collected in the following ways:
- Browsing Data
The IT systems and software procedures employed to operate the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes, for example: IP addresses, browser types, operating systems, domain names, and the addresses of websites from which access or exit occurred, information on the pages visited by users within the Site, access times, duration on each page, internal path analysis, and other parameters related to the user’s operating system and IT environment.
These technical/informational data are collected and used exclusively in an aggregated and non-identifiable manner and may be utilized to establish responsibility in the case of hypothetical cybercrimes against the Site.
The processing will be legally based on the legitimate interest of the Controller in ensuring the best operation of their systems, optimizing and improving the browsing experience, preventing fraudulent activities, and enhancing the security of the Site (Article 6, paragraph 1, letter f) of the Regulation).
- Data Provided Voluntarily by the Visitor
This includes all Personal Data freely provided by the visitor on the Site, for example, to register and/or access a reserved area, download free resources, request information on a specific product or service through a form, subscribe to a newsletter, write to an email address, or call a phone number displayed on the Site for direct contact with the company (e.g., to request assistance or more information about a product/service from the Controller). This processing will be lawful under Article 6, paragraph 1, letter b) of the Regulation (execution of a contract or pre-contractual measures taken at the request of the data subject) as well as for compliance with any legal obligations.
To enable the Controller to carry out processing activities for these purposes, it is necessary to provide the Personal Data requested in the appropriate forms. If even one of the fields marked as mandatory is not filled in, it may not be possible to process your Personal Data and, consequently, provide you with the requested information and services.
Personal Data concerning your health and, in general, “special” categories of personal data as defined in Article 9 of the Regulation, are not processed.
- Data Provided to Access and Use the Workshop
This refers to the data provided by the User in order to access the Workshops offered by the Company through the Microsoft Teams Platform. The data collected by the Data Controller includes, specifically: User’s name, email address, phone number, and multimedia files associated with the User. It is specified that the data shared during the Workshop will also be made known to other Users participating in the Workshop due to the characteristics of the Platform used to deliver the Workshop. For any information related to data processing through the Microsoft Teams Platform, please refer to the dedicated site https://support.microsoft.com/it-it/office/informativa-per-l-utente-finale-su-microsoft-teams-gratuito-0ba59a3d-c74a-47ca-aac1-c5d71c3f0617.
This processing will be lawful under Article 5, paragraph 1, letter b) of the Regulation (execution of a contract or pre-contractual measures taken at the request of the data subject) as well as for compliance with any legal obligations. To enable the Controller to carry out processing activities for these purposes, it is necessary to provide the Personal Data requested in the appropriate forms. If even one of the fields marked as mandatory is not filled in, it may not be possible to process your Personal Data and, consequently, provide you with the requested information and services.
Personal Data concerning your health and, in general, “special” categories of personal data as defined in Article 9 of the Regulation, are not processed.
In addition to the purposes mentioned in the previous Section, your Personal Data may be processed for the following additional purposes.
- Direct Marketing: This term refers to the Controller’s intention to carry out promotional and/or marketing activities aimed at you and in your interest to provide a better service, promote products and services sold and/or provided by the Controller. Regarding this direct marketing purpose, it should be noted that, by virtue of Article 6, paragraph 1, letter f) of the Regulation and Article 130, paragraph 4 of the Privacy Code (so-called soft spam exception), the Controller may carry out such activities based on their legitimate interest, regardless of your explicit consent, as better outlined in Recital 47 of the Regulation, which states that “it is considered a legitimate interest of the controller to process personal data for direct marketing purposes.” This will be possible following the assessments made by the Controller regarding the potential and possible prevalence of your interests, rights, and fundamental freedoms that require the protection of Personal Data over their legitimate interest in sending direct marketing communications. Furthermore, you can lawfully oppose at any time (even partially) the receipt of promotional communications, without this adversely affecting processing for other purposes.
- Indirect Marketing – This term refers to the Controller’s intention to carry out promotional and/or marketing activities to promote products and/or services sold and/or provided by third parties, without disclosing your Personal Data to such third parties. The Controller may carry out this activity based solely on the consent you explicitly provided for this purpose (Article 6, paragraph 1, letter a) of the Regulation).
- Communication of Personal Data to Third Parties for Marketing Purposes – This term refers to the Controller’s intention to communicate your Personal Data to third parties with whom it has legal relationships so that they can carry out promotional, marketing, and commercial activities towards you. The Controller may carry out this activity based solely on the consent you explicitly provided for this purpose (Article 6, paragraph 1, letter a) of the Regulation).
- Profiling for Marketing Purposes – This term refers to the Controller’s intention to profile you (through the use of specific profiling cookies) to assess your tastes, preferences, and consumption habits in order to send you tailored communications and/or commercial offers. The…