Privacy and cookie policy

Notice under art. 13 of Regulation (EC) 2016/679 of the European Parliament and of the Council

Hereby formal notice is given that, under art. 13 Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereafter, the “European Regulation”), processing of certain personal data which are automatically collected or supplied through the browsing or use of the www.scaleupitaly.com website (hereafter, “Website”) is required.

This privacy notice, thus, concerns the Website only and not any other site, pages or on-line services which may be reached through any hypertext links displayed therein.

1. Data Controller

Data Controller is Ilaria Cavalleri, ilaria@scaleupitaly.com (hereafter, “Data Controller”).

2. Definition and type of processed personal data

In order to allow the use of the Website and of its services, the Data Controller requires to know and to process certain personal data of yours that will be collected by filling in and submitting the forms on the Website. Namely, when you browse, Data Controller processes the following personal data: email address, name, surname.

As regards, on the other hand, the mere browsing of the Website, the types of processed data and the relevant specific information for the “cookies” are specified below.

Browsing data

During their ordinary operation of the Website, certain personal data are acquired, the transmission thereof is implied by the use of the Internet communication protocols.

This category of data includes the IP addresses or the domain names of the computers employed by the users who connect to the Website, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method employed to forward the request to the server, the dimension of the reply file receive, the numerical code showing the status of the reply returned by the server (completed, error, etc.) and other parameters related to the operative system and the IT environment of the user.

These data, which are required for the use of the Website, are processed for the sole purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors by hour or day, geographical area of origin, etc.) and to check the correct operation of the offered services.

The browsing data shall not be retained for more than seven days and are deleted immediately after their aggregation, unless any Court has any investigation requirement.

Cookie policy

The Website uses the following types of cookies.

– Technical cookies

Technical (session or persistent cookies) are used, i.e. small text files containing a certain quantity of information exchanged between the Website and the terminal (or, better still, with the employed browser), which allow the correct operation and use thereof or a better Website experience. Cookies are also used to show/hide the newsletter subscription banner.

– Analytical Cookies

Certain analytical cookies, which are prepared and delivered by a third party, i.e. Google Analytics, are employed. This occurs for the purposes of a mere internal access statistics, in order to improve the Website and simplify its use, as well as to monitor its correct operation. In any case, the Data Controller adopted the most appropriate tools for reducing as much as possible the identification potential of this kind of cookies.

– Profiling cookies

No cookies for profiling of users or other tracking methods are currently used.

– Third Party Cookies

Also certain third parties may install cookies on your device. We do not have any control on the use of third-party cookies and, therefore, we have no responsibility for their use. Third parties hold their own privacy notices and the data collection procedures.

– Options regarding the use of cookies through the browser settings

The provision of any cookie can be in any case disabled by working on the settings of your browser. Please note, however, that working on these settings may make the Website impossible to use in the case where the cookies which are required for the provision of our services are blocked. In any way, each browser has different settings for disabling cookies. The links to the instructions for the most common browsers are here: Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera.

3. Personal data retention period

The Data Controller intends to store the personal data during a time frame that does not exceeds the time frame required for achieving the purposes for which the data were collected and processed.

In consideration of the fact that it is not possible to accurately establish the retention period of your personal data, the Data Controller hereby undertakes to inform the processing of your personal data to the adequacy, relevance and data minimization principles, as required under the European Regulation, by checking the need of their retention on a yearly basis. Therefore, once the purposes for which the data were collected and processed, we will remove them from our systems and records and/or we will adopt the appropriate measures for making them anonymous, so that you will not be identified.

All the above excepting the case where we will need to retain said data for meeting any statutory requirement, or assessing, exercising or defending any of our right before the Court.

4. Categories of recipients of the data

Any processed personal data shall not be disclosed to any third party. The following may become aware of your personal data for the processing purposes described above:

  • the recipients who may access to the data under a statutory provision established by the legislation of the European Union or of the member state to which the Data Controller is subject;
  • the recipients who carry out, within the borders of the European Union, in full autonomy, as distinct Data Controllers, or as Data Processors specifically appointed by Data Controller, or bank operators, internet providers, couriers and shippers, companies providing marketing services, companies which offer IT infrastructures and IT support and advisory services and also design and production of software and Internet sites, law firms, companies which offer any services seeking to customize and optimize our services, companies which offer data analysis and development services (including those regarding the interactions of the users with our services) service centres, companies or advisers appointed for providing further services to the Data Controller within the limits of the purposes for which the data were collected;

Any disclosure of your personal data will be performed in full compliance with the statutory provisions of the European Regulation and of the technical and organizational measures established by the Data Controller seeking to guarantee an appropriate safety level.

5. Transfer of personal data to third party countries

The processing of personal data is carried out entirely in Italy and in countries within the European Union.

If the case Data Controller transfers the personal data towards third party countries, we undertake to:

  • assess that the country to which your personal data is transferred ensures an adequate level of protection, as established under article 45 of the European Regulation; or
  • use the standard data protection clauses approved by the European Commission for the transfer of personal data outside the EEA (as approved under article 46.2 of the European Regulation); or
  • assess, in the case where we transfer your personal data to the United States, that the third party is a member of the Privacy Shield.

Further information on the rules for the transfers of the data to third parties are available by clicking here.

6. Possible use of automated decision-making processes

Data Provider does not use automated decision-making processes without your consent, this including the profiling referred to in article 22, paragraphs 1 and 4 of the European Regulation. If you consent to the profiling, the data you provide may be used to analyse or predict your preferences, for the purposes of customizing the content of marketing communications and offer only dedicated information tailored on your preferences.

Following such analysis, which could also be carried out in an automated form, the data subject may be classified into one or more groups with different characteristics and receive Website’s personalized communications that Data Controller believes are tailored on preferences of the same.

7. Rights of the data subject

As regards the processing of his/her personal data, pursuant to the European Regulation, the data subject is entitled to:

  • withdraw his/her consent to the processing at any time. We must highlight, however, that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, as established under art. 7, paragraph 3 of the European Regulation;
  • obtain from the Data Controller access to his/her personal data under art. 15 of the European Regulation;
  • obtain that the Data Controller rectifies and integrates the personal data deemed inaccurate, including by means of providing a supplementary statement, under art. 16 of the European Regulation;
  • obtain from the controller the erasure of personal data concerning him or her where one of the grounds under art. 17 of the European Regulation applies;
  • obtain from the controller the restriction of the processing of the personal data concerning him or her where one of the grounds under art. 18 of the European Regulation applies;
  • receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format;
  • request the Data Controller to transmit personal data to another controller without hindrance under art. 20 of European Regulation;
  • object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including the profiling, based on those provisions, pursuant to art. 21 of the European Regulation;
  • not be subjected to decisions based solely on automated data processing, including profiling, which could cause legal effects concerning the data subject, in case the same has not previously and explicitly provided consent, as set forth by art. 22 of the European Regulation; moreover, in relation to the automated processing, the data subject has the right to obtain human intervention from Data Controller, as well as to express an opinion or contest the decision, as provided for by art. 22.3 of the European Regulation;
  • lodge a complaint with a supervisory authority (art. 77) or right to an effective judicial remedy (79), if he or she believes that the processing breaches the European Regulation. The complaint may be lodged in the Member State where he or she has his or her habitual residence, works or where the alleged violation occurred.

In order to exercise each right thereof, you may contact the Data Controller, by sending a notice to ilaria@scaleupitaly.com by providing the following personal data:

  • Name, surname and postal address;
  • Details of the request;
  • Photocopy of a valid ID document.