IMQ Minded Security S.r.l., located at Via Marco Fabio Quintiliano 45 – 20138 – Milano (MI) Italy, VAT n. IT05756380480, as “Data Controller” of collected personal data according to The General Data Protection Regulation (GDPR) (EU) 2016/679. The Data Controller has appointed a Data Protection Officer, who may be contacted at the following email address: [email protected]
Following consultation of the website, personal data of data subjects or data relating to identified or identifiable natural persons may be processed, entailing for those who decide the purposes and methods of the processing (“Data Controller”), the necessity to comply with certain obligations, including informing the data subjects and acquiring their consent, when it represents the legal basis of the data processing.
This policy does not concern other websites or online services that can be reached via hypertext links published on this website but referring to resources outside the Data Controller’s domain.
CATEGORY OF DATA PROCESSED
The hardware and software systems used for this website acquire, during their standard operation, some personal data whose transmission is necessary for the use of Internet communication protocols.
They are not collected to be associated with identified data subjects, but through the processing and association of data held by third parties, they can identify the users.
Browsing data includes the IP addresses of the devices used, when the request was received, the URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the numerical code indicating the status of the response given by the server (successful, error, etc.), the size in bytes of the response, URI / URL address of the page of origin (referrer), browser recognition string (user agent).
This information is used for the sole purpose of obtaining anonymous statistical data on the usage of the website and to verify its correct functioning and the data are deleted immediately after the processing. These data could be used to ascertain responsibility in the event of hypothetical cyber-crimes on the website.
Data provided voluntarily by the user
Optional, explicit and voluntary sending of personal data via e-mail messages to the addresses indicated on this website by the user involves the necessary acquisition of the address provided by the sender, as well as any other personal data included in the message. These data will be processed by the Data Controller mainly by computerized means, in order to follow up on the user’s request. Specific policies will be reported or displayed on the different pages of the website for particular services or requests.
Cookies are small text files containing a certain amount of information exchanged between a website and the user’s device (usually the browser). They are mainly used to operate more efficiently on the websites, as well as for the purpose of providing information on its performance to the owner. There are both session and persistent cookies. Session cookies remain stored in the terminal for a short period of time and are deleted as soon as the user closes the browser. Their usage is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the website. Persistent cookies, on the other hand, remain stored in the user’s device until a set deadline. These cookies are not deleted when the browser is closed and store the choices made by the user on the website, collecting information about the opened webpages, the browsing frequency the user’s browsing path, in order to improve the experience on the website.
The website may also install additional session cookies, not stored permanently on the user’s device, which are deleted when the browser is closed. Their usage is strictly limited. “Persistent cookies” or cookies that store personal data are not used by the website.
Management of most cookies can be done through the browser settings. However, the total or partial disabling of session cookies may limit the features of the website. In any case, if the user does not wish to receive any type of cookies on the device, neither from this website nor from others, the user can raise the level of privacy protection by changing the security settings of the browser.
By browsing this website, you may receive cookies managed by other organizations (“third-parties”) required for the services offered by third-party websites, such as the embedding of videos uploaded to the YouTube platform. The Data Controller does not control the cookies or other monitoring technologies of these websites to which this Policy does not apply.
LEGAL BASIS OF THE PROCESSING ACTIVITIES
For the personal data freely provided by the user through the services offered on the website, the Data Controller is entitled to process the data as the processing is necessary to carry out pre-contractual measures requested by the user himself (Article 6, par. 1, lett. b) GDPR) or are legitimized as the user has given consent to a specific activity (Article 6, par. 1, lett. a) GDPR). Furthermore, the Data Controller may process the user’s data if required by a legal obligation, such as the request for information on online activities by law enforcement authorities (Article 6, par. 1, lett. c) GDPR).
The purposes of the Data Controller for the use of the website are:
- promotion of the services offered by IMQ Minded Security through publications, videos and brochures;
- receive curriculum vitae of persons who apply spontaneously or answer to job positions posted on the website;
- subscription to the newsletter of IMQ Minded Security;
- receive and answer to requests for information;
- provide information, news and tutorials through the blog of IMQ Minded Security.
OPTIONAL PROVISION OF PERSONAL DATA
Not conserving the browsing data as explained above, elsewhere the user has the freedom to provide their personal data. However, by not providing the necessary personal data it may be impossible to answer to what it was requested by the data subject.
It is not mandatory to acquire the user’s consent for technical and third-party or analytical cookies similar to technical cookies. Their deactivation and/or rejection will not assure a proper browsing experience or the performance of services, webpages, features or content available. For all other categories of cookies (marketing or profiling) the Data Controller will ask for the data subject’s consent.
METHODS OF THE PROCESSING ACTIVITIES
Specific security measures are applied to prevent data loss, illicit or incorrect usage and unauthorized access. The Data Controller has adopted appropriate security measures required by the law, drawing inspiration from international standards, also adopting additional security measures to minimize the risks relating to the confidentiality, availability and integrity of the personal data collected and processed.
Personal data are processed with automated tools for the period of time strictly necessary to achieve the purposes for which they were collected. Collection of data for statistical analysis purposes (surveys on the quality level of service provision and customer satisfaction) is anonymized. In any case, the processing activities comply with the principle of data minimization and storage limitation and the data will be processed for the period of time strictly necessary.
SHARING, COMMUNICATION AND DISCLOSURE OF PERSONAL DATA
Personal data collected through the website will not be disclosed. The data collected may be transferred, for activities strictly connected to the service required, to persons qualified as “Data Processors” pursuant to Article 4, par. 8 GDPR and Article 28 GDPR (e.g., hardware and software assistance companies, companies with technical and organizational tasks on the website) and by persons authorized to the processing pursuant to Article 29 GDPR, operating under the direct authority of the Data Controller (e.g., employees and contractors).
The data provided by users who submit requests for information and/or brochures are used only to answer the request or to provide what requested and are disclosed to third parties only if this is necessary for this purpose.
Outside of these cases, personal data will not be disclosed except for contractual or legal provisions, or unless specific consent has been acquired from the data subjects.
In this regard, personal data could be transmitted to third parties, but only and exclusively if:
- there is explicit consent to share data with third parties;
- it is necessary to share information with third parties in order to provide the requested service;
- it is necessary to comply with requests from the judicial or law enforcement authorities.
TRANSFER OF PERSONAL DATA TO COUNTRIES NOT BELONGING TO THE EU (THIRD COUNTRIES)
The Data Controller uses cloud services offered by some suppliers, qualified as Data Processors who operate in Europe or countries for which there are adequacy decisions by the European Commission and/or the Supervisory Authority.
With regard to the export of personal data to third countries, before any transfer and taking in account the circumstances, it will be evaluated on a case-by-case basis that the level of data protection and related security measures are adequate and effective.
In the absence of an adequacy decision or suitable safeguards pursuant to Article 46 GDPR or binding corporate rules pursuant to Article 48 GDPR, the transfer will take place only with the explicit, specific and informed consent of the data subject pursuant to Article 49 GDPR, considering the possible risks deriving from the transfer of personal data (lack of adequate protection or adequate safeguards aimed at protecting data).
RIGHTS OF THE DATA SUBJECTS
The GDPR expressly provides for certain rights of the persons to whom the data refer (so-called “data subjects”). Pursuant to Articles 15-22 GDPR, each data subject has:
- right to access their information, asking for full details of the personal information hold by the Data Controller;
- right to data portability, asking for and downloading personal information hold by the Data Controller, so the data subject can move, copy or keep it for themselves;
- right to be informed, asking for their personal information hold by the Data Controller and having the details of their usage (e.g., what they are used for, how long they are kept, with whom they are shared with);
- right to rectification, providing the correct information to the personal data deemed wrong and hold by the Data Controller;
- right to restrict the processing activities, asking to use or store their information only for certain purposes;
- right to object, asking to stop using their personal information;
- right to erasure, also known as the “right to be forgotten”, asking to delete their personal information to be deleted.
The data subject also has the right to lodge a complaint with a Supervisory Authority if they believe their rights described herein have not been recognized.
QUESTIONS, COMPLAINTS AND EXERCISE OF RIGHTS
In order to exercise the aforementioned rights please write an e-mail to the Data Controller: IMQ Minded Security S.r.l., located at Via Marco Fabio Quintiliano 45 – 20138 – Milano (MI) Italy, VAT n. IT05756380480, e-mail: [email protected]. The Data Controller has appointed a Data Protection Officer, who may be contacted at the following email address: [email protected]