Art. 1 Controller and Data Protection Officer
I. Name and address of the Controller
The Controller, within the meaning of the General Data Protection Regulation (GDPR), as well as other data privacy provisions, is:
Piazza Principe Umberto I, 16
80053 Castellammare di Stabia (Naples)
T +39 081 18896303
Giovanni Mannara – CEO & Sole Administrator
Art. 2 General remarks on data processing
I. Scope of the processing of personal data
We essentially only gather and use personal data of yours in so far as it is necessary to provide the website, as well as provide our services.
II. Legal basis for the processing of personal data
You will find out under the specific data processing procedures on what legal basis the processing is being undertaken.
III. Deletion of data and duration of storage
Your personal data is deleted or blocked by us once the purpose of the storage lapses. It may, however, be stored beyond the time limit for the purpose at hand if this has been stipulated by national or international legislation, to which we are subject. The data is, in such a case, blocked or deleted if a storage period prescribed by the said regulations expires, unless there is any necessity to store the data further in order to conclude or fulfill a contract.
Art. 3 Gathering of data when visiting our website
(1) When using the website merely to obtain information, i.e. if you do not register or transmit information to us in any other way, we shall only gather the data that your browser transmits to our server. If you look at the website, we thereafter gather the following data, which are technically required in order to display our website to you and ensure its stability and security:
- IP address
- Date and time of the request
- Time zone difference in relation to Greenwich Mean Time (GMT)
- The content of the request (specific page)
- The access status/http status code
- The respective volume of data transmitted
- The website from which the request comes
- The browser
- The operating system and its user interface
- The language and version of the browser software.
(2) The legal basis for the gathering of such data is Art. 6(1)(1)(f) GDPR.
(3) In order to operate the website, it is absolutely necessary to gather the data to provide the website and store the data in log files. Consequently, you do not have the opportunity to object.
Art. 4 Cookies
(1) In addition to the data mentioned above, when you use our website cookies are stored on your computer. Cookies are small text files that are stored on your hard drive, assigned to the browser used by you, and by means of which the organization that places the cookie (in this case, us) receives certain information. Cookies are not able to execute any programs or transmit viruses to your computer. They serve the purpose of making our website more user-friendly and effective.
(2) This website uses session cookies: Session cookies are automatically deleted when you close the browser. These save a so-called session ID, with which various requests of your browser can be allocated to the joint session. In this way your browser can be recognized if you return to our website. The session cookies are deleted once you log out or close the browser.
(3) You can configure your browser setting in line with your wishes, and, for example, refuse to accept third party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
(4) The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR.
Art. 5 The use of Google Analytics
(1) This web site uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies” (text files stored on your computer), allowing for an analysis of the way you use the site. The information generated by the cookie on your use of this website is usually transferred to a server of Google in the USA and saved there. If you activate IP anonymization on this website, your IP address is however first truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a server of Google in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, in order to compile reports on the website activities, and in order to provide the website operator with further services associated with the use of the website and Internet.
(2) The IP address transmitted by your browser within the context of Google Analytics is not merged with other data of Google.
(3) You may prevent cookies being stored by setting your browser software accordingly; however, we would like to point out to you that, in this case, you may not necessarily be able to use all functions of this website in their entirety. You can, moreover, prevent the data generated by the cookie which relates to your use of the website (incl. your IP address) from being recorded by Google, as well as the processing of such data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?h|=de.
(4) This website uses Google Analytics but a reference to any person can be excluded. Should the data gathered about you be attributed a personal reference, this will thus be excluded immediately, and the personal data immediately deleted in this way.
(5) We use Google Analytics to be able to analyze the use of our website and regularly improve it. For those exceptional cases, where personal data is transmitted to the USA, Google has submitted to the EU/US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1)(1)(f) GDPR.
(6) Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms and conditions of use: https://www.google.com/analytics/terms/de.html,
overview on data privacy: https://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data privacy statement: https://www.google.de/intl/de/policies/privacy.
Art. 6 Use of plugin
Our website does not use any plugins of social networks. We only link to our profiles on the networks: LinkedIn and Twitter. To that extent, we do not gather any personal data. If you wish to be sure that no data is stored with these providers in regard to the visit to our website, we recommended logging out of them.
Art. 7 Use of YouTube
(1) Our website uses plugins of the site YouTube, operated by Google. They find embedded videos that are hosted via YouTube. The operator of the pages is Youtube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is produced. In the process, the YouTube server is notified which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to allocate your surfing patterns directly to your personal profile. You can prevent this by logging out of your YouTube account. You will find further information on how user data is handled in YouTube’s data privacy statement at https://www.google.de/intl/de/policies/privacy. We use YouTube to optimize our economic services.
(2) The legal basis for using it is Art. 6(1)(1)(f) GDPR.
Art. 8 Email contact
(1) If you contact us by email, the data notified by you (your email address, possibly your name and your telephone number) is saved by us to answer your inquiry. We delete this data once the purpose of storing it lapses.
It may, moreover, be stored beyond that time if this has been stipulated by the European or national legislative authority in EU ordinances, laws or other regulations to which the Controller is subject. The data is also blocked or deleted if a storage period prescribed by the regulations mentioned expires.
(2) When user consent exists, the legal basis for the processing of the data is Art. 6(1)(a) GDPR. Otherwise, the legal basis for the processing of the data that is transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the aim of the email contact is to conclude a contract, then the additional legal basis for the processing is Art. 6(1)(b) GDPR.
Art. 9 Rights of the data subject
If your personal data is processed by us, you have the following rights:
(1) Your right to information
You may request from us confirmation whether any personal data concerning you is processed by us. Should this be the case, you can request the following information from us:
- The purposes for which the personal data is processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients vis-à-vis whom you have disclosed or intend to disclose the personal data concerned;
- the scheduled duration of storage of the personal data concerning you, or, if specific details concerning the latter are not available, criteria for laying down the period of storage;
- the existence of a right to correction or deletion of the personal data affecting you, a right to limitation of the processing by the controller or a right to object to such processing;
- the right to file a complaint with a supervisory authority;
- if the data was not gathered from the data subject, any information available on the origin of the data;
- the existence of automated decision making, including profiling, in accordance with Art. 22(1) and (4) GDPR and – at least in such cases – meaningful information on the logic involved, as well as the scope and intended effects of such processing on behalf of the data subject.
- the transmission of personal data to a country outside the EU or an international organization, as well as the briefing on the appropriate warranties pursuant to Art. 46 GDPR in connection with the transmission.
(2) The right to correction
You have a right to correction and/or completion in regard to the data which is incorrect or incomplete.
(3) The right to restriction of processing
You may, on the following prerequisites, request that the processing of the personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you, for a period of time that enables the controller to check the accuracy of the personal data;
- if the processing is illegitimate and you decline to have the personal data deleted, and, instead, request that the use of the personal data be limited;
- if we no longer need the personal data for the purposes of the processing, however you need it in order to assert, exercise or defend legal claims; or
- if you have filed an objection against the processing pursuant to Art. 21(1) GDPR and it has not yet been established whether the controller’s legitimate grounds outweigh your grounds.
Should the processing of the personal data concerning you have been restricted, such data may – apart from being saved – only be processed with your consent or in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons involving a significant public interest on the part of the EU or a Member State.
Should the restriction of the processing have been limited in accordance with the above-mentioned prerequisites, you will be briefed by us before the limitation is lifted.
(4) The right to deletion
You may request us to have the personal data concerning you deleted without delay, and we are obliged to delete such data immediately, as long as one of the following reasons exists:
- The personal data concerning you is no longer necessary for the purposes for which it was gathered or otherwise processed.
- You revoke your consent, on which the processing pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR was based, and there is no other legal basis for the processing.
- Pursuant to Art. 21(1) GDPR, you object to the processing and no overriding legitimate grounds for the processing exist, or you object to the processing pursuant to Art. 21(2) GDPR.
- The personal data concerning you has been processed illegitimately.
- The deletion of the personal data concerning you is necessary in order to fulfill a legal obligation under EU law or the law of the Member States, to which the controller is subject.
- The personal data concerning you was gathered in relation to information society services offered pursuant to Art. 8(1) GDPR.
(5) Information given to third parties
Should we have made the personal data concerning you public in order to fulfill our contractual obligations, and should we, pursuant to Art. 17(1) GDPR, be obliged to delete it, we will also take appropriate steps of a technical nature, in order to provide the information that you, as a data subject, have requested us to delete any links to such personal data or copies or replications of such personal data.
The right to deletion does not exist if the processing is necessary
- in order to exercise the right of freedom of expression and information;
- in order to comply with a legal obligation which requires the processing in accordance with the law of the European Union or the Member States to which the controller is subject or in order to perform a task carried out in the public interest or by way of exercising official authority vested in us;
- for reasons in the field of public health that are public interest-related pursuant to Art. 9(2)(h) and (i), as well as Art. 9(3) GDPR;
- for archival purposes, scientific or historic research purposes or statistical purposes that are in the public interest pursuant to Art. 89(1) GDPR, if the right specified in Section a) is likely to make the implementation of the objectives of such processing impossible or seriously compromise them; or
- in order to assert, exercise or defend legal claims.
(7) The right to a briefing
Should you have asserted the right to correction, deletion or restriction of the processing vis-à-vis us, we are obliged to inform all recipients to which you have disclosed personal data to correct or delete the data or restrict the processing, unless this proves impossible or involves disproportionate effort.
You are entitled to be informed about such recipients.
(8) The right to data portability
You are entitled to receive the personal data concerning you that you have provided us with in a structured, common and machine-readable format. In addition, you have the right to transmit such data to another controller, without being impeded by us, if
- the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or a contract pursuant to Art. 6(1)(b) GDPR; and
- the processing is performed using automated procedures.
In exercise of this right, you, moreover, have the right to arrange for the personal data concerning you to be transmitted directly by us to another controller, if this is technically feasible. Freedoms and rights of other persons may not be impaired thereby.
The right to the data being transmittable does not apply to any processing of personal data which is necessary in order to take on a task that is in the public interest or in exercise of public authority that has been vested in the controller.
(9) The right to object
a) You are entitled, for reasons which arise from your particular situation, to object to the processing of the personal data concerning you, which is being undertaken based on Art. 6(1)(e) or (f) GDPR, at any time.
We will then no longer process the personal data concerning you unless we can provide evidence of mandatory reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
Should the personal data concerning you be processed for the purposes of direct advertising, you are entitled to object to the processing of the personal data concerning you for the purpose of such advertising at any time. This also applies to profiling, in so far as it is connected with such direct advertising.
Should you object to the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for such purposes.
You have the opportunity, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right of objection using an automated procedure, where technical specifications are used.
b) You are entitled to revoke your declaration of consent under data privacy law at any time. The legitimacy of the processing performed based on consent prior to its withdrawal shall not be affected by the revocation of the consent.
c) You are entitled not to be subjected to a decision based solely on automated processing, – including profiling –, which develops a legal impact in relation to you or considerably impairs you in a similar way. This does not apply if the decision
- is necessary for concluding or fulfilling a contract between you and us;
- is permissible based on legislation of the European Union or the Member States to which we are subject, and such legislation includes appropriate steps to protect your rights and freedoms, as well as your legitimate interests; or
- is undertaken with your express consent.
Such decisions may, however, not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms, as well as your legitimate interests.
In regard to the cases specified in (1) and (3), we shall take appropriate measures to preserve the rights and freedoms, as well as your legitimate interests, which at least includes the right to bring about the intervention of a person on the part of the controller, to explain one’s own point of view and to contest the decision.
(10) Right to file a complaint with a supervisory authority
Notwithstanding any other legal remedy, or legal remedy under administrative law or any of a judicial nature, you are entitled to file a complaint with a supervisory authority, in particular in the Member State that is your place of residence, your place of work or the place of the presumed violation if you are of the opinion that the processing of the personal data concerned violates the GDPR.
The supervisory authority with which the complaint has been filed will inform the complainant about the status and the results of the complaint, including the possibility of a judicial legal remedy pursuant to Art. 78 GDPR.