This privacy notice has been drawn up pursuant to article 13 of the General Data Protection Regulation No 2016/679 (hereinafter the “GPDR”) and provides details regarding the processing of the information collected from the website www.bcip.it (the “Site” or the “Website”).

WHO PROCESSES THE DATA?

Controller

The Data Controller for the Site shall be Bresner Cammareri Intellectual Property (BCIP), with registered office at via Aurelio Saffi, 23, Milan, VAT number 04893790966 (hereinafter, the “Controller” or the “Firm”).

Other persons to whom the data may be disclosed

The data may be shared with:

• Firm’s designated staff and, if necessary, consultants who have agreed to maintain confidentiality or are subject to adequate confidentiality obligations;
• persons delegated and/or appointed by the Controller to carry out activities strictly related to the purposes set out below (including system maintenance services), if necessary, appointed as data processors.

DATA TO BE PROCESSED
Article 4 of the General Data Protection Regulation EU 2016/679 (GDPR) defines "personal data" as any information relating to an identified or identifiable natural person (the “Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Specifically, these are data willingly provided by you for the execution of an existing legal relationship with the Data Processor.
Added to the above are the navigational data, computer systems and software procedures used to operate this Website which may acquire, during the course of their normal functioning, personal data, the transfer of which is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified data subjects but it could, by its very nature, and when combined and associated with data held by third parties, identify users. This category of data includes IP addresses or domain names of computers used by users connecting to the Website, the URI (Uniform Resource Identifier) address of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (e.g. successful, failed, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used only to obtain anonymous statistical information on the use of the Website and to verify that it is functioning correctly; they are deleted immediately after processing. For further information please refer to our Cookies Policy. The data may be used to establish responsibility in the event of potential cyber-crimes which may damage the Website, or to comply with a request from a public authority.

NATURE AND PURPOSE OF THE PROCESSING
The processing of personal data serves to:

1. manage existing and/or prospective legal relationships;
2. comply with the obligations arising from the aforementioned legal relationships);
3. manage and organize any legal relationship, whether the latter is existing or still being defined;
4. fulfil regulatory, audit and/or financial obligations;
5. protect contractual rights and obligations;
6. carry out statistical analysis for operational purposes;
7. With the specific consent of the Data Subject, promote marketing and commercial communication activities, whether by email, or on social media, and including through partner organizations, regarding the services provided by the Data Processor.

Duration of the Processing

The personal data relating to points 1, 2, 3, 4, 5 and 6 will be stored for the time required to perform the Data Processor's proposed services, and for up to a maximum of 10 (ten) years. Once this period has elapsed the data will be destroyed. Data processed for the purposes of company auditing will be stored, in compliance with legal obligations, for a period not exceeding 10 (ten) years. With regard to the data provided for the purposes outlined in point 7, these will be processed for a period of up to a maximum of 2 (two) years, the which may only be extended with the client's consent, following the renewal of a contract.
You may at any time revoke your consent to the processing of personal information.

Nature of data provision

The processing of data is obligatory in points 1-6, i.e. for the fulfilment of legal obligations as connected to the relationship established, and for any other purpose connected to compliance with legal obligations, regulatory bodies, and EU legislation, upon the user's request. By refusing to provide the data to the Data Processor, you prevent the latter from fulfilling such obligations and thus to provide the services requested. The Data Subject may at any point exercise the rights pursuant to Article 7, Paragraph 3, and the Articles 15 et seq. of EU Regulation 2016/679 - in other words, the termination of such communication, including by expressing their desire to receive such information by another means, where available. The provision of the data and consent to its processing for the purposes referred to in point 7 are entirely optional. Failure to provide personal data for the purposes outlined above will mean that you are unable to receive newsletter communications promoting the company's services, whether by email.
Data processing methods

The data will be processed and stored exclusively for the aforementioned purposes in both paper and IT formats, as well as being included in relevant databases and processed with tools that ensure the ongoing integrity, security and confidentiality of the data, as per the provisions of EU Regulation 2016/679. The appropriate technical and organizational measures will be taken to guarantee a level of data protection that is compliant with the provisions of EU Regulation 2016/679. Access will be given only to those persons with written authorization for the processing of personal data. Personal data may also be communicated and/or collected from/transferred to third parties (such as in the event of data acquisition from Sub-Processors or other Agents). The latter will have the same responsibilities with regard to the processing of personal data, and will be required to comply with the obligations applicable to the legal relationship in place.

Disclosure to third parties and/or sharing of data

For the purposes outlined in points 1 to 7 above, the Company informs you that personal data may be passed on to named external organizations in the event that it is required to comply with a legal obligation, or to comply with the contractual obligations of an agreement we have/will have with you, as well as to comply with specific requests you make, including prior to the contract's termination.
The types of organizations to whom the Data Subject's personal data may be disclosed include those listed below:

• Regulatory bodies, legal authorities, institutions, freelance professionals, professional organisations, local authorities and/or other organisations in charge of processing data, in order to comply with the day-to-day operation of the Data Processor's administrative, auditing and management activities, and as part of the services it provides (legal obligations);
• Banking and financial institutions, freelance professionals, consultancy and law firms, to whom the disclosure of the aforementioned data is required for the normal operation of the Data Processor's services and, specifically, relating to the fulfilment of the contractual obligations as part of the agreement with the Data Subject (contractual obligations);
• Web platforms, companies, or other facilities designated to perform processing related to the fulfillment of management obligations associated with the ordinary course of the event. Such communication is a contractual obligation;

The data collected will not be disseminated in any way.

TRANSFER TO COUNTRIES OUTSIDE THE EU
Personal Data may be transferred to countries within the European Union and/or to third countries within the limits of the purposes set out in Article 3.1 of the GDPR. In the case of data transfers to countries outside the European Union, the Data Controller guarantees that the provisions of Articles 44 et seq. of the GDPR will be complied with.

RIGHTS UNDER EU REGULATION 2016/679

The Data Subject may, at any time, exercise the rights set forth in Article 7(3) and Articles 15 et seq. of EU Regulation 2016/679:

1. right of access to personal data;
2. right to obtain rectification or erasure of the same or restriction of processing;
3. right to object to the processing;
4. right to data portability;
5. right to revoke consent, where provided (revocation of consent does not affect the lawfulness of processing based on consent given before c revocation);
6. right to file a complaint with the supervisory authority (Privacy Guarantor).
    

IDENTIFICATION DETAILS OF THE DATA CONTROLLER

The Data Subject may exercise the rights outlined above by calling 0249468776, or by sending one email to segreteria@bcip.it. Further information regarding the processing of personal data may also be communicated verbally at the time of data collection.