INFORMATION ON THE PERSONAL DATA PROCESSING

UPDATED ON OCTOBER 15, 2019

  1. Introduction

    This Information on the processing of personal data (hereinafter, “Information“) is provided pursuant to Art.13 of Regulation(EU) no. 679/2016 (General Data Protection Regulation – hereinafter, “GDPR“).

  2. Data Controller

    The Data Controller is DDB S.r.l.,with registered seat in Milano, Via Savona, no. 97, VAT no. 08834110010 (hereinafter, the “Controller“).

  3. Categories of personal data processed

    The Controller will process the following categories of personal data pertaining to the visitors of the website www.ddbgroup.it (hereinafter, respectively, the “Data Subject(s)” and the “Site“):
     

    1. Browsing data
      By way of example, the following information may be processed: information on the Site pages and sections visited, the amount of time spent on each page of the Site, pages visited after and before the Site, Internet Protocol (IP) address, browser type, name of the Internet Service Provider, the date and time of visit. For specific information regarding the data collected through the cookies used by the Controller, please see our Cookie Policy.
  4. Purposes of the processing and legal bases for the processing

    Personal data are directly obtained from Data Subjects during their visit to the Site and will be processed for the following purposes and in accordance with the following legal bases.

    Purpose Legal basis
    1 Allow the Data Subject to browse the Site, obtain anonymous statistical information on its use, verify the correct functioning of the Site, carry out monitoring activities to support its security and identify actions aimed at its improvement. Legitimate interest pursued by the Controller – art.6.1(f) GDPR
    Comply with any legal obligation imposed upon the Controller.E.g.: to reply to administrative, Court or any other public Authorities’ request, disclosure to law enforcement Compliance with a legal obligation to which the Controller is subject – art.6.1(c) GDPR
    Enable the Controller to enforce its rights and deal with legal claims Legitimate interest pursued by the Controller – art.6.1(f) GDPR

    With reference to the Purposes of the processing referred to in paragraphs 1., and 3. above, the following is specified:

    Purpose Legitimate interest pursued
    1 Allow the Data Subject to browse the Site, obtain anonymous statistical information on its use, verify the correct functioning of the Site, carry out monitoring activities to support its security and identify actions aimed at its improvement. Interest of the Controller to verify the correct functioning and security of the Site and to improve it
    3 Enable the Controller to enforce its rights and deal with legal claims Interest of the Controller to enforce its legal rights in the event of complaints
  5. Categories of recipients of the personal data

    In order to fulfill the above-mentioned Purposes, the personal data of the Data Subject may also be processed by third parties other than the Controller.

    Such processing will be carried out by some of these parties on behalf of the Controller (in this case, they will act as Data Processors, pursuant to Art. 28 GDPR):
     

    1. IT service providers;
    2. Web hosting service providers;
    3. Platform and Application service providers;

     
    Information of Data Subjects may be disclosed with other parties, who will process them as independent controllers. In particular:
     

    1. Subjects and judicial or regulatory authorities, whose right of access to personal data is expressly envisaged by law, regulations, or provisions issued by the competent authorities;
    2. Lawyers;
  6. Transfer of personal data outside the European Economic Area (EEA)

    Personal data collected by the Controller may be transferred outside the EEA to countries that ensure an adequate level of protection, on the basis of an adequacy decision adopted by the European Commission, or of Standard Contractual Clauses approved by the European Commission, which have been adopted by the Controller.

  7. Data retention period

    The information collected by the Controller will be retained until the fulfillment of the above-described Purposes. Moreover, the Data Controller specifies the following:
     

    1. Browsing data will be retained for no more than 7 (seven) days;
    2. The data collected through the cookies will be retained for a period of time not exceeding the provisions of our Cookie Policy;
    3. The data collected by the Controller to enforce its rights and deal with legal claims will be retained for the limitation period provided for under the Italian law, starting from the date of the collection.These terms may be extended in the event of disputes, requests made by the competent authorities or when required by the applicable law.

     
    At the end of the above-mentioned periods for which the personal data will be retained, personal data will be deleted, or in any case made unintelligible by the Controller – for example, by technical measures which may include encryption or anonymization.

  8. Processing of personal data

    The Controller will process personal data through the adoption of adequate technical, physical and organizational measures. The Controller collects browsing information automatically through the Site. Processing operations by means of automated decision-making processes, including profiling pursuant to art. 22.1 and 22.4 of the GDPR, are not envisaged.

  9. Failure to provide personal data

    The processing of browsing data (as described in section B, lett. a), is necessary for the Controller to allow the best browsing experience to visitors and to provide all the functions and services of the Site. However, the processing of personal data may be limited by the Data Subject by following the instructions provided in the Cookie Policy of the Site.

  10. Rights of the Data Subject

    Data subjects have the right to obtain from the Data Controller, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (pursuant to Articles 15 to 22 ofthe Regulation). In order to exercise the above-mentioned rights, the Data Subject may contact the Controller at its e-mail address [email protected].

  11. Right to lodge a complaint with a supervisory authority and right to an effective judicial remedy

    Data Subjects who consider that their rights under the GDPR have been infringed as a result of the processing of their personal data in non-compliance with the GDPR itself, have the right to lodge a complaint with a Supervisory Authority(as provided for under art. 77 GDPR), or to bring an action before the courts of the Member State where the Controller has an establishment, or where Data Subject has his or her residence(pursuant to art. 79 GDPR).