Privacy Policy

PRIVACY POLICY 

This policy describes the procedures followed by Avvale S.p.A. and its affiliates (hereinafter "Avvale" or the "Data Controller") in relation to the processing of personal data collected through this website (hereinafter the "Site").

Where not otherwise specified, this policy also applies as information notice - pursuant to Article 13 of Regulation (EU) no. 2016/679 (hereinafter the "GDPR") - provided to those who interact with the Site (hereinafter the "User").

Any further information on the processing of personal data is detailed and specified below or on the different pages of the Site. These disclosures are aimed at defining the limits and modalities of the processing of personal data for each service, on the basis of which the User will be able to freely express his/her consent where necessary and eventually authorize the collection of the data and their subsequent processing.

• Data controller. Data Processors.

The Data Controller is Avvale S.p.A., with registered office in Via Melzi D'Eril 34, Milan (20154), Italy. The updated list of any data processors is available at the Data Controller's registered office.

• Personal Data Protection Manager.

The Data Controller has appointed the DPO (Data Protection Officer) in the person of Dr. Ing. Danilo Roggi, who can be contacted at the following e-mail address: dpo@avvale.com.

• Types of data processed.

Surfing in this Site, the following types of personal data may be collected and processed: 

1. Contact and identification data. Data provided by filling in forms on our Site. This includes notices, requests for services or further information, specifically: first name, last name, all types of identification and contact data (e.g. e-mail, telephone numbers, address).
2. Information related to profession or employment. Information relating to professional career or employment, such as current position description or job title. 
3. Personal data processed for generic marketing and profiling purposes. Personal data, contact details, preferences, habits, behavior, interests inferred in order to send the User personalized commercial communications/perform targeted promotional actions. 
4. Navigation data for the operation of the Site. The IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, other parameters relating to the user's operating system and computer environment, information relating to the user's behavior on the Site, the pages that have been visited or searched, in order to select and make specific announcements to the User of the Site and data relating to navigation behavior.

• Purpose and legal basis of the processing.

Sub a) and sub b) the purpose of the processing is the management of requests for information or services forwarded by the User and has as its legal basis the performance of a contract to which the User is a party, pursuant to Article 6(1)(b) of the GDPR. 

Sub c) the purpose of the processing is generic marketing, such as the sending of communications by email, sms, postal service or telephone calls with operator, following subscription to the newsletter (if requested by the User by registering for this service) and marketing, for example the sending of promotional and commercial communications relating to services/products similar to those which the User has already used such as notification of company events or webinars or whitepapers; the legal basis of this processing is the consent of the User (optional and revocable at any time) pursuant to Art. 6(1)(a) of the GDPR. 

Sub d) has as the purpose of the processing the operation of the Site, the data processed is necessary for its maintenance and technical operation of the same; the legal basis is legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the GDPR.

The data will also be processed in order to comply with the legal obligations to which the Controller is subject; the processing of data for this purpose does not require the User's consent as it is necessary to comply with the legal obligations to which the Controller is subject, pursuant to Article 6(1)(c) of the GDPR.

• Provision of data and consequences in the event of non-provision.

The provision of personal data for the purposes for which consent is required is optional and failure to provide it will result, as the only consequence, in the impossibility for the Data Controller to manage and process the User's requests or to send commercial communications on the User's products and services.

• Recipients or categories of recipients.

The User's personal data may be made accessible, brought to the attention of, or communicated to the following subjects, who will be appointed by the Controller - as the case may be - as managers or appointees:

• companies in the group of which the Data Controller is part (subsidiaries, associates), employees and/or collaborators in any capacity whatsoever of the Data Controller and/or companies in the group of which the Data Controller is part; 
• public or private entities, natural or legal persons, which the Data Controller uses for the performance of activities instrumental to the achievement of the aforementioned purpose or to which the Data Controller is obliged to communicate personal data, by virtue of legal or contractual obligations.

In any case, personal data shall not be disclosed.

• Third parties.

The Site may include: 

• links to and from the sites of our partners and advertisers;
• certain third party programs (widgets and applications). If so, please note that these third parties may process your personal data collected through such programs for their own purposes. If so, please check the terms of use and privacy policies of those parties before using and providing information on such sites and programs.

• Transfer of data.

Data Controller operates internationally with offices and affiliates in several countries around the world. Therefore, personal information processed by the Controller may be transferred outside the EEA, to countries that may not provide a level of protection for personal information equivalent to that guaranteed by European data protection legislation. Whenever your personal information is transferred internationally, the Controller takes appropriate measures to ensure its security and confidentiality in accordance with applicable data protection law.

• Retention period.

For the purposes set out above, the Data Controller will retain the User's personal data only for as long as is necessary for the purposes described above, adopting policies and procedures for the management and storage of information, so that personal data is deleted after a reasonable time according to the following retention criteria:

• we will keep the User's data as long as necessary to provide the User with the requested services;
• we will keep the User's data as long as necessary to comply with legal obligations;
• for marketing and profiling purposes we will retain your data until you withdraw your consent for such purposes.

• Rights of access, cancellation, restriction and portability.

Users, as Data Subjects, are granted the rights set forth in Articles 15 to 20 of the GDPR. By way of example, each Data Subject may:

• obtain confirmation as to whether or not personal data concerning him/her are being processed;
• if a processing is taking place, obtain access to the personal data and information relating to the processing as well as request a copy of the personal data
• obtain the rectification of inaccurate personal data and the integration of incomplete personal data
• obtain, if one of the conditions set out in Article 17 of the GDPR applies, the deletion of personal data concerning him/her
• obtain, in the cases provided for in Article 18 of the GDPR, the restriction of processing;
• receive the personal data concerning him/her in a structured, commonly used and machine-readable format and request their transmission to another data controller, if technically feasible.

• Right to object.

Each User has the right to object at any time to the processing of his/her personal data carried out in pursuit of a legitimate interest of the Controller. In the event of opposition, his or her personal data will no longer be processed, unless there are legitimate grounds for processing that override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of a legal claim.

• Right to withdraw consent.

Where consent is required for the processing of personal data, any data subject may, at any time, withdraw consent already given, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal. Consent may be revoked by sending an email to: privacy@avvale.com. 

• Right to lodge a complaint with the Supervisory Authority.

In addition, each data subject may lodge a complaint with the Supervisory Authority (Garante per la Protezione dei dati Personali) if he or she believes that his or her rights under the GDPR have been violated, according to the procedures indicated on the Garante's website accessible at: www.garanteprivacy.it.

• Exercise of rights

The above rights may be exercised by sending an e-mail to the Data Controller at the following address: privacy@avvale.com or to the DPO at the following address: dpo@avvale.com.

Further privacy notices: 

• Privacy notice for applicants.
  
• Privacy notice for those who attend events, webinars and conferences.

COOKIE POLICY

• What are Cookies.

Cookies are small text files which the web sites a user visits send to the user’s terminal, where they are memorized in order to be sent back to the site on the next visit. Cookies allow sites to work properly and efficiently to improve the user’s experience, allowing sites to store information in the memory of the user’s computer or other device.

The Site uses technical cookies. These cookies are technical in nature and do not require the User’s prior consent for installation and use.

• Types of Cookies used in this Site.

The Site also uses third-party profiling cookies. The User is assumed to consent to use of these cookies whenever he or she clicks on the “Accept” button in the banner on the homepage. The User may, however, revoke consent for installation of these cookies at a subsequent time.

The cookies used in the Site are of the following sub-types:

• Browsing or session cookies, which permit ordinary browsing and use of the Site and anonymously collect information on how users use the Site and how many visitors the Site has, where they come from, and the other sites they have visited. As they are not stored on the user’s computer, these cookies disappear when the browser is closed;
• Analytic cookies, such as, for example, those used by Google Analytics to collect and analyze statistical information through computers and other devices on the number of Site users, or the number of clicks on the page while browsing, sites Users come from or pages they have visited;
• Social widgets and plugins: a number of widgets and plugins provided by social networks may use their own cookies to facilitate interaction with the web site;
• Profiling cookies, which are used to collect information on the preferences and habits expressed by the User while browsing and therefore make advertisements supplied by third parties more interesting and better tailored to the user.

If you would like more information about Privacy and Google Analytics’ Privacy Policy, click here. 

Below is a list of third-party cookies installed in the Site. For each of them is a link to the information on personal data processing and how cookies can be deactivated. Regarding third-party cookies, the Data Controller is solely obliged to include a link to the third party’s web site in this policy. It is up to the third party to provide information on personal data processing and instructions for how to consent to and/or prevent use of cookies.

HubSpot: Here

Google Analytics: Information | Opt out 

• How to manage cookie preferences.

Users may disable use of cookies by checking and/or changing their browser settings on the basis of the instructions provided by browser providers at the links listed below.

Mozilla Firefox

Google Chrome

Apple Safari

Opera

Updates.

This Privacy and Cookie Policy will be updated. The Data Controller therefore asks Users who wish to know how their personal data collected through the Site is used to return to this page periodically.

Last update: May 8, 2023