(Excerpt form General Terms and Conditions)
10.1 Personal data processing: access to some sections of the site and/or any requests for information and services from users of the Site may require users to enter personal data. The Data Controller is WBS who will ensure that the data is processed pursuant to Italian Legislative Decree 196/2003 "Code on the Protection of Personal Data" (hereinafter referred to as the "Code") and the Article 12 of the EU General Data Protection Regulation (hereinafter referred as “GDPR”) .This information note aims to inform users on how WBS will use their personal data before they access the various sections of the Site and before they enter their data. Therefore, users are required to read this information note before compiling the boxes in the various sections of the Site.
10.2 Purpose of data processing: Your personal data are processed as follows:
A) Without your declared approval (art. 24 lett. a), b), c) Codice Privacy and art. 6 lett. b), e) GDPR), for the following purposes:
B) Only upon your declared authorization(artt. 23 e 130 Codice Privacy and art. 7 GDPR), for the following purposes:
10.3 Processing procedures: The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are processed either on paper or electronically and / or automated, through the use of a website hosted by Serverplan in Italy. The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the Service
The Owner has taken a variety of security measures to protect your data against the risk of loss, misuse or alteration. In particular: has adopted the measures referred to in Articles 32-34 of the Privacy Code and art. 32 GDPR; uses the data encryption technology established by the AES Standards (BCrypt) and the protected data transmission protocols known as HL7 and HTTPS; complies with the ISO / IEC 27000, WG3 and WG4 standards.
10.5. Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
• to the employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal process managers and / or system administrators;
10.6. Data communication
Without your express consent (pursuant to Article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of said purposes. Your data will not be disclosed.
10.7. Data transfer
The management and storage of personal data will take place in Europe, on servers located in Italy of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors.
10.8. Nature of the provision of data and consequences of refusal to respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we can not guarantee you neither the registration to the Site nor the services of the art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you can not receive e-mail invitations to events, newsletters and opinion polls and approval. In any case, you will continue to be entitled to the Services referred to in art. 2.A).
10.9. Rights of the interested party
In your capacity as interested parties, you have the rights set forth in art. 7 of the Privacy Code and art. 15 GDPR and precisely the rights of:
• i. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
• ii. obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the owner, the managers and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;
• iii. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right;
• iv. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of processing, right to data portability, right of opposition), as well as the right of complaints to the Guarantor Authority.10. How to exercise your rights You may at any time exercise your rights by sending: • a registered letter to a. Carlo Amaddeo, Via Gregorio VII, 198, 00165 Rome • an e-mail to firstname.lastname@example.org
11. The Owner does not intentionally collect personal information about minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of users.
12.1 Types and management of Cookiea) Technical cookies or "technical cookies": (i) necessary cookies or "strictly necessary cookies": They are necessary for navigation on a website and the use of its features, such as to allow a correct display or access to restricted areas. Therefore, disabling these cookies does not allow these activities (ii) Performance cookies or "performance cookies": They collect information on the efficiency of the responses of a website to the user's requests in an anonymous form, for the sole purpose of improving the functionality of the Internet site; for example, which pages are most frequently visited by the user, and if there have been errors or delays in the delivery of web pages (iii) Function cookies or "functionality cookies": Allow the site to remember the choices made by users and re-propose them to subsequent accesses in order to provide better and personalized services: for example, they can be used to offer content similar to those previously requested by the user. b) Cookies for targeted advertising or "cookie targeting": to offer users potentially close to their interests, as detected during browsing. For example, they are used to limit the administration of a given advertisement, or to deduce the effectiveness of a campaign from the frequency of display of the related advertising. These cookies can also be administered by third parties, also on behalf of advertisers. The user can accept or refuse these cookies expressing their consent ("opt in") prior to the administration of the same.
12.2 Disabling ("opt-out") for cookies: The rules on the protection of personal data provide that the user can disable cookies already given ("opt-out"). The opt-out is scheduled for cd. "Technical cookies" (Article 122 of the Code), as well as for cookies that do not fall under "previously accepted" technical cookies ("opt in") by the user. By virtue of this distinction, the user may proceed with the disabling and / or cancellation of cookies ("opt-out") through the relevant settings of their browser and the disabling and / or deletion of individual cookies not "technical" administered by third parties parties by accessing the website operated by the European Interactive Digital Advertising Alliance (EDAA) at www.youronlinechoices.eu.
13. Owner, manager and agent of the personal data management is WBS Games of Carlo Amaddeo with registered office in Rome Via Gregorio VII, 198. External manager of the treatment, is Dott. Gaspar Fedeli, Via Gaetano Donizetti, 20 00198 Rome, for tax and tax purposes .
14. Changes to this Statement: This statement may be subject to change. It is therefore advisable to regularly check this information.