Information on the processing of personal data and cookies on the website
1. Introduction
In compliance with the obligations arising from Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the “Regulation” or “GDPR”) and applicable national legislation, including Legislative Decree 196/2003 (Privacy Code, as amended by Legislative Decree 101/2018), UNISALD SRL respects and protects the personal data of visitors and users (hereinafter, the “Data Subjects”) of the website www.unisald.it/ (hereinafter, the “Website”). This document provides information on the processing of personal data collected by UNISALD SRL through the Website and, therefore, constitutes information for Data Subjects pursuant to the aforementioned regulations and does not apply to personal data collected by UNISALD SRL through channels other than the Website. Pursuant to the Regulation, the processing of personal data of Data Subjects is carried out in compliance with the principles of fairness, lawfulness, transparency, and protection of privacy. The Website contains links to other websites: this policy does not apply to such other websites, which may be accessed by Data Subjects via specific links. Such websites may contain privacy policies that differ, in whole or in part, from this policy. UNISALD SRL therefore invites Data Subjects to carefully read the privacy policies of each other website to which they connect, especially before entering any personal information.
2. Identity and contact details of the data controller
The data controller is UNISALD SRL (hereinafter, ”
UNISALD SRL ” or the ”
Data Controller “), VAT number 01540100110, with registered office in PIAZZA CADUTI PER LA LIBERTA’ 34 19124 – La Spezia (SP) (tel: +39 3898494042; email unisald@legalmail.it).
3. Types of data processed through the Website
The Data Controller may process the following data through the Website: Data collected automatically – traffic and navigation data. The computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the type of browser, the name of the Internet Service Provider, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the date and time of the Website visit, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the web page from which the user accessed the website and the exit page, and other parameters relating to the user’s operating system and IT environment. The Website does not intentionally collect data belonging to special categories (e.g., health data, religious beliefs, political beliefs, trade union membership), unless specific informed consent is given.
4. Data communicated by the interested parties
The optional, explicit, and voluntary sending of messages to the Data Controller’s contact addresses, as well as the completion and submission of contact forms on the Website, entails the acquisition of the sender’s contact information, necessary for a response, as well as all personal data included in the communications (such as, but not limited to, name, surname, email address). In any case, Data Subjects are required to provide truthful and accurate data and to promptly inform the Data Controller of any subsequent changes.
5. Cookies and other tracking systems
The Website uses cookies and similar technologies. For information on how we use cookies, please refer to our Cookie Policy.
6. Purpose and legal basis of the processing
The Data Controller processes traffic and navigation data for the following purposes: (a) manage, administer, and improve the Website; monitor the correct functioning of the services offered; (b) fulfill obligations established by law and/or regulations and/or orders of the Judicial Authority; (c) prevent and/or detect fraudulent and/or harmful activities for the Website; (d) perform analyses for technical and/or commercial purposes; obtain statistical information on the use of the services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.). The processing of such data is necessary to navigate the Website. The Data Controller processes the data communicated by the Data Subjects for the following purposes: (e) respond to requests for assistance and, in general, to any questions and/or requests made by users; (f) send users administrative and/or technical support emails (for example, technical notes, reminders, updates, etc.); (g) send newsletters, commercial communications, and/or advertising materials about products and/or services offered by the Data Controller by post and/or email. Processing the data provided by Data Subjects for the purposes indicated above requires their consent. This consent is always optional, but without it, UNISALD SRL will not be able to process the data collected for the aforementioned purposes.
7. Communication of data
The personal data collected may be disclosed to supervisory bodies, judicial authorities, and any other parties to whom disclosure is required by law and/or necessary for the purposes described above.
8. Methods of processing the personal data collected and retention period
The data collected may be processed both on paper and electronically and/or automatically. In any case, the Data Controller will process the personal data collected for the time necessary to fulfill the purposes set out in this policy and, in any case, for a period not exceeding that required by applicable law (including tax legislation). The data will be retained for the time strictly necessary for the purposes for which it was collected, in compliance with the following terms:
- Browsing data: maximum 12 months;
- Data provided voluntarily: up to 10 years for legal or administrative obligations;
- Data for marketing purposes: until consent is revoked, and in any case no later than 24 months.
9. Possible transfer of personal data
Data management and storage will be performed on servers located within the European Union owned by the Data Controller and/or third-party companies duly appointed as Data Processors. The servers are currently located in Italy. It is understood that the Data Controller, if necessary, will have the right to relocate the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will be carried out in compliance with applicable laws, stipulating, where necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
10. Security measures
The Data Controller processes the data of the Data Subjects lawfully and correctly, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the data, as well as unlawful use of the data. Processing is carried out using computerized and/or electronic means, using organizational methods and procedures strictly related to the indicated purposes, and the data is stored and retained in secure facilities with limited access and verification by personnel. Access to the information is strictly limited to authorized personnel. The Website is constantly monitored for any security breaches. In addition to the Data Controller, in some cases, categories of persons involved in the organization of the Website (administrative, commercial, marketing, legal, and system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, and communications agencies) may have access to the data, acting on the basis of specific instructions provided by the Data Controller. In any case, the Data Controller invites the Interested Parties to adopt appropriate protections and/or precautions against unauthorized access to their reserved area and/or their computer.
11. Rights of interested parties
In accordance with the provisions of Chapter III of the GDPR, Data Subjects may exercise the rights provided therein at any time, in particular: Right of access: to obtain from the Data Controller confirmation as to whether or not Personal Data concerning them is being processed and, where that is the case, to receive information regarding the purposes of the processing, the categories of Data involved, the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, the period for which the Personal Data will be stored, or the criteria used to determine that period (Article 15, GDPR); Right to rectification: to obtain from the Data Controller, without undue delay, the rectification of inaccurate Personal Data and the completion of incomplete Personal Data, including by providing a supplementary statement (Article 16, GDPR); Right to erasure: to obtain from the Data Controller, without undue delay, the erasure of Personal Data, in the cases provided for by the GDPR (so-called “right to be forgotten” – Article 17, GDPR); Right to restriction of processing: to obtain from the Data Controller restriction of processing, in the cases provided for by the GDPR (Article 18, GDPR); Right to portability: to receive from the Data Controller, in a structured, commonly used and machine-readable format, the Personal Data concerning them, provided to the data controller, and to request that they be transmitted directly, or through the data controller if technically feasible, to another data controller (so-called “right to data portability” – Article 20 GDPR); Right to object: to the processing of Personal Data and, where applicable, to direct marketing purposes in particular situations (Article 21 GDPR); Right not to be subject to decisions based solely on automated processing (Article 22 GDPR). The appropriate request can be submitted at any time by contacting UNISALD SRL by post at: UNISALD SRL PIAZZA CADUTI PER LA LIBERTA’ 34 19124 – La Spezia (SP)); By email to unisald@legalmail.it. Consent expressed in reference to this policy may be revoked at any time using the same methods, without affecting the lawfulness of processing based on consent given before its revocation. Any communications and actions undertaken by UNISALD SRL in response to the exercise of the rights listed below will be provided free of charge, except in the cases provided for by Art. 12, paragraph 5, of the GDPR. Data subjects may also contact UNISALD SRL at +39 3898494042 if they require information and/or clarification regarding the processing of personal data carried out via the Website.
12. Right to complain
Interested parties who believe that the processing of their personal data through the Website violates the Regulation have the right to lodge a complaint with the Data Protection Authority, pursuant to Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).
13. Protection of minors
The Data Controller does not allow minors under the age of 16 to use its services and, therefore, does not intentionally collect information relating to them. If it becomes aware that it has collected data relating to minors under the age of 16 without demonstrable parental consent, it will delete such data as quickly as possible.
14. Periodic updates to this privacy policy
This privacy policy is valid and effective as of May 25, 2018 and may be subject to change over time, including as a result of amendments or additions to current legislation. Should the Data Controller make any significant changes to this document, it will inform Data Subjects through the means it deems most appropriate (such as, but not limited to, publication on the homepage of the Website and/or sending a newsletter to the email address provided by Data Subjects). This policy was updated on May 25, 2018.
15. Content generated by artificial intelligence
Some content on the Website (including text, images, graphics, or multimedia elements) may be created, even partially, using generative artificial intelligence tools. These technologies are used in accordance with the principles of fairness, transparency, and reliability, with the aim of offering up-to-date, consistent, and interesting content to users. Content created with artificial intelligence does not use personal information (such as names, email addresses, preferences, or browsing behavior) of site visitors. Artificial intelligence does not analyze or study user behavior to create profiles, personalized advertising, or targeted content.
This policy was updated on May 6, 2025.
