Privacy Policy of Gigraf.it

Data Controller

Gigraf – Via Fraccaroli 5, 20134 Milan (Italy) Email address of the Data Controller: sales@gigraf.it

Types of Data Collected

Among the Personal Data collected by this Application, either independently or through third parties, are: Cookies, Usage Data, first name, last name, email, mobile number, company name. Full details on each type of data collected are provided in the dedicated sections of this privacy policy.

Processing

Personal Data may be freely provided by the User or collected automatically during the use of this Application, in the case of Usage Data. Unless otherwise specified, all the data requested by this Application are mandatory. If the User refuses to provide them, it may be impossible for this Application to provide the Service. Users are free to refrain from communicating optional Data, without affecting the availability of the Service or its operation.
The use of Cookies by this Application aims to provide the Service requested by the User, as described in the Cookie Policy.
The User is responsible for the Personal Data of third parties obtained, published, or shared through this Application and guarantees that they have the right to communicate or disseminate them, relieving the Data Controller from any responsibility towards third parties.

Methods and Place of Data Processing

Processing Methods

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data. Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects involved in the organization of this Application (administrative, commercial, marketing, legal staff, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, who have been appointed as Data Processors, if necessary. The updated list of Data Processors can always be requested from the Data Controller.

Legal Basis for Processing

The Data Controller processes Personal Data related to the User only if one of the following conditions applies:

  • The User has given consent for one or more specific purposes. Note: In some jurisdictions, the Data Controller may process Personal Data without the User’s consent or another legal basis specified below, as long as the User does not object (“opt-out”) to such processing. However, this does not apply if the processing of Personal Data is governed by European data protection law.
  • The execution of a contract with the User and/or the implementation of pre-contractual measures.
  • Compliance with a legal obligation to which the Data Controller is subject.
  • The execution of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
  • The pursuit of the legitimate interest of the Data Controller or third parties.

It is always possible to request the Data Controller to clarify the specific legal basis for each processing. In particular, to specify whether the processing is based on law, a contract, or necessary to conclude a contract.

Location

Data are processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller. The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User can refer to the section regarding the details of Personal Data processing.

Retention Period

Data are processed and stored for the time required for the purposes for which they were collected. Therefore:

  • Personal Data collected for the purposes related to the performance of a contract between the Data Controller and the User will be retained until the completion of such contract.
  • Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When the processing is based on the User’s consent, the Data Controller may retain the Personal Data longer until the consent is withdrawn. Moreover, the Data Controller may be required to retain Personal Data for a longer period in compliance with a legal obligation or an order from an authority. After the retention period, Personal Data will be deleted. Therefore, once this period expires, the rights to access, delete, rectify, and the right to data portability can no longer be exercised.

Purposes of Data Processing

The User’s Data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Statistics, Contacting the User, and Displaying content from external platforms. For further detailed information about the purposes of processing and the Personal Data specifically relevant to each purpose, the User can refer to the respective sections of this document.

Details on the Processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Creation and Management of this Application

The main components of this Application are created and managed directly by the Data Controller, using the software mentioned below.

WordPress (self-hosted) (this Application)

This Application is developed and managed by the Data Controller using a CMS (Content Management System) software called WordPress.

Personal Data Collected: Usage Data, first name, last name, email, mobile number, company name.

Content Commenting

Commenting services allow Users to post and publicly share their comments regarding the content of this Application. Users, depending on the settings determined by the Data Controller, may leave comments anonymously. If the email is among the Personal Data provided by the User, it may be used to send notifications about comments on the same content. Users are responsible for the content of their comments. In the case that a third-party comment service is installed, it is possible that it collects traffic data related to the pages where the comment service is installed, even if Users do not use the service.

Comment Form (this Application)

When visitors leave comments on the site, we collect the data shown in the comment form along with the visitor’s IP address and browser user agent string to help detect spam.

Personal Data Collected: Name, email, website, and IP address.

Contacting the User

Contact Form (this Application)

By filling in the contact form with their Data, the User consents to their use for responding to requests of the nature indicated in the form header.

Personal Data Collected: First name, last name, email, mobile number, company name.

Displaying Content from External Platforms

This type of service allows for the display of content hosted on external platforms directly from the pages of this Application and enables interaction with them. In case a service of this type is installed, it is possible that it collects traffic data related to the pages where it is installed, even if Users do not interact with the service.

Google Maps Widget (Google Ireland Limited)

Google Maps is a map visualization service managed by Google Ireland Limited that allows this Application to integrate such content into its pages.

Personal Data Collected: Cookies and Usage Data.
Location of Processing: Ireland – Privacy Policy. Participating entity in the Privacy Shield.

Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and track the User’s behavior.

Google Analytics (Google Ireland Limited)

Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected to track and examine the use of this Application, compile reports, and share them with other Google services. Google may use Personal Data to contextualize and personalize ads in its advertising network.

Personal Data Collected: Cookies and Usage Data.
Location of Processing: Ireland – Privacy Policy – Opt Out. Participating entity in the Privacy Shield.

Google Analytics with Anonymized IP (Google Ireland Limited)

Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected to track and examine the use of this Application, compile reports, and share them with other Google services. Google may use the Personal Data to contextualize and personalize ads in its advertising network. This integration of Google Analytics anonymizes your IP address. Anonymization works by shortening the IP address within the European Union member states or other countries that adhere to the European Economic Area agreement. Only in exceptional cases will the IP address be sent to Google servers and shortened in the United States.

Personal Data Collected: Cookies and Usage Data.

Location of Processing: Ireland – Privacy Policy – Opt Out. Participating entity in the Privacy Shield.

SPAM Protection

This type of service analyzes the traffic of this Application, potentially containing the User’s Personal Data, to filter it from parts of traffic, messages, and content recognized as SPAM.

Akismet (Automattic Inc.)

Akismet is a SPAM protection service provided by Automattic Inc.

Personal Data Processed: Various types of Data as specified in the privacy policy of the service.
Location of Processing: United States – Privacy Policy.

User Rights

Users can exercise certain rights with respect to the Data processed by the Data Controller. In particular, the User has the right to:

  • Withdraw consent at any time. The User can withdraw their previously given consent for the processing of their Personal Data.
  • Object to the processing of their Data. The User can object to the processing of their Data when it occurs on a legal basis other than consent. Further details on the right to object are provided in the section below.
  • Access their Data. The User has the right to obtain information about the Data processed by the Data Controller, on certain aspects of the processing, and to receive a copy of the processed Data.
  • Verify and request rectification. The User can verify the accuracy of their Data and request its update or correction.
  • Obtain the limitation of processing. When certain conditions are met, the User can request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose except for their storage.
  • Obtain the deletion or removal of their Personal Data. When certain conditions are met, the User can request the deletion of their Data by the Data Controller.
  • Receive their Data or transfer them to another data controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format, and, where technically feasible, to obtain the transfer of the Data to another controller without hindrance. This provision is applicable when the Data is processed using automated tools and the processing is based on the User’s consent, a contract to which the User is a party, or related contractual measures.
  • File a complaint. The User can file a complaint with the competent data protection supervisory authority or take legal action.

Details on the Right to Object

When Personal Data is processed in the public interest, in the exercise of public powers vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation. Users should be aware that if their Data is processed for direct marketing purposes, they can object to the processing without providing any justification. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.

How to Exercise the Rights

To exercise their rights, Users can send a request to the contact details of the Data Controller provided in this document. Requests are free of charge and will be fulfilled by the Data Controller as quickly as possible.

Further Information on Processing

Defense in Legal Proceedings

The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages of such proceedings for defense against abuse in the use of this Application or its connected Services by the User. The User acknowledges that the Data Controller may be obliged to disclose Data upon request from public authorities.

Specific Notices

Upon the User’s request, in addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual notices regarding specific Services, or the collection and processing of Personal Data.

System Logs and Maintenance

For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs, which are files that record interactions and may contain Personal Data, such as the User’s IP address.

Information Not Contained in This Policy

Additional information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

Response to “Do Not Track” Requests

This Application does not support “Do Not Track” requests. To find out if third-party services used by this Application support them, the User is encouraged to consult their respective privacy policies.

Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time, informing the Users on this page. Therefore, please consult this page regularly, referring to the date of the last modification shown at the bottom. If changes affect processing based on consent, the Data Controller will collect the User’s consent again if necessary.

Latest update: August 14, 2024