This information notice, provided in accordance with current national and Community legislation on the processing of personal data, concerns the website engineering.orbyta.it, the social media pages of ORBYTA S.r.l., as well as the subjects who send requests or contact ORBYTA S.r.l. via e-mail or telephone contact (hereinafter also “Users” or, individually, “User”).

This policy also does not refer to other websites that may be reached and consulted by the User through hyperlinks (links) that may be contained in the Site.

The Data Controller of the data, relating to identified or identifiable persons who access this Site, is ORBYTA S.r.l., VAT number 12270430015, in the person of its legal representative pro tempore, with registered office in Turin, Piazza Castello 113.

Type of data processed, purpose and legal basis for processing

• Browsing data

The computer systems and computer programs used to operate the site collect some personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses or domain names of the computers used by Users connecting to the site, the URI – Uniform Resource Identifier – addresses of the requested resources, time of the request, method used in submitting the request to the server, size of the file obtained in response, numerical code about the status of the response rendered by the server and other parameters relating to the User’s operating system and computer environment). Although this information is not collected in order to be associated with identified data subjects, by its nature it could, through processing and association with data held by third parties, make it possible to identify Users for the sole purpose of obtaining statistical information and to check the proper functioning of the systems. Such data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site.

• Data provided voluntarily by the User

No provision of personal data by the User is required for consultation of the Site. However, any contact with the Data Controller, or the optional, explicit and spontaneous sending of messages, electronic or traditional mail, to the addresses indicated on the site entails the subsequent acquisition of the sender’s e-mail address or telephone contact, necessary to respond to requests, as well as any other personal data included in the relevant communications.

Such data will be used for the sole purpose of responding to the User’s request and may be disclosed to third parties only if necessary for that purpose.

The processing of data for these purposes does not require consent since the processing is necessary for the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at his or her request (Article 6, paragraph 1, letter b) of the Regulations), as well as, where applicable, to fulfill a legal obligation (Article 6, paragraph 1, letter c) of the Regulations), as well as for the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f) of the Regulations).

Subject to the express and specific consent of the User, the Controller may process personal data, such as the User’s first name, last name and e-mail address, for the purpose of sending newsletters.

• Data provided through interaction with social pages

ORBYTA S.r.l. may process additional data directly conferred, such as likes, comments, images and in general any content and information eventually published and shared by Users on the social media pages dedicated to ORBYTA S.r.l. (Instagram, Facebook, LinkedIn, YouTube) through the social media features that the User has enabled.

Place of data processing

The processed data are stored at the Data Controller’s headquarters and its suppliers in Italy and in the European Union.

Users’ personal data may also be transferred to countries outside the European Union or international organizations pursuant to an adequacy decision of the European Commission under Article 45 GDPR or on the basis of Standard Contractual Clauses (SCC) approved by the European Commission or other appropriate instrument under Article 46 GDPR.

Modalities of processing

The processing of data will be carried out, by personnel appointed by the Data Controller with procedures, technical and computer tools suitable to protect the confidentiality and security of your data and consists of their collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation, destruction of the same including the combination of two or more of the above activities.

Data are collected directly from Users when they browse the Site, send e-mails or communications to the Data Controller, interact with social content. Users are not required to provide their personal data, however in case of refusal the Data Controller may not be able to fulfill their requests.

Data Retention Period.

Personal data will be retained in a form that allows the identification of the User for a period of time not exceeding the achievement of the purposes for which they are processed, and in any case in compliance with legal obligations regarding data retention periods (tax assessments and statute of limitations for the exercise of rights).

Data communication and dissemination

For the pursuit of the purposes set out in this statement and within the limits of what is strictly necessary, the data will be processed by the Data Controller and its employees, collaborators and/or specially appointed officers.

As part of its activities and for the purposes indicated above, the Data Controller may use services rendered by third parties operating on its behalf and in accordance with its instructions, as data processors (or autonomous data controllers): these are subjects that provide the Data Controller with processing or instrumental services (e.g. computer services for the operation of the site), of which the User may request a complete and updated list by contacting the Data Controller, at the e-mail address privacy@orbyta.it.

Without prejudice to specific legal obligations, the data are not intended for dissemination.

Transfer abroad

Personal data are processed within the territory of the European Union and are not subject to dissemination. If necessary, for technical and operational reasons, the Data Controller reserves the right to transfer personal data to countries outside the European Union by virtue of an adequacy decision of the European Commission pursuant to Article 45 GDPR or on the basis of Standard Contractual Clauses (SCC) approved by the European Commission or other appropriate instrument pursuant to Article 46 GDPR.

Rights of data subjects

Pursuant to Article 15 et seq. of the GDPR and current legislation, the User has the right, in addition to lodging a complaint with the Data Protection Authority and to revoke at any time any consent given, to:

1. obtain confirmation of the existence or otherwise of personal data concerning him/her and their communication in an intelligible form, receiving them in a structured, commonly used and readable format with the possibility of transmitting them to another data controller (“Right to portability”);
2. obtain indications: (i) on the origin of the personal data, the purposes and methods of processing, the logic applied in case of processing carried out with the aid of electronic instruments; (ii) on the identification details of the Data Controller, the Data Processor(s) and the Data Protection Officer; (iii) on the subjects or categories of subjects to whom the data may be communicated or who may become aware of the same as designated representative in the territory of the State, managers or designees.
3. obtain (i) the updating, rectification or integration of the data concerning him or her or, in case of dispute as to the correctness of the data, the restriction of the processing of the same for the time necessary for the appropriate checks, (ii) the transformation into anonymous form or the blocking of data processed in violation of the law, including those whose preservation is necessary in relation to the purposes for which the data were collected or subsequently processed (iii) certification that the operations referred to in the preceding paragraphs have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, unless this requirement proves impossible or involves the use of means manifestly disproportionate to the protected right.
4. object, in whole or in part (i) to the processing of data concerning him/her, even if pertinent to the purpose of collection, (ii) to the processing of personal data concerning him/her, provided for the purposes of commercial information or sending advertising materials or direct selling or for carrying out market research or commercial communication.
5. Obtain deletion without undue delay (“Right to be forgotten”) if the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, have been processed unlawfully or in the event that the User (i) requests it or (ii) objects in whole or in part to the processing.
6. Obtain the restriction of processing if the data (i) are unlawfully processed but the User objects to their deletion, (ii) are necessary for the User to ascertain, exercise or defend a right, (iii) an assessment as to the legitimate grounds for processing by the Controller is pending.

The above rights may be exercised by making a request to the Data Controller, at the e-mail address privacy@orbyta.it or, with reference to the rights sub d), also through the appropriate link at the bottom of any e-mail with promotional or informative content.