Website – Social Networks
This policy is pursuant to and in accordance with the provisions of article 13 of the European General Data Protection Regulation (EU) 679/2016 and the Italian Civil Code on the protection of personal data (Legislative decree no.196 of 30/06/2003 and subsequent amendments) and is intended to provide users of the website www.sabrinagaleotti.it [“the Website”] and the social media account pages (Facebook) [the “Social Pages”] with maximum transparency regarding the processing of their personal data as Data Subjects.
This statement refers exclusively to the Website and Social Pages and may not be extended to internet services or sites managed by third parties, even if these are accessible through the Website.
The Data Controller is Sabrina Galeotti, email firstname.lastname@example.org
The Data Controller has not appointed a Data Protection Officer (DPO).
Types of data processed
The IT systems and software processes used for the operation of websites automatically acquire certain personal data whose transmission is implicit in the use of internet communication protocols. This data includes, for example, IP addresses or domain names of computers used by visitors who connect to the website, addresses in URI (Uniform Resource Identifier) format of information requests, time of the request etc. Such data is not acquired by the Data Controller so that the user can be identified, but by its very nature it could be processed and associated with data held by third parties and therefore allow users to be identified. The Data Controller uses the information solely to extract anonymous statistics on use of the Website and to monitor its correct functioning; data is stored for the time required for this. However, data may be used to ascertain responsibility in the event of hypothetical cyber crime against the Website. Data is processed for the purposes of the Data Controller’s legitimate interests, both for security and protection against unlawful acts, and to improve the services offered through the Website and the user experience.
Data provided voluntarily by the user
The Website (through the “Contact us” button) allows users to send requests to the Data Controller on a strictly voluntary basis, and also their personal data such as first name, surname and email address. Information provided with the message may contain other data which will inevitably be received by the Data Controller. The acquisition and subsequent processing of data is carried out, subject to reading and sharing this statement, in order to respond to messages from Data Subjects and to fulfil pre-contractual measures adopted on their request; data will be stored for the time necessary for handling such requests, and subsequently deleted within a maximum of 3 months following the last communication. Missing or incomplete provision of data will prevent the Data Controller from being able to respond to requests.
Thanks to another of the Website’s functions (“Work with Us” button) users can voluntarily send applications for potential work with the Data Controller. Data sent spontaneously will be processed for the fulfilment of pre-contractual measures requested by the data subject and, where this data includes Special Categories (ref. article 9 of GDPR) including data regarding health, political, philosophical or religious views etc, it may be lawfully processed in order to meet the obligations and exercise the specific rights of the Data Controller and the Data Subject in terms of employment, social security and protection, as stipulated in current legislation. In any case, data will be stored for the time necessary to handle the requests, and subsequently deleted within a maximum of 3 months from the last communication.
Cookies are small strings of text sent by the Website or by third-party websites to the Data Subject’s terminal, where they are stored and then retransmitted on subsequent visits. This Website does not use first-party profiling cookies to send advertising messages in line with preferences shown by users as they browse the internet.
This Website only uses technical and analytical cookies for the purposes of fulfilling the legitimate interest of the Data Controller, enabling the Website to operate and to develop statistics and analytics of visits in aggregate and anonymised form. In particular, the Website uses the Google Analytics service, provided by Google Inc. – Google Italy srl, with reduced identifying potential (anonymisation of IP address) and without the ability to cross-reference data received with other data already held.
The cookies used by this Website do not require prior consent by the user, and are used to fulfil the legitimate interest of the Data Controller, to improve the services offered through the Website and ensure the best user experience.
However, by following the instructions below and in the knowledge that some functions of the Website may be wholly or partially compromised, the User may freely decide to disable and/or delete cookies through their browser settings. Below is a list of the most common browsers, with links to settings for cookie management:
- Safari 2 or later: https://support.apple.com/it-it/guide/safari/sfri11471/mac
- Opera 10.5 or later: https://help.opera.com/en/latest/web-preferences/#Cookies
- FireFox 3.5 or later: https://support.mozilla.org/it/kb/Gestione%20dei%20Cookie
- Google Chrome 10 or later: https://support.google.com/accounts/answer/61416?hl=it
- Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage- cookies
In all cases, browsers offer the option of “private” navigation, which when activated means that cookies are always removed after each browsing session is closed.
In addition to the above, you can disable analytics cookies by downloading the additional component for disabling Google Analytics at the following web address: https://tools.google.com/dlpage/gaoptout.
Social buttons and Social Pages
In order to improve user experience, the Website uses Facebook Social buttons, which allow users to be sent directly to the Data Controller’s account page on the various social networks.
Nevertheless, Sabrina Galeotti may in some cases be considered the Data Controller or Data Co-Controller in relation to the data of users who interact with the relevant social pages.
In particular, with reference to the data known as “insights” – i.e. aggregate statistical information that helps the Data Controller to understand users’ interactions with Facebook pages – the professional association Stigi, Stiefel Trulli Studio Legale and the social network provider are joint Data Controllers, in accordance with the terms stated in the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
At the same time, when Sabrina Galeotti interacts directly with users of social media, she is considered Data Controller for the associated data processing.
In such cases, processing is carried out in order to respond to messages and to fulfil pre-contractual measures adopted on the request of users, in addition to fulfilling the legitimate interest of the Data Controller towards improving the services offered and guaranteeing the best possible user experience. Under no circumstances will tools for profiling or direct marketing activities be used; neither will data be used for such purposes.
Potential recipients or categories of recipients
Where necessary, data collected will be processed solely by individuals authorised to do so and duly trained, as well as by Data Controllers and Supervisors linked to the Controller by specific agreement, who provide support services to the Controller. Data may also be disclosed to third parties (public authorities, police or other public or private bodies), but solely for the purpose of fulfilling contractual or legal obligations or those pertaining to EC regulations or law.
Data transfer to third countries
Data is processed in member states of the European Union. Where it is transferred to countries outside the EU, data will be sent only to countries considered able to provide a suitable level of data protection, subject to evaluation and agreement by the European Commission, in other words in the presence of appropriate guarantees and on the condition that Data Subjects have access to the exercise of their rights and effective complaint procedures, as stated in current legislation.
Rights of the Data Subject
With regard to the processing described in this statement, the Data Subject, as stipulated in Regulation (EU) 679/2016, may exercise the rights stated in articles 15 to 21 and, in particular, the right to request from the Data Controller access to personal data, its correction or deletion and the limitation of processing. The Data Subject also has the right to object to processing for legitimate reasons, and the right to data portability.
To exercise these rights, Data Subjects may contact the Data Controller by any appropriate means and, in any case, at the email address
The Data Subject also has the right to appeal to a supervisory authority, specifically in the member state in which they habitually reside or work, or in the place where the alleged violation occurred, which, in Italy is the Data Protection Authority, Piazza Venezia, 11 – 00187, Rome (RM) – email: email@example.com – PEC email: firstname.lastname@example.org. Details are available on the website www.garanteprivacy.it, or to instigate court proceedings (article 79 of GDPR).