This Privacy Policy is provided pursuant to Art. 13 of European Regulation no. 679/2016 and applies exclusively to all Data collected through the website zimari.it. This Privacy Policy is subject to updates that will be published promptly on the Website. This Privacy Policy, together with the Cookie Policy, sets out the basis on which the User’s personal data will be processed.

Data Controller

The Data Controller of the Data collected through this Website is Hamlet s.r.l., located at  Via Monte Napoleone 8, 20121 Milan (IT), email: info@skyblue-loris-167172.hostingersite.com

Purpose of Processing Personal Data and Legal Basis

User Data is collected to allow the Website to provide its services, as well as for the following Purposes:

a) to comply with any type of obligation provided for by applicable laws, regulations, related legislation and commercial practices, particularly in tax/fiscal matters. This processing is mandatory to fulfil a legal obligation to which the Data Controller is subject;

b) to provide services such as courses, webinars, PDF guides to the User. This processing is optional and based on the User’s consent; however, failure to provide one or more Data will make it impossible to provide the service offered by the Data Controller;

c) for other purposes ancillary or related to those listed above and in any case falling within the Website’s activities;

d) to fulfil specific requests made by the User to the Data Controller for informative communications regarding the Controller’s Services, via email messages or by filling out the Contact Form and other communication tools such as telephone. This processing is optional and based on the User’s consent; however, failure to provide one or more Data will make it impossible to respond to the request for information and to use the services offered by the Data Controller;

e) to send promotional information and offers, including via newsletter. This processing is based on the freely given consent of the User;

f) for soft-spam purposes, allowing the Data Controller to send promotional emails regarding services previously purchased without the need for the User’s explicit and prior consent, as provided for by Art. 130, paragraph 4, of the Privacy Code, provided that the User does not exercise the right to object. This processing is based on Art. 130, paragraph 4, of the Privacy Code, as amended by Legislative Decree no. 101/2018;

g) to carry out pseudonymized statistical analyses to examine User behaviour in order to improve the products and services provided by the Data Controller and to meet the User’s expectations;

h) for profiling activities for marketing purposes. This processing is based on the User’s freely given consent when accepting the use of cookies.

Methods of Processing Personal Data

Personal Data provided or collected will be processed according to the principles of fairness, lawfulness, transparency, and protection of confidentiality pursuant to applicable regulations.
The Data Controller processes Users’ Personal Data using appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction.
Processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes.
Among the Personal Data collected independently or through third parties are: Cookies, Usage Data, Email, and Name. Additional Personal Data may be indicated in other sections of this Privacy Policy or through information notices displayed at the time of Data collection.
Personal Data may be provided voluntarily by the User or collected automatically during use of the Website.

Categories of Personal Data Processed

Among the Personal Data processed autonomously or through third parties are: Cookies, Usage Data, Email, and Name.
Personal Data may be collected autonomously by the Data Controller or through third parties.
Personal Data may be provided voluntarily by the User when using the Website through the Contact Form, downloading guides, registering for webinars, similar operations, or when communicating with the Data Controller via email and/or telephone.
Additional Personal Data may be indicated in other sections of this Privacy Policy or through information notices displayed at the time of Data collection.
The optional, explicit, and voluntary sending of email using the Contact Form or to the addresses indicated on this Website results in the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other Personal Data included in the message.
User consent to provide Data is necessary to be included in the Data Controller’s databases and for establishing and properly carrying out the services offered to Users, as well as for third parties in fulfilling specific requested activities.
Failure to provide Data prevents registration in the Data Controller’s databases, execution of potential contracts, and performance of all related activities. Therefore, failure to provide certain Personal Data may prevent this Website from offering its services.

Data Disclosure

In addition to the Data Controller, in some cases, the following may have access to the Data:

a) categories of designated staff specifically trained and involved in the organization of the Website (administrative, commercial, marketing personnel, legal, system administrators);

b) external parties (such as third-party technical service providers, hosting providers, IT companies, communication agencies) appointed as Data Processors pursuant to Art. 28 GDPR;

c) public or private entities that may access Data in compliance with legal obligations;

d) parties performing tasks ancillary to or supporting the Data Controller’s activities;

e) Website Users who may view certain Data on other Users’ public profiles in the website’s closed group;

f) external parties such as partners involved in the organization of initiatives and events promoted and/or sponsored by the Data Controller, where communication of Data is necessary for organizational reasons.

Data Retention Period

As expressly provided by Art. 5, par. 1, letter e) of the GDPR, Data is stored for the time necessary to process it in relation to the service requested by the User or required by the purposes described in this document, and specifically:

– Data collected for purposes related to the Data Controller’s legitimate interest will be retained until such interest is fulfilled. The User may obtain further information about the legitimate interest in the relevant sections or by contacting the Data Controller;

– Data collected based on the User’s Consent will be stored until such Consent is withdrawn;

– Data collected for tax/administrative obligations or contractual obligations will be stored for the time required to fulfil those obligations and in accordance with the law, for a period not exceeding that set by civil regulations and in any case not exceeding 10 (ten) years;

– Data collected for marketing and profiling purposes will be stored for no longer than 24 (twenty-four) months from the acquisition of consent;

Data may be retained longer in compliance with legal obligations or by order of an authority.
The User may always request interruption of Processing or deletion of Data not required for contractual execution.
At the end of the retention period, Personal Data will be deleted and the rights of access, deletion, rectification, and portability can no longer be exercised.

Cookies

This Website uses cookies. Cookies are small text files used by websites to make the User’s experience more efficient and to personalize content and ads, provide social media features, and analyze traffic.
Information on how the User uses the site may be shared with the Data Controller’s partners responsible for web analytics, advertising, and social media, who may combine it with other information the User has provided or that they collected while using their services.
See Cookie Policy.

Place of Processing and Transfer of Data Abroad

Data is processed at the Data Controller’s operational headquarters.
For further information, Users may contact the Data Controller.
Data may be processed by individuals and/or legal entities acting on behalf of the Data Controller under specific contractual obligations, located within or outside the EU.
If Data is transferred outside the EEA, the Data Controller will adopt all appropriate contractual measures to ensure adequate Data protection.

Tools Used for Processing Personal Data

Address Management and Email Sending

These services allow management of a database of email contacts, telephone contacts, or other types of contacts used to communicate with the User.
These services may also collect Data relating to the date and time emails are viewed by the User and interactions with them, such as information on clicks on links included in the messages.

Contact Form

By filling in the Contact Form with their Data, the User consents to its use to respond to information requests or any other purpose indicated in the form’s header.
Personal Data collected via the Contact Form: Email, First Name, Last Name.

Security Measures Adopted

To ensure the security of Personal Data submission, this Website uses an SSL certificate and HTTPS protocol.
With this protocol, transactions and transmitted data occur with maximum security, and the content cannot be read or tampered with by third parties.

Exercise of Data Subject Rights

The Data Subject has the right to exercise the rights provided for in Articles 7 and 15–22 of EU Regulation 679/2016.
In particular, they have the right to withdraw their consent at any time and, upon simple request to the Data Controller, may request access to Personal Data, receive Personal Data provided to the Controller and, where possible, transmit it to another Controller (data portability), obtain updates, restriction of processing, rectification of Data, and deletion of Data processed unlawfully.
They also have the right, for legitimate reasons, to object to the Processing of Personal Data concerning them and to the Processing for advertising purposes, direct sales, and market research.
They also have the right to lodge a complaint with the Data Protection Authority.
The Data Subject may exercise these rights by contacting the Data Controller via email at: info@skyblue-loris-167172.hostingersite.com

Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time, providing notice to Users on this page.
Users are therefore advised to frequently check this page, referring to the date of the last modification indicated at the bottom.
If the User does not accept the changes made to this Privacy Policy, they must cease using this Website and may request that the Data Controller remove their Personal Data.
Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point.
The Data Controller is not responsible for updating all links contained in this Privacy Policy; therefore, whenever a link is not functioning and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referenced by that link.