PRIVACY POLICY and Extended Information
Website: www.certrating.it – www.certrating.com

Update: October 2019
Introduction

Under the European Regulation n. 679/2016 (hereinafter also "RGPD"), the Global Cyber Security Center Foundation (hereinafter "GCSEC") invites you to carefully read this Privacy Policy which contains important information on the protection of your Personal Data.

The treatment of your data will be based on the principles of correctness, lawfulness, transparency, limitation of purposes and conservation, minimization and accuracy, integrity and confidentiality, in accordance with the provisions of the RGPD.

Please note that the GCSEC Foundation, with headquarters in Rome, Viale Europa 190, 00144, as Data Controller, will process the personal data you provided for registration purposes at www.certrating.it / www.certrating.com, as well as for the purpose of providing the additional GCSEC services made available through the site, pursuant to the applicable legislation on the protection of personal data.

Pursuant to Article 13 and following of RGPD (EU) 2016/679, GCSEC. informs the user who consults the website www.certrating.it / www.certrating.com about the purposes and methods of processing your personal data. In the event that the user decides to register on the site www.certrating.it / www.certrating.com and use the connected services free of charge, he may receive further information in relation to the processing of the data provided for the purposes of the 'art. 13 and following of RGPD (EU) 2016/679. The information is provided exclusively in relation to the data supplied for the purpose of consulting the GCSEC CERTrating site and, therefore, it is not made in relation to the consultation of other websites that may be consulted by the user via links.

Finally, we inform you that in this section and on this site the extended information pursuant to art. 13 and following of RGPD (EU) 2016/679 and that the Personal Data you may provide will be processed in compliance with the aforementioned legislation and according to the criteria indicated below.

****

Extended information
1) DATA CONTROLLER, DATA PROCESSOR, REPRESENTATIVE

The data controller of your Personal Data is the Global Cyber Security Center of Poste Italiane SpA (hereinafter "GCSEC" and / or "Owner") with registered office in ROME - Viale Europa, 175, in the person of its pro tempore legal Authority.

GCSEC email address: info@gcsec.org

The consultation of this site by the user involves the necessary release of information of personal data. Failure to provide such data will make it impossible to use the services made available on www.certrating.it / www.certrating.com. Your personal data will be processed by authorized subjects (appointed) designated respectively by the Data Controller or by the Data Processors, who operate under the direct authority of the those on the basis of the instructions received.

2) TYPES OF DATA PROCESSED

All the data processed are linked to the registration on www.certrating.it / www.certrating.com.

Processed Personal Data

The following categories of Personal Data will be processed by the GCSEC:

  • Personal data
  • Contact details (email, address, phone number)
  • Geo-location and / or internet browsing data collected through the cookies installed on your computer or mobile device (for more information consult the Cookie Policy)
  • Photographic images and / or video recordings
  • Company logos granted by the user
  • Other data necessary to use the Tool

Furthermore, navigation data may be processed: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the communication protocols of Internet. This information is not associated with identified interested parties, but by their type could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or computers domain names used by data subjects connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the data subjects IT environment. These data are used for the only purpose of obtaining anonymous statistical information on the use of the site and to check its functioning and are kept for the times defined by the national legislation. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
In addition to the aforementioned categories of Personal Data, additional data shared by you on the pages of social networks dedicated to GCSEC (Facebook, Twitter, Instagram, etc.) may be processed, for which reference is made to the third parties who provide these services. Among the data collected through the Social Networks there are, for example, likes, comments, and in general any content and information that you may have published on the pages and / or accounts of ownership and directly credited to GCSEC.

3) METHODS, PURPOSE, PLACE OF TREATMENT

Personal data is processed by computer / electronic tools for the only purposes strictly connected to the consultation of the www.certrating.it / www.certrating.com site, as well as for the purposes connected to CERTrating.

The Data Controller processes Users' Personal Data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is organized using IT and / or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Owner, in some cases, categories of appointees involved in the organization of the site (administrative, commercial, marketing, legal, system architect) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Owner. The updated list of Data Processors may always be requested from the Data Controller.

For the purpose of exclusive statistical use, pseudo-automation mechanisms and - where possible - anonymization of the data - will be implemented (within the limits of the technologies). The legal basis for such processing is the consent of the interested party, withdrawable at any time.
The Data are processed at the Data Controller's operating offices and in any other place where other third parties involved in processing data are located. For more information you could contact the owner.

4) BASIC PRINCIPLES FOR PROCESSING

Your personal data provision is optional. However, failure to communicate your personal data could affect the possibility of using GCSEC services.
The mandatory or optional nature of the provision will be reported from time to time through the use of symbols (eg. "*") at next to the information whose provision is obligatory to pursue the respective purpose.

Your personal data will be processed on the basis of the contractual relationship accepted during registration, as well as possibly also on the legitimate interest of the Data Controller and / or to fulfill a legal duty. Furthermore, the processing of Personal Data provided by you will be in compliance with the effective regulations concerning the processing of Personal Data.

Your data will be collected and processed for the following purposes:

  • Inclusion in our database: Personal Data you have provided will be included into our database and will be used to carry out statistical analyzes, in an aggregate manner, on the composition of the database. The provision of data is optional. The legal basis of the processing is the consent of the data subject, withdrawable at any time.
  • Registration on the Website: the registration procedure to our Website, by creating an account, is directed at allowing you to use the Site as a "Registered User" and to access a series of exclusive services offered through it. The provision of data is optional. The legal basis of the processing is the consent of the data subject, withdrawable at any time.
Your Personal Data will be processed in order to contact you for any communications. The provision of data is optional. The legal basis of these treatments is the consent of the data subject, withdrawable at any time.

4.1) FURTHER PURPOSES:

  • Participation in events and newsletters: prior your explicit consent, we may process your Personal Data in order to send newsletters, communications and initiatives. The legal basis of these treatments is the consent of the interested party, withdrawable at any time.
  • Profiling activities: prior your explicit consent, GCSEC will be able to treat your personal data for statistical purposes only with pseudo-automation mechanisms and - where possible - anonymization data. The legal basis for this processing is the consent of the data subject, withdrawable in each moment.
  • Statistical Activities: Data Controller could monitor and analyze traffic data and questionnaires through internal and external development components that also work to keep track of User behavior in order to make the Tool more functional. The tool for statistical aggregation of the data can use its data in relation to the use of the tool in order to provide statistics and graphs of data correlation and data minimization (also in accordance with the art.89 / UE / 2016 / 679).
  • External third component for only Statistics purposes.
    • Google Analytics (Google Inc.) – Cookie Policy Extract
    • Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
      Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
      Personal Data collected: Cookies and Usage Data.
      Place of processing: United States – Privacy PolicyOpt Out

      The profiling activity could also be carried out by using proprietary and third-party cookies. Please read our Cookie Policy. Such processing may be carried out if data subject provides an additional specific and optional consent.

5) DATA RETENTION

The Data Controller processes Users' Personal Data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
Processing is carried out using IT and / or telematic tools, with organizational methods and logic strictly related to the purposes indicated. According to the art. 5 (e) of EU Regulation 679/2016, "Principles applicable to the processing of personal data", personal data are stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which are treated. The personal data of the interested parties can also be stored for longer periods in compliance with national duty law law-enforcement and, in any case, applying any technical-organizational measures aimed at activating minimization, pseudo-automation and - where possible - anonymization of the data. More information about the data retention period and the criteria used to determine this period can be requested by writing to the Owner.

6) THIRD PARTIES

Your Personal Data may be made accessible, for the aforementioned purposes, to employees and collaborators of GCSEC, in Italy and abroad.

The Personal Data you provide may be disclosed to third party companies that perform activities in Italy and abroad on behalf of the Data Controller, eg. Data Processors.

In addition to the Owner, in some cases, categories of appointees involved in the organization of the site and / or the activities (eg events) envisaged by GCSEC (administrative, commercial, marketing, legal, system administrators) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Controllers by the Owner. The updated list of Data Processors may always be requested from Data Controller. Data Controller will provide Data processors appropriate operating instructions in particular for the adoption of security measures, in order to guarantee the confidentiality, integrity and security of the data. The data of the user may also be communicated to the judicial, administrative or other public entity entitled to request them, in the cases provided for by national and international law.

7) DATA PROVIDED BY CHILD UNDER OF THE AGE OF 16/18 (International and Italian National Law)

GCSEC does not normally intend to collect Personal Data from child under the age of 18 or deliberately establish a communication with them. For this reason, we encourage parents to actively monitor the online activities of children under the age of sixteen. Nevertheless, in case GCSEC should be contacted by a child, will take every possible measure to offer parents or business owners the possibility of giving their consent.

8) RIGHTS OF THE DATA SUBJECT (ref. RDPG art. 12, 15-22)

Data subjects to (referring to their Personal Data) have the right at any time to obtain confirmation of their existence from the Data Controller. They could ask to know their content and origin, to verify their accuracy or request, their integration, cancellation, updating, rectification, transformation into anonymous form or blocking of Personal Data processed in violation of the law, and to oppose in any case to their treatment for legitimate reasons. Requests should be addressed to the Data Controller.

8.1) ALSO DATA SUBJECS HAS RIGHTS TO:

  1. obtain the correction of inaccurate personal data;
  2. obtain the integration of incomplete personal data;
  3. obtain the limitation of the processing of personal data (in this case, the data are processed only with your consent, except for the necessary conservation of the same);
  4. oppose their treatment;
  5. obtain the cancellation ("right to oblivion");
  6. obtain data portability, or the transmission of your personal data from one data controller to another, if technically feasible.
In the event you wish to exercise the aforementioned rights, or wish to receive further clarifications regarding the processing of personal data, you can write to the Owner at the e-mail address: info@gcsec.org or at the office located in Viale Europa, 175 - 01444, ROME (RM).

9) CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this site section. Please therefore consult this page often, taking as reference the date of last modification indicated at the bottom. In case of non-acceptance of the changes made to this privacy policy, the User is required to conclude using this Application and may request the Data Controller remove his Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that point.

Privacy disclaimer

© Copyright October 2019 GCSEC. All rights reserved.

Downloadable “Information on processing of personal data” PDF collected on our websites pursuant to art. 13 RGPD
Informativa_sul_trattamento_dei_dati_personali_CERTrating.pdf