Privacy policy

Privacy Policy And Approval To The Processing Of Personal Data
(in accordance with articles 7, 12, 13 and 14 of the European Regulation n.2016 / 679)

1. Data controller

The owner of the treatment of all data provided in the use of the site is IF EXPERIENCE S.B.R.L., C.F. 17214341004 , with registered office in Rome (RM), Via del Banco di Santo Spirito 42, 00186 Roma, (hereinafter, the “Owner”), who carries out this treatment in the exclusive interest of the user / visitor of this site (hereinafter, the ” Interested”).

2. Object of the treatment

  • Browsing data. During normal operation, the computer systems and software procedures used to operate the site acquire some data which are then implicitly transmitted in the use of Internet communication protocols. This is information that by its nature could, through associations and processing with data held by third parties, allow the interested party to be identified (e.g. IP address, domain names of the computers used by users / visitors who connect to the site, etc. .). These data are used only for statistical information and to check the correct functioning of the site. The data on web contacts are not kept, however, for more than seven days, except for any investigations of computer crimes against the site. No data deriving from the web service will be communicated or disseminated.
  • Data provided voluntarily by the interested party. If the interested party, by connecting to website, sends and / or indicates their personal data (by way of example but not limited to: name, surname, address, telephone, email account; hereinafter, the “Personal Data”), he is aware that this entails the acquisition by the Data Controller of these data, which will be processed in accordance with the provisions of Regulation (EU) no. 2016/679 (GDPR) exclusively for the provision of related services.

3. Approval of the interested party to the processing of personal data

The interested party, in light of what is indicated in art. 2, lett. b, expressly gives his approval to the processing of Personal Data for the activities and services strictly related to it.
The interested party may, at any time, withdraw his approval to the processing of personal data, without this in any case prejudicing the lawfulness of the treatment based on approval before the revocation.
It is understood that, in case of revocation of approval to the processing of Personal Data, the interested party will no longer be able to take advantage of the activities and / or services closely related to it.

4. Purpose of the treatment

The purposes of the processing of personal data carried out by the owner must be understood as:

  • collection, storage and processing for the purposes of the sales service;
  • sending communications relating to the status of the order;
  • collection, storage and processing to carry out anonymous and / or aggregate statistical and economic analyses;
  • market research.

5. Methods of processing Personal Data

The processing of Personal Data by the Data Controller will take place using IT and telematic tools with logic strictly related to the purposes indicated in art. 4 and, in any case, in order to guarantee their security and always in full compliance with the legislation in force regarding the protection of personal data.
Personal data are subjected to both paper and electronic and / or automated processing, through the use of a website hosted on servers owned by leading European organizations specialized in the provision of hosting services and managed by the latter companies.
The Data Controller will process Personal Data for the time strictly necessary to achieve the purposes for which they were provided, without prejudice to the exercise of the right of withdrawal by the interested party (which must be followed by the immediate cessation of treatment).

6. Security measures

The Data Controller has adopted multiple security measures, also of a technical nature, functional to the protection of Personal Data against the risk of loss, abuse and / or alteration, such as, by way of example:

  • the appointment in writing of the people in charge of the processing, each of whom, through strictly personal electronic computers (PCs and tablets equipped with updated operating systems and antivirus software), is provided with specific authorization as well as their own authentication credentials;
  • the participation of the people in charge of the treatment in specific training courses suitable to provide all the instructions necessary to carry out the treatment in complete safety;
  • access control to the places where the treatment is carried out;
  • the preparation of an internal regulation which contains the company policies for carrying out the treatments in complete safety;
  • the adoption of specific protections of the corporate network, as well as disaster recovery services, business continuity, and both internal and external back up.

7. Recipients and access to Personal Data

In addition to the Owner and the subjects expressly assigned to the processing of Personal Data, in some cases categories of authorized parties involved in the corporate organization of the site may have access to such Data (such as, by way of example but not exhaustive, personal administrative, commercial and / or marketing, legal appointed by the Data Controller, IT system administrators), who will be required to carry out the processing in accordance with the provisions of the GDPR. Furthermore, the Data Controller may make use of external parties (such as, by way of example but not limited to, technical service providers, hosting providers, IT companies, etc.) who may be appointed “External Managers” and will also be required to perform the processing of Personal Data in accordance with the provisions of the GDPR, as well as analytically inserted in an updated list, available from the Data Controller.

8. Place of treatment and transfer of personal data

The processing of Personal Data will take place exclusively in Italy, at the Data Controller’s offices, in special files (if the Personal Data have been acquired in paper format) or on servers owned by companies based in the EU, specialized in the supply hosting services (if Personal Data have been acquired in digital format) and appointed as External Data Processors.

9. Minors

The services rendered by the Data Controller and specified in this statement are not intended for minors under the age of 18 and the Data Controller does not intentionally collect personal information relating to minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of the interested party.

10. Rights of the interested party

The interested party may, at any time, exercise the following rights:

  • access the Personal Data, in order to obtain confirmation of the existence or otherwise of such Data, to know its content and origin as well as the purposes and methods of its processing, verify its accuracy or request its integration or updating;
  • request the rectification, integration or cancellation of Personal Data, their transformation into anonymous form, the blocking of those processed in violation of the reference legislation, or the limitation of the related processing;
  • oppose the processing for legitimate reasons, connected to your particular situation and ask for its portability on suitable paper or computer support;
  • withdraw approval to treatment at any time;
  • propose a complaint pursuant to art. 77 GDPR to the supervisory authority responsible for the protection of personal data, which for Italy is the Guarantor for the protection of personal data, which can be contacted through the contact data reported on the website

11. Method of communication with the owner

The interested party, for the request of information relating to the processing of their personal data, for the exercise of the rights indicated in art. 10 or for any other request, however, concerning the Personal Data themselves, you must contact the Personal Data Protection Manager at IF SRL, by sending a specific registered letter to the registered office of the latter in Rome (RM), Vicolo Orbitelli 27 (CAP 00186) , or an email to the following address: