- Data Controller
This policy applies to the website www.leonardologistics.it (the “Website”).
The Data Controller of personal data (hereinafter also simply “data”) is Leonardo Logistics SpA, Tax Code and VAT no. 08401270015, with registered office in Piazza Monte Grappa 4, 00195 Roma, in the person of the legal representative pro tempore (hereinafter also the “Controller” or the “Company”), a company belonging to the Leonardo Group.
- Purpose and legal basis of the processing
As better explained in the sections that allow you to subscribe - by providing your personal data - to the services reserved for users of the Website, the data of the users concerned are processed on the basis of requests expressly advanced by them, from time to time, through the Website. In particular, all data collection and subsequent processing is aimed at achieving the following purposes:
- sharing content found on the Website;
- managing customer relations;
- general requests for information;
- commercial information on the services provided by the Data Controller and/or other companies belonging to the Leonardo Group;
- purposes related to obligations under applicable laws or regulations, as well as under provisions issued by the competent authorities/supervisory and control bodies.
The Owner shall not use the data provided for purposes other than those connected to the service, among those listed above, to which the user concerned has subscribed, or only within the limits indicated from time to time in any further specific information accompanying the different and particular service requested by the user.
- Who processes the data?
For purposes related to the provision of the service to which the user has subscribed, the data shall be made available to third parties, including companies belonging to the Leonardo Group, as well as consultants who assist the Data Controller in satisfying user requests (for example, legal and tax offices), which shall act, as the case may be, as independent data controllers or as data processors pursuant to Art. 28 of the GDPR. The data will also be transmitted to third parties to whom the data must be communicated in order to comply with laws or regulations.
The updated list of Data Processors is available by simple request made to the e-mail address of the Controller:
Personal data will be made available to persons expressly authorized by the Data Controller and appointed for this purpose, who carry out indispensable processing activities for the pursuit of the purposes indicated above; the persons assigned may be responsible for administration, communication, accounting, technical maintenance of the information systems, depending on the specific request made by the user concerned through this website.
Unless otherwise prescribed by the specific privacy statement, personal data will not be distributed or transferred to third countries outside the territory of the European Economic Area.
- How we process the data
All data processing performed on the Website will be undertaken:
- using methods and procedures strictly necessary to satisfy the requests of the user, by means of the operations or set of operations indicated in Article 4, paragraph 1(2) of the GDPR;
- with the aid of electronic or automated instruments, but also with paper/manual tools. In this regard, it should be noted that the data is stored in paper archives located at the Controller's registered address and in electronic archives located both at the same address and on servers controlled by the Controller and in any case located within the European Economic Area.
Personal data shall be processed for the time strictly necessary to pursue the purposes for which they are collected.
- Types of data processed and optional provision of data
Both data that are strictly necessary to respond to users' requests and optional data that are not strictly necessary to process the request shall be processed.
Should the data subject refuse to provide their personal data or to agree, where requested, to the processing:
- in the case of data strictly necessary to respond to users' requests, the Data Controller shall be unable to satisfy the requests;
- in the case of optional data, the Data Controller shall be unable to provide at least part of the services requested or provide users with commercial information on the services rendered by the Controller and by other companies belonging to the Leonardo Group.
5.1 Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the website, the URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data are used only to obtain anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to establish liability in the case of hypothetical computer crimes against the Website: except for this possibility, at present, the data on web contacts do not persist for more than seven days.
5.2 Data provided voluntarily by the user
The personal data normally requested for the use of the services on the Website are personal and contact details. The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the Website entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary privacy information will be progressively shown or displayed on the pages of the Website set up for particular services upon request or for registration for restricted areas of the Website. Normally, data belonging to particular categories as per Art. 9 of the GDPR; in the event of processing of such data for certain services, a specific privacy statement will be issued and specific consent will be requested from the user concerned.
5.3 Cookies and other technologies for reading/storing information on the user's terminal
Cookies can be “temporary” (or session cookies, i.e. they are deleted at the end of the connection) or “permanent” (they remain stored on the user's hard disk, unless the user himself deletes them).
For more information about the types of cookies used by the Website, the functions that enable or disable them, please refer to the “Cookies Policy”, found here .
- Rights of data subjects
- the right to obtain from the Data Controller confirmation of the existence of their personal data, the origin of such data, the logic and purpose of the processing, the categories of subjects to whom the data may be communicated as well as the identification details of the Data Controller and Data Processors;
- the right to obtain access to personal data, their transformation into anonymous form, blocking, correction, updating or cancellation or the limitation of processing;
- the right to data portability;
- the right to withdraw consent (where this is the necessary legal basis for processing) at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawing consent;
- the right to lodge a complaint with the Italian Data Protection Authority, following the procedures and indications published on the official website of the Authority at garanteprivacy.it .
Any corrections or cancellations or limitations of the processing carried out at the request of the user concerned - unless this proves impossible or involves a disproportionate effort - will be communicated by the Data Controller to each of the recipients to whom the personal data have been transmitted. The Controller may communicate the identity of these recipients to the user, where requested.