The data controller
This policy applies to the website https://www.leonardologistics.it/en/ ( “Website”). The Data Controller for any personal data ( “Data”) is Leonardo Logistics S.p.A., VAT No and Tax Code 08401270015, with its headquarters in Piazza Monte Grappa n.4 - 00195 Rome, in the person of its present legal representative ( “Data Controller” or “Company”). The Data Controller provides this policy pursuant to Articles 13 and 14 of EU Regulation 679/2016 et seq. (“GDPR”) and international, European and Italian laws on personal data processing, in each case to the extent in which they are applicable at the time, along with their respective amendments, supplements and reforms (collectively, together with the GDPR,“Applicable Privacy Regulations”).
Purposes and legal grounds for the processing
As explained in more detail in the sections that allow users of the Website to sign up to member services - providing their personal data - the data of the users involved is processed based on the requests expressly sent by these users, from time to time, through the Website. In particular, all data collection and subsequent processing is aimed at achieving the following purposes:
- to share the content on the Website;
- to handle customer relationships. In particular, the Leonardo Logistics S.p.A. website features various contact methods by email, where users can indicate their email to request information on products, or official communications from Leonardo Logistics S.p.A.. In both cases, the Leonardo Logistics S.p.A. website does not store the user’s data, but rather it is sent to the relevant company departments;
- general information requests;
- to redirect users to third-party pages where they will be able to access members’ areas they are interested in. The Leonardo Logistics S.p.A. website does not actually allow access to certain members’ areas; when this happens, the requests to the user to enter their data for registration and the subsequent processing shall be handled by a third-party supplier of the members’ access page, with a specific personal data processing policy and subject to special consent from the data subject;
- commercial information on the services provided by the Data Controller and/or its other affiliated companies;
- purposes connected to any obligations provided for by applicable laws or regulations, as well as by the provisions laid down by competent supervisory and control bodies/authorities.
The Data Controller shall not use the data provided for purposes other than those relating to the service, including the ones listed above, which the user involved has agreed to, or only within the terms indicated from time to time in any additional specific policy accompanying a particular, different service requested by the user.
Who we allow to process data
For the purposes of providing the service which the user has agreed to, data may be disclosed to third parties, including affiliated companies, as well as to consultants who assist the Data Controller in meeting users’ requests (for example, legal and tax firms), which shall act, depending on the case, as independent data controllers or as data processors pursuant to Article 28 of the GDPR. Data shall also be sent to any third parties to whom data must be disclosed to comply with laws or regulations.
The updated list of data processors is available upon request at the Data Controller’s e-mail address: firstname.lastname@example.org or email@example.com.
At the Data Controller’s organization, personal data is only processed by staff specifically authorized by the Data Controller itself and identified from staff responsible for administration, communication, accounting or IT system technical maintenance. These people are appointed as authorized data processors and carry out any essential processing to achieve the aforementioned purposes.
Unless the specific policy states otherwise, personal data shall not be circulated or transferred to third-party countries outside the European Economic Area.
How we process data
All the processing done as part of the Website shall be carried out
- according to methods and procedures strictly required to meet the user’s requests, through operations or a series of operations as indicated under Article 4, paragraph 1, number 2 of the GDPR;
- through the use of electronic or automated tools, but also with paper/manual tools. In this respect, please note that data is stored in paper archives located at the Data Controller’s headquarters and in electronic archives located both at these same headquarters and on servers controlled by the Data Controller and, in any case, located in the European Economic Area.
Data shall be processed using methods related to the purposes for which it was collected and in accordance with the Applicable Privacy Regulations for the purposes mentioned above or specified from time to time in any additional policies submitted to the user.
Personal data shall be processed for the time strictly required to achieve the purposes for which it is collected.
Types of data processed and optional data provision
We shall process both data that is strictly necessary to fulfil users’ requests and data that is provided optionally and is not strictly necessary to fulfil the request.
If the data subject refuses to provide their personal data or grant their consent, when required, to processing:
- in the case of data that is strictly necessary to fulfil users’ requests, it shall not be possible for the Data Controller to meet these requests;
- in the case of data that is provided optionally, it shall not be possible to provide at least part of the services requested or to provide commercial information for users on the services offered by the Data Controller and its other affiliated companies.
The computer systems and software procedures used to run this website acquire certain personal data during normal use, which is transmitted using Internet communication protocols. This information is not collected to be associated with identified data subjects. However, by its very nature, it might be used to identify users by means of processing and matching with information held by third parties.
This data category includes IP addresses or the domain names of the computers used by users accessing this website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the server response status (successful, error, etc.) and other parameters relating to the user’s operating system and computer set-up.
This data is only used to extract anonymous statistical information on how the Website is used and to ensure that it is running properly. It is deleted immediately after processing. Data might be used to ascertain liability in the event of any cyber-crimes against the Website: other than in this case, the data on web contacts shall not be stored for longer than seven days.
Data provided voluntarily by the user
The personal data normally required to use the Website’s services includes personal and contact details. If emails are sent optionally, explicitly and voluntarily to the addresses indicated on the Website, the sender’s email address shall then be acquired, which is required to answer the requests, as well as any other personal data included in the message. Specific summaries shall be gradually shown or displayed on the Website’s pages for particular requested services or for registration to the Website’s members’ areas. Data belonging to special categories under Article 9 of the GDPR is not normally processed; if this data needs to be processed for certain services, a special notice shall be issued beforehand, and the specific consent of the user involved shall be requested.
Cookies and other information reading/archiving technologies on the user’s device
Cookies can be “temporary” (or session cookies, as they are deleted at the end of the connection) or “permanent” (they stay saved on the user’s hard drive, unless the user deletes them).
For more information on how to set your cookie preferences through your browser, please see the relative instructions:
Data subject rights
Regarding the personal data processed by the Data Controller, users of the Website may exercise the rights provided for by the Applicable Privacy Regulations within the limits provided for therein and, in particular, they may:
- ask the Data Controller for confirmation of the existence of their personal data, the source of this data, the methods and purposes of the processing, the categories of subjects to whom the data may be disclosed, as well as the identification details of the data controller and data processors;
- request access to personal data, its anonymization, blocking, amendment, integration or deletion, or the restriction of processing;
- object to processing in cases provided for by the Applicable Privacy Regulations;
- exercise their right to portability;
- withdraw their consent at any time (when this is the necessary legal grounds for the processing), without affecting the lawfulness of the processing based on consent granted before the withdrawal;
- file a complaint with the Italian Data Protection Authority, following the procedures and instructions published on the Authority’s official website at garanteprivacy.it .
- To exercise the rights provided for by the Applicable Privacy Regulations, you can fill out the appropriate form found at the following link, and send it to the following addresses: firstname.lastname@example.org, or email@example.com.
For any communications, requests or reports about privacy, you may send an email to the email addresses indicated above.
Any amendments or deletion or restricting of the processing carried out upon request from the user involved – unless this proves impossible or involves disproportionate effort – shall be reported by the Data Controller to each recipient that was sent the personal data. The Data Controller shall disclose these recipients to users if they request it.